Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On February 01, 2016

January 29, Help Net Security – (International) 60+ trojanized Android games lurking on Google Play. Researchers from Dr. Web found over 60 game apps offered on the Google Play store were embedded with the malicious Xiny trojan that can download additional malicious apps and collect device information such as the device’s International Mobile Station Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI), and send the data to a command and control (C&C) server via 30 different game developer accounts including Billapps, Conexagon Studio, and Fun Color Games, among other accounts. Researchers believe the accounts are operated by the same cybercriminals. Source

January 29, The Register – (International) Two-thirds of Android users vulnerable to web history sniff ransomware. Researchers from Symantec reported that two in three devices running Android versions prior to 5.0 (Lollipop) were susceptible to the Lockdroid ransomware, which tricks users into allowing malicious code to gain administrative privileges via overlaid popups that uses a fake message disguised from the U.S. Department of Justice to trick victims’ into paying a fee to unlock their devices after the message prompts them that their devices have been locked due to visiting inappropriate websites. In addition, the malware is capable of changing the device personal identification number (PIN) and deleting user data through a factory reset. Source

January 29, SecurityWeek – (International) Facebook pays out $7,500 bounty for account hijacking flaw. A researcher discovered a serious cross-site scripting (XSS) vulnerability that could allow attackers to compromise users’ Facebook accounts by using several Facebook plugins designed in an iframe, which bypasses protections and can allow attackers to steal users’ cross-site request forgery (CSRF) token and compromise users’ accounts by convincing a user to click or visit a malicious link the hacker controls. Once the victim opens the malicious link, the hacker can execute any action to the victims’ account. Source

January 29, Help Net Security – (International) OpenSSL bug that could allow traffic decryption has been fixed. The OpenSSL Project released updates to its security protection system to protect its products against the malicious Logjam, and released new versions of its OpenSSL cryptographic library including OpenSSL 1.0.2f and 1.0.1r, which patches two security flaws that could have been exploited by attackers to obtain keys to decrypt secure communication and obtain sensitive information. Source

January 28, The Register – (International) Alleged ISIL hacker faces US terror charges for doxing soldiers. The U.S. Department of Justice and the FBI reported January 28 that a man was extradited from Malaysia to Virginia after being charged with hacking crimes and for providing support to a Middle Eastern terrorist group after he allegedly released the personal information of more than 1,000 U.S. soldiers and government employees to the group who intended to use the information to attack the U.S. military and government personnel. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.