Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On February 02, 2016

February 1, SecurityWeek – (International) New Cross-Platform backdoors target Linux, Windows. Security researchers from Kaspersky Lab reported that the Linux backdoor dubbed OLMyJuxM.exe was recently found infecting Window-based systems with new capabilities similar to the 32-bit Windows variant of the DropboxCache and uses the same filename templates to steal screenshots, audiocaptures, keylogs, and other arbitrary data by using the SetWindowsHook API for keylogger functionality to contact the command and control (C&C) server for commands, and sends a heartbeat signal via Hypertext Transfer Protocol (HTTP) similar to the Linux variant. Users were advised to have an anti-virus program enabled on their systems to avoid opening emails from unknown sources, and to avoid installing applications from untrusted sources. Source

January 31, Softpedia – (International) OS X Security Compromised via the update process of many popular Mac apps. Sparkle released version 0.13.1 that patched a flaw in its Sparkle Updater framework, used to disseminate app updates to Apple Mac users after a security researcher discovered that all the updated information was sent out in Hypertext Transfer Protocol (HTTP), which can allow an attacker to set up a Man-in-the-Middle (MitM) attack by intercepting update requests from the Appcast server and modifying the update message Extensible Markup Language (XML) request to add their own malicious code. Source

January 30, Softpedia – (International) iOS app hot patching reveals a gaping security hole in Apple’s Walled Garden. Security researchers from FireEye discovered a process flaw in how Apple’s iOS developers patch their applications using the JSPatch library after researchers found they could deliver malicious instructions to test application, such as loading sensitive local iOS application program interfaces (APIs) and using them to access personal information, which was an unapproved function. The JSPatch engine translates the JavaScript code into Objective-C, which can allow any type of iOS exploit to be executed. Source

January 29, SecurityWeek – (International) Firefox warns of password requests over HTTP. Firefox released updates to its Mozilla browser, starting with Firefox DevEdition 46 that warned users when passwords were requested over non-secure connections and advised users to only provide passwords on secure connections such as Hypertext Transfer Protocol (HTTP) after a security researcher discovered the non-secure websites could be manipulated by a Man-in-the-Middle (MitM) attacker. The new Mozilla feature will check each web page against the algorithm in the World Wide Web Consortium’s (W3C) Secure Contexts Specification to determine whether the page is secure or not, and will warn security developers if the page is not secure. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.