Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On February 09, 2016

February 5, SecurityWeek – (International) Avast patches vulnerability in SafeZone Tool. A researcher from Google discovered a vulnerability in Avast’s SafeZone tool, also known as Avastium, that allowed attackers to gain additional privileges and conduct various actions on the system by convincing a victim to visit a malicious Uniform Resource Locator (URL). The vulnerability was exploited due to Avast’s low security check which allowed any URL to pass through without any restrictions. Source

February 4, SecurityWeek – (International) Dell adds BIOS verification technology to business PCs. Dell released a new enterprise endpoint security solution, the post-boot BIOS verification technology integrated with its Data Protection Endpoint Security Suite Enterprise that will help detect against BIOS-specific attacks or compromised systems by using a secure cloud platform to test individual BIOS images against official images held by Dell. Source

February 4, SecurityWeek – (International) Exploits released for unpatched flaws in Netgear Management System. An information security researcher discovered flaws in Netgear’s ProSAFE NMS300 network management system that can allow a remote, unauthenticated attacker to upload an arbitrary file to the system by sending a specially crafted POST request to one of two Java servlets found in the default NMS300 installations, as well as conduct a directory traversal attack that can allow a hacker to download any file from the system, among other flaws. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.