Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On February 26, 2016

February 25, SecurityWeek – (International) OpenSSL preparing patches for high severity flaws. The OpenSSL Project reported it will release versions 1.0.2g and 1.0.1s for its OpenSSL product early March 2016 to patch several vulnerabilities including a high severity flaw that could allow attackers to obtain the key needed to decrypt traffic if the targeted application uses the Diffie-Hellman (DH) key exchange. Source

February 25, SecurityWeek – (International) Critical Drupal updates patch several vulnerabilities. Drupal released versions 6.38, 7.43, and 8.0.4 that patches ten vulnerabilities including a bypass issue, denial-of-service (DDoS) vulnerability, and an open redirect vulnerability, among other flaws. Source

February 24, Softpedia – (International) Attackers can hijack wireless mice and keyboards to install malware. Security researchers from Bastille discovered that wireless mouse and keyboard USB dongles, sold by Dell, HP, Lenovo, and Microsoft, among other companies, were susceptible to a remote attack called, Mousejack after finding that the USB dongles did not have unique pairings between a computer and its device, allowing attackers to use similar devices with the victim’s dongle and take control of a victim’s computer and carry out malicious actions. Source

February 24, SecurityWeek – (International) Sony hackers linked to many espionage, destruction campaigns. Novetta, Kaspersky Lab, AlientVault, and Symantec security firms released a report February 24 detailing that the activities of the threat group dubbed, the Lazarus Group was allegedly linked to numerous attacks including a 2014 attack on Sony Pictures Entertainment, the Dark Seoul and Operation Tory campaigns, and attacks on government, media, military, aerospace, manufacturing, and financial organizations located in South Korea and the U.S. Researchers found that the attacks and the Lazarus Group shared similar code between malicious tools and similarities in the attackers’ modus operandi. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.