Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On March 28, 2016

March 24, Help Net Security – (International) 7 Iranians indicted for cyber attacks on US banks and a dam. The U.S. Department of Justice reported March 24 that 7 Iranian computer specialists, allegedly sponsored by Iran’s Islamic Revolutionary Guard Corps, were charged for conducting several coordinated distributed denial-of-service (DDoS) attacks against 46 major companies which primarily targeted the U.S. financial sector from 2011 – 2013. The attacks disabled victims’ bank web sites, prevented customers from accessing online accounts and cost banks tens of millions of dollars in remediation. Source

March 24, SecurityWeek – (International) Cisco patches serious DoS flaws in IOS software. Cisco released patches for six high severity denial-of-service (DoS) flaws in its IOS, IOS XE, and Unified Communications Manager (UCM) software including a flaw that can allow an unauthenticated attacker to cause a memory leak, eventually causing the infected device to reload, and a vulnerability affecting the DHCP version 6 relay feature of which can cause the affected device to reload by sending specially crafted DHCPv6 relay messages. Source

March 24, SecurityWeek – (International) EC Council website hacked to serve Angler Exploit Kit. Security researchers from Fox-IT warned users that the security certification provider, EC Council was unknowingly distributing the Angler exploit kit (EK) after discovering that malicious code was embedded at the bottom of EC Council’s iClass website for Certified Ethical Hacker (CEH) certification, which redirected users to a Web page with the Angler EK. Researchers suspected a security flaw in the website and notified the company of the exploit. Source

March 24, Krebs on Security – (International) Crooks steal, sell Verizon Enterprise customer data. Verizon Enterprise Solutions stated March 24 that it recently discovered and remediated a security vulnerability in its enterprise client portal that allowed an attacker to obtain basic contact information on an undisclosed number of customers. The company asserted that no customer proprietary network information or other data was accessed. Source

March 23, SecurityWeek – (International) Sophisticated USB trojan spotted in the wild. Researchers from ESET reported that an advanced data-stealing universal serial bus (USB) trojan dubbed, “USB Thief” was found in the wild and can compromise a system by injecting itself into the execution chain of portable versions of popular applications and disguising itself as a plugin or a Dynamic Link Library (DLL) file. The threat is bound to a single USB drive and was reported to have four executables and two configuration files that enable it to avoid detection and prevent researchers from detecting, copying, and analyzing the malware. Source

March 24, Help Net Security – (International) OS X zero day bug allows hackers to bypass system integrity protection. A security researcher discovered a non-memory corruption flaw in Apple Inc.,’s operating system (OS) X that could allow an attacker to compromise OS X and iOS systems by executing arbitrary code on any binary and escalating attackers’ privileges to root and/or bypass Apple’s System Integrity Protection feature. Researchers stated the zero-day vulnerability was not exploited by attackers, but the flaw could potentially be used in highly targeted or State sponsored attacks. Source

March 24, SecurityWeek – (International) Oracle reissues patch for two-year-old Java. Oracle Corporation released updates for two of its Java SE products addressing a sandbox escape flaw after researchers discovered the previously patched flaw could be bypassed to allow a remote, unauthenticated attacker trick users into visiting a malicious website. The new update successfully patches the flaw within Java SE 8 Update 77 and Java SE 7 Update 99. Source

March 24, Help Net Security – (International) RCE flaw affects DVRs sold by over 70 different vendors. A security researcher from RSA Security discovered a remote code execution (RCE) flaw in digital video recorders (DVRs) sold by more than 70 different vendors and manufactured by a Chinese company, TVT Digital Technology Co., Ltd., can allow an attacker to gain root access to the DVR as the vulnerability resides within the implementation of the Hypertext Transfer Protocol (HTTP) server included in the firmware. The implementation opens ports 81/82 of the device to the Internet, which is included in over 30,000 devices internationally. Source

March 23, U.S. Department of Justice – (International) Chinese national pleads guilty to conspiring to hack into U.S. defense contractors’ systems to steal sensitive military information. The U.S. Department of Justice announced that a Chinese national pleaded guilty March 23 to participating with two others in China in a conspiracy to hack into computer networks of major U.S. defense contractors in order to steal military technical data. The businessman provided two co-conspirators with guidance regarding what persons, companies, and technologies to target, as well as which files and folders to steal once the individuals had successfully breached information technology systems. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.