Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On April 01, 2016

March 31, SecurityWeek – (International) Malware detection bypass vulnerability found in Cisco firepower. Cisco released software updates fixing a high severity vulnerability after a researcher found that the flaw was caused by improper input validation of fields in Hypertext Transfer Protocol (HTTP) that could allow a remote, unauthenticated attacker to bypass malicious file detection and block security features by crafting an HTTP request and sending it to the victims’ system. Source

March 31, The Register – (International) Patch out for ‘ridiculous’ Trend Micro command execution vuln. Trend Micro released a patch that fixed a command execution vulnerability for systems running its Maximum Security, Premium Security or Password Management software after a security researcher from Google’s Project Zero found a remote debugging server was running on customers’ machines. Officials stated the patch was not fully complete, but will fix most critical issues with the software. Source

March 31, Softpedia – (International) XSS and CSRF bugs in Steam Dev panel let anyone be a Valve admin. A researcher from the United Kingdom discovered a cross-site scripting (XSS) vulnerability and a cross-site request forgery (CSRF) vulnerability affecting SteamDepot, Steam’s internal system for storing game content, after finding that a malicious JavaScript code could be added in the description field to steal users’ Steam cookies, among other actions. Source

March 30, Softpedia – (International) Security bug allowed attackers to send malicious emails via PayPal’s servers. PayPal Holdings, Inc., patched a flaw in one of its automatic emailing application after a security researcher from Vulnerability Lab found that attackers could add malicious code to an account’s username which were embedded in the emails sent to other recipients. The flaw could allow an attacker to execute session hijacking and redirection to external sources, and trick users into clicking a malicious link that prompts victims to enter their PayPal credentials. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.