Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On March 14, 2016

March 11, SecurityWeek – (International) Three high severity DoS flaws patched in BIND. The Internet Systems Consortium (ISC) released updates for several of its DNS software BIND product fixing three high severity denial-of-service (DoS) vulnerabilities that could allow remote attackers to crash the BIND name server (named) process by sending a specially crafted query. Source

March 11, SecurityWeek – (International)”Libotr” library flaw exposes popular IM apps. A security researcher from X41 D-Sec firm discovered a serious vulnerability in the “libotr” library that could allow a remote attacker to execute arbitrary code by sending large messages that trigger a heap buffer overflow in libotr, as well as execute denial-of-service (DDoS) attacks. X41 D-Sec firm released a proof-of-concept intended to crash the Off-The-Record (OTR) plugin in Pidgin on x86_64 Linux systems. Source

March 10, SecurityWeek – (International) Firefox 45 patches 22 critical vulnerabilities. Mozilla released w which patched 40 vulnerabilities in the Web browser components, including a heap-based buffer overflow flaw, and 14 flaws in its Graphite 2 library that could allow an attacker to execute arbitrary code execution and denial-of-service (DoS) attacks, among other patched vulnerabilities. Source

March 10, SecurityWeek – (International) SAP patches 28 vulnerabilities across multiple products. SAP released several security updates for its various products patching 28 vulnerabilities including 6 cross-site scripting (XSS) and information disclosure flaws, 5 authentication by-pass flaws, 3 XML external entity flaws, and 2 implementation flaws, among other vulnerabilities. Source

March 10, SecurityWeek – (International) CryptoWall, Locky dominate ransomware landscape: Report. Researchers from Fortinet released a report stating that the Locky ransomware was the second largest ransomware landscape and accounted for 16.47 percent of a total 18.6 million attacks collected. The ransomware is distributed internationally but has been primarily targeting U.S. users by sending malicious documents attached to spam emails. Source

March 10, SecurityWeek – (International) Adobe patches flash zero-day under attack. Adobe released an emergency out-of-band update fixing a zero-day vulnerability after a security researcher from Kaspersky Lab found the flaw could allow an attacker to take control of vulnerable systems in limited, targeted occurrences. Source

March 10, Softpedia – (International) 600,000 TFTP servers can be abused for reflection DDoS attacks. Researchers from the Edinburgh Napier University reported that a combination of flaws in Trivial File Transfer Protocol (TFTP) and publicly-exposed TFTP servers can easily be exploited for attackers to abuse misconfigured setups for reflection denial-of-service (DDoS) attacks after finding that 599,600 TFTP servers were publicly open and had an amplification factor of 60. The vulnerable TFTP servers can be used to launch attacks on other Internet-available services, or used as a pathway for targets inside a closed network. Source

March 10, The Register – (International) Cisco patches a bunch of cable modem vulns. Cisco Systems reported three vulnerable systems were open to attackers including two wireless gateways, the DPC3941 and DPC3939B, that can allow attackers to exploit the web-based administration interface via specially crafted Hypertext Transfer Protocol (HTTP) requests; two cable modems, the DPC2203 and EPC2203, that can allow attackers to execute remote code execution via an HTTP input validation vulnerability; and one gateway, the DPQ 3925, that can allow attackers to perform denial-of-service (DDoS) attacks via an HTTP handling flaw. Source

March 9, Softpedia – (International) Samsung fixes driver update tool to prevent malicious takeover. Samsung released updates for its SW Update Tool patching two security-related issues that could have been exploited to perform Man-in-the-Middle (MitM) attacks after a security researcher from Core Security discovered that when contacting Samsung’s servers, the SW Update Tool sent all users’ information in cleartext and did not check for the data’s authenticity after the software received the driver downloads from Samsung’s servers. Samsung patched the issues by implementing a ciphered communication between the tool and its servers, and inputting a verification mechanism of the downloaded drivers. Source

March 9, SecurityWeek – (International) Triada trojan most advanced mobile malware yet: Kaspersky. Security researchers from Kaspersky discovered a new trojan reportedly believed to be the most advanced mobile malware yet, dubbed Triada that targets Android operating system (OS) devices to redirect financial short message service (SMS) transactions to buy additional content or steal money from victims via an advertising botnet that is embedded with rooting capabilities. The trojan also uses the Zygot parent process to implement its code in the context of all software on the target’s device, allowing the trojan to run in each application. Source

March 9, Softpedia – (National) Rosen Hotel Chain had a PoS malware infection for 17 months. Florida-based Rosen Hotels & Resorts Inc., reported March 9 that its payment processing system was compromised after a security company discovered malware installed in its credit card systems, which allowed attackers to steal customer data including cardholders’ names, card numbers, expiration dates, and internal verification codes from September 2014 – February 2016.  Source


Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.