Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 22, 2016

January 21, Softpedia – (International) Threat group uses dating sites to build a botnet of vulnerable home routers. Damballa security researchers reported that a Linux ELF binary, a variant of TheMoon worm, was targeting Home Network Administration Protocol (HNAP) by using adult dating websites to infect home routers and prevents consumers from using their routers’ inbound ports via a malicious iframe embedded on the malicious web pages. Researchers reported the worm is spread by opening outbound ports on the router to infect other routers. Source

January 21, SecurityWeek – (International) Google Chrome 48 patches 37 security flaws. Google released its newest web browser version, Chrome 48 for Microsoft Windows, Apple Mac, and Linux users that patches 37 security vulnerabilities including a bad cast flaw in V8, a use-after-free bug in PDFium, and six other vulnerabilities found by external researchers, among other patched flaws. In addition, company officials reported the updated version included a series of improvements to the browser. Source

January 21, Help Net Security – (International) Fake Facebook emails deliver malware masquerading as audio message. Researchers from Comodo reported that a similar malware, previously targeting WhatsApp users, has been targeting Facebook users to steal information about a victim’s computer and send the stolen information to a command-and-control (C&C) server where attackers can send additional malware via malicious emails embedded with a variant of the Nivdort information-stealing Trojan. Once the malicious email is open, the malware will replicate itself into “C:/” directory and add a Windows Registry entry, allowing the malware to run automatically after each restart or shutdown of the device. Source

January 20, Softpedia – (International) Malvertising returns on Microsoft’s MSN portal. Security researchers from Malwarebytes reported that Microsoft’s MSN portal was susceptible to malvertising campaigns via the Nuetrino and RIG exploit kits (EK) by creating new domains used a few days prior to each attack or hiding behind the CloudFlare service. Researchers advised users to use a security product to block incoming malware. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.