Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On March 22, 2016

March 21, Help Net Security – (International) iOS zero-day breaks Apple’s iMessage encryption. Researchers from Johns Hopkins University discovered a zero-day flaw in Apple’s operating system (iOS) encryption which could allow attackers to decrypt intercepted iMessages in iOS 9 and older iOS versions. Apple Inc., partially patched the vulnerability in iOS 9, but reported that the flaw will be completely patched in iOS 9.3 March 21. Source

March 21, SecurityWeek – (International) Symantec patches high risk vulnerabilities in Endpoint protection. Symantec released a security update for its Symantec Endpoint Protection (SEP) product which patched three high risk security flaws including a cross-site request forgery (CSRF) vulnerability, a Structured Query Language (SQL) injection vulnerability, and a bypass security flaw that could allow authorized users with low privileges to gain elevated access to the Management Console, as well as enable attackers to achieve arbitrary code execution on a victim’s device by bypassing the SEP Client security mitigations, among other actions. Source

March 19, Softpedia – (International) There were over 16,000 software bugs detected in 2015. Secunia researchers released a report detailing that in 2015, 16,081 flaws were found in 2,484 software applications from 263 different vendors including Google, Adobe, Microsoft, and Oracle, among others, and that 57 percent of the vulnerabilities could be exploited from a remote network. The report stated that there was a 2 percent increase in vulnerabilities from 2014 – 2015. Source


Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.