Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On April 05, 2016

April 4, Softpedia – (International) Authentication flaw in Microsoft accounts gets researcher $13,000 reward. Microsoft patched a cross-site request forgery (CSRF) flaw in its main authentication system after a security researcher found attackers could gain access to its Azure, Outlook, and Office servers by altering the “wreply” parameter and sending authentication tokens to a hacker-controlled Web site due to improper input filtering on the “wreply” Uniform Resource Locator (URL). Source

April 4, SecurityWeek – (International) Romanian hacker “Guccifer” appears in U.S. court. A Romanian national was extradited to the U.S. for a period of 18 months after U.S. authorities stated the man allegedly hacked into the email and social media accounts of two former presidents, a former cabinet member, a former presidential advisor, and a former member of the U.S. Joint Chiefs of Staff, among other people, and released victims’ personal information including private emails, personal photographs, and medical and financial data from December 2012 – January 2014. Source

April 1, Softpedia – (International) Hackers can unlock any HID door controller with one UDP packet. A security researcher from Trend Micro discovered a design vulnerability in HID Global’s door controllers, specifically in VertX and Edge products, that can allow an attacker to send one malicious User Datagram Protocol (UDP) request to a door and automatically unlock the door and/or deactivate the alarm. An attacker could execute remote commands on the device with root privileges due to the two devices running a special daemon titled, discoveryd, which communicates to UDP network packets on port 4070 with information about the device. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.