Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On March 08, 2016

March 7, CNBC – (National) Scam artists hit Seagate Technology. Cupertino-based Seagate Technology reported that its current and former employees’ personal information including tax information, Social Security numbers, and salaries were compromised after a phishing email disguised as a legitimate internal company request prompted an employee to disclose employee data to an unauthorized third party. The company notified the U.S. Internal Revenue Service and is offering an identify-theft protection service to those affected. Source

March 6, SecurityWeek – (International) Amazon changes stance on encryption for fire tablets., Inc., reported March 5 that it will be returning its Kindle Fire devices to full disk encryption and will be releasing the security feature with a Fire operating system (OS) update. The company previously removed the enterprise features in 2015 due to low customer usage. Source

March 6, Softpedia – (International) First fully functional Mac ransomware spread via transmission BitTorrent client. Researchers from Palo Alto reported that the official Transmission BitTorrent website used by Mac customers was allegedly hacked after researchers found that the Transmission website was replaced for Mac version 2.90, which came embedded with the KeRanger ransomware. The ransomware targets over 300 file extension types, uses Advanced Encryption Standard (AES) encryption to lock files, and demands a 1 Bitcoin payment fee. Source

March 5, Softpedia – (International) Popular WordPress plugin comes with a backdoor, steals site admin credentials. Security researchers from Sucuri discovered that an unknown attacker named wooranker was able to control WordPress user login, create and edit commands, and intercept user data before encryption, among other actions, by using a popular WordPress plugin, Custom Content Type Manager (CCTM). The attacker used the plugin to install an auto-update.php backdoor, forcing the target’s side to download and install another file named c.php, which would create wp-options.php to alter core WordPress files. Source


Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.