Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On February 18, 2016

February 17, SecurityWeek – (International) Fysbis backdoor preferred by Pawn Storm group to target Linux. Security researchers at Palo Alto Networks released a report revealing that the Pawn Storm threat group improved their obfuscation technique for their preferred Linux malware, Fysbis, to ensure that the malware installation information is no longer available in the open and that the malware runs a series of shell commands to establish persistency through newly found command and control (C&C) domain mozilla-plugins[.]com, which was reportedly believed to be associated to a newer campaign. Source

February 16, Softpedia – (International) Buffer overflow bug in glibc exposes users to attacks from rogue DNS servers. Security researchers from Google’s Project Zero and Red Hat fixed a security flaw in GNU C Library (glibc) that could allow an attacker to send oversized Domain Name System (DNS) responses and force buffer overflow and remote code execution attacks, enabling hackers to run malicious code on a victim’s machine with the same privileges as glibc’s parent application. Google released a proof-of-concept code that should help system administrators detect if their systems are vulnerable to the flaw. Source

February 16, SecurityWeek – (International) Unpatched flaw plagues Cisco industrial switches. Cisco reported February 15 that IOS software 15.2(4)E running on its Industrial Ethernet 2000 Series Switches is vulnerable to a denial-of-service (DoS) issue due to the faulty way its system processes Cisco Discovery Protocol (CDP) packets which could allow an unauthenticated attacker to send specially crafted CDP packets. In addition, Cisco reported that its Emergency Responder product was vulnerable to a cross-site scripting (XSS) flaw, which can allow an unauthenticated attacker to execute arbitrary code in the context of the vulnerable web interface and access potentially sensitive browser information. Source

February 17, Softpedia – (International) Backdoor in MVPower DVR firmware sends CCTV stills to an email address in China. Security researchers from Pen Test Partners discovered digital video recorder (DVR) devices manufactured by MVPower and deployed by closed-circuit television (CCTV) surveillance systems were vulnerable to security flaws which can allow attackers to execute Man-in-the-Middle (MitM) attacks, bypass the device’s web-based login system, and use a backdoor functionality to send CCTV feed snapshots to a hard-coded email address hosted on a Chinese email provider, among other vulnerabilities. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.