Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 28, 2016

January 27, SecurityWeek – (International) Hackers can abuse HP enterprise printers for storage. A researcher from MacKeeper reported that misconfigured enterprise devices can be susceptible to hosting malicious code and evading detection by security products, in addition to allowing attackers to use free, open-source tools to upload files to HP printers and interact with the devices over port 9100 through access via a web browser at “http://<Printer_IP_Address>/ hp/device /<File_Name>.” HP advised users to protect their printers by implementing a logging system on each device and turning off unused ports and protocols. Source

January 27, The Register – (International) PayPal patches deadly server remote code execution flaw. PayPal patched a critical remote code execution flaw after an independent security researcher discovered the flaw in PayPal’s Manager portal, hosted at which could potentially allow attackers to execute arbitrary shell commands on PayPal’s servers through a Java object deserialization bug to gain access to production databases. Source

January 27, SecurityWeek – (International) Check Point unveils new threat prevention appliances. Check Point network security firm released new hardware appliances, including its 15000 and 23000 series for enterprise networks targeted with zero-day threats that allow each new hardware to run all security protections simultaneously including full Secure Sockets Layer (SSL) traffic inspection, advanced monitoring, and threat prevention protocols without creating a performance bottleneck or compromising security effectiveness. Source

January 26, SecurityWeek – (International) Blended DDoS attacks grow in size, complexity, frequency: Report. Arbor Networks released its 11th Annual Worldwide Infrastructure Security Report (WISR) which revealed that distributed denial-of-service (DDoS) attacks targeted enterprise networks’ infrastructure, applications, and services simultaneously, increased through cloud-based services by 29 percent from 2015, and focused on Doman Name System (DNS) servers rather than Hypertext Transfer Protocol (HTTP) services. In addition, the report stated that 50 percent of enterprises firewalls failed due to successful DDoS attacks. Source

January 26, Softpedia – (International) NanoLocker ransomware can be cracked, but only under certain conditions. A Canadian security researcher discovered a flaw in the NanoLocker ransomware’s operations that can halt the ransomware’s encryption by restarting a victim’s personal computer (PC) or entering the PC into sleep mode, which stops the encryption process and leaves the configuration file in an uncompleted encryption stage. While in the uncompleted encryption state, the Canadian security researcher created a decrypter to restore encrypted files from the ransomware, which can be downloaded from GitHub or from Google Drive. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.