Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 27, 2016

January 26, SecurityWeek – (International) US government agencies asked about Juniper backdoor patching. The U.S. House Oversight and Government Reform Committee sent out letters to dozens of government agencies asking that each department provide documents and information on whether they used affected Juniper products, how each entity discovered the vulnerability, and if measures were taken before the Juniper patch was released following a December 2015 incident where an unauthorized code was found in Juniper’s ScreenOS firewall operating system (OS). Several Federal government agencies included were the U.S. Securities and Exchange Commission, the U.S. Department of Health and Human Services, the U.S. Nuclear Regulatory Commission, and the U.S. Department of Transportation, among other agencies. Source

January 25, Softpedia – (International) Lenovo’s file sharing app included some pretty irresponsible security bugs. Lenovo released new versions of its SHAREit file app for Microsoft Windows, Google Android, and Apple iOS devices after researchers from Core Security discovered three security flaws in the app that allowed attackers to access a victim’s files and devices via a hard-coded password embedded in the app’s source code that can be seen after the app creates a WiFi hotspot, allowing attackers to connect to the hotspot and browse files by sending specific Hypertext Transfer Protocol (HTTP) requests to a web server. Source

January 25, SecurityWeek – (International) Microsoft finally hides IP addresses by default in Skype. Microsoft released updates to its Skype Voice-over-IP (VoIP) application that included a privacy enhancement which enabled the default setting to hide users’ Internet Protocol (IP) addresses after researchers from Inria and Polytechnic Institute of New York University discovered they could track thousands of users for several weeks November 2010, which could have potentially led to attackers breaching business systems and stealing sensitive information, or compromising an entire corporate network. Source

January 25, SecurityWeek – (International) It’s official, ransomware has gone corporate. The FBI’s Internet Crime Complaint Center (IC3) released a report stating that recent data shows ransomware such as CryptoWall and its variants, have been increasing its attacks against U.S. victims and revealed three ways companies can help mitigate ransomware attacks: Start employee training, maintain up-to-date backups, and consider new endpoint protection approaches. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.