Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On March 14, 2016

March 9, Softpedia – (International) KeRanger ransomware is actually Linux.Encoder ported for Macs. Security researchers from Bitdefender reported that the KeRanger ransomware that targets Mac OS X systems is a rewrite of the Linux.Encoder ransomware after finding that the encryption functions of each ransomware were identical to each other and that both ransomwares share the same names: encrypt_file, recursive_task, currentTimestamp, and creatDaemon. Source

March 8, SecurityWeek – (International) Microsoft updates Windows, browsers to patch critical flaws. Microsoft released 13 security bulletins addressing several vulnerabilities in Windows, Internet Explorer, Edge browser, Office, Server Software, and the .NET Framework including 13 Internet Explorer vulnerabilities that could allow a remote attacker to execute arbitrary code by tricking a victim into visiting a specially crafted website; 11 Microsoft Edge vulnerabilities; and critical vulnerabilities in how the Windows Adobe Type Manager Library handles specially crafted Type fonts which can be exploited for denial-of-service (DoS) attacks and remote code execution (RCE) attacks, among other vulnerabilities. Source

March 8, SecurityWeek – (International) Adobe patches flaw in Acrobat, Reader, Digital Editions. Adobe Systems released updates for its Acrobat, Reader, and Digital Editions products to patch several critical vulnerabilities including multiple memory corruption flaws and a directory search path flaw that can be exploited to execute arbitrary code in several of the products. Source

March 8, Associated Press – (International) Mock cyberattack tests response. The U.S. Department of Homeland Security and the U.S. Secret Service reported that more than 1,000 U.S. cybersecurity professionals from the Federal government, healthcare firms, Internet service providers, retail businesses, and phone companies were participating in a mock cyberattack exercise March 8 – March 10 to test human response and coordination in the event of a real-life cyberattack. The exercise will also look for areas of improvement to help the public and private sector become more resilient against cyber threats. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.