Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On February 22, 2016

February 19, Softpedia – (International) JSF***eBay XSS bug exploited in the wild, despite the company’s fix. Security researchers from Check Point discovered that eBay’s platform was susceptible to a JSF*** cross-site scripting (XSS) attack that was exploited in the wild and allowed attackers to convert the site’s JavaScript syntax into the JSF*** non-standard character set, disguise the code to pass through eBay’s XSS filters, and store the character set in the product’s description, allowing the malicious code to execute and infect a system once the victim opens the eBay store. Source

February 19, SecurityWeek – (International) Google pays $25,000 reward for critical Chrome flaw. Google released an updated version for its Chrome web browser affecting Microsoft Windows, Apple Mac, and Linux systems after a security researcher found a flaw in the Blink web browser engine and Chrome sandbox escape. Source

February 18, SecurityWeek – (International) “Locky” ransomware encrypts unmapped network shares. Security researchers from BleepingComputer discovered that a new ransomware named Locky uses the Advanced Encryption Standard (AES) encryption algorithm to target certain file extensions after it creates and assigns a unique 16 hexadecimal number to a victim’s computer and scans all unmapped network shares and drives for files to encrypt. The ransomware renames encrypted files to [unique_id][identifier].locky and deletes all Shadow Volume Copies to prevent victims from restoring encrypted files. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.