Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 26, 2016

January 25, SecurityWeek – (International) Backdoor found in several Fortinet products. Fortinet released an advisory stating that several of its products including versions of FortiSwitch switches, FortiAnalyzer centralized log and reporting appliances, and FortiCache web cashing appliances were susceptible to a management authentication flaw after company researchers discovered the flaw affected various products following previous reports that the bug only affected its FortiOS system. The flaw can be exploited to log in to vulnerable devices with administration privileges via a shell scripting (SSH) in Interactive-Keyboard mode using a shared password used among all devices. Source

January 25, Softpedia – (International) Simple yet efficient Linux backdoor Trojan discovered. Security researchers from Dr. Web discovered a trojan with backdoor capabilities named Linux.BackDoor.Xunpes can copy files, delete files, launch files into execution, run bash commands, and log keystrokes, among other actions by infecting a device via a dropper component that downloads the malware payload and enable attackers to send over 40 different types of commands to any infected host through a command and control (C&C) server. Source

January 24, Softpedia – (International) XSS bug in Magento allows attackers to take over online shops. The Magento project released patches fixing a stored cross-site scripting (XSS) vulnerability in its content management system (CMS) that powers online shops after security researchers from Sucuri discovered that the flaw can be exploited when users register a new account or when users change their current account’s email address as the CMS system has an improper data filtering mechanism that allows attackers to enter malicious code next to their email addresses, allowing hackers to steal cookies and use them to illegally access the site later, among other malicious actions. Source

January 22, SecurityWeek – (International) CryptoWall 4.0 spreading via Angler Exploit Kit. Bitdefender researchers discovered that the CrytoWall 4.0 was added to the Angler Exploit Kit (EK) to encrypt files on an infected device and allow attackers to demand users pay a ransom in order to decrypt files by disguising itself as an AV solutions tester to protect user’s data, while encrypting victims’ data and convincing victims that the “CryptoWall Project” is not malicious. Source


Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.