Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On April 12, 2016

April 7, Softpedia – (International) Security experts crack Dridex admin panel, recover victim data. Security researchers from buguroo reported that they were able to retrieve user data and analyze Dridex’s activity to mitigate future attacks after researchers found the Internet Protocol (IP) address of one of the Dridex admin panels, previously known as Subnet 220, hardcoded in the malicious JavaScript files. The Subnet 220 was running an older version of the Dridex backend that was previously discovered which allowed researchers to open Subnet 220’s admin panel and study its operations. Source

April 7, SecurityWeek – (International) Ubuntu patches several kernel vulnerabilities. Ubuntu released patches addressing several vulnerabilities in the Linux kernel and various Ubuntu 14 and 15 variants including a use-after-free flaw that can be exploited by a local attacker to crash a system and potentially execute arbitrary code, a timing side channel vulnerability that can be exploited by an attacker to disrupt the integrity of the system, and a denial-of-service (DoS) vulnerability that could allow an unauthenticated attacker to exhaust resources and force a DoS condition, among other flaws. Source

April 7, SecurityWeek – (International) Adobe patches flash zero-day exploited by Magnitude EK. Adobe released an update for its Flash Player products that patched a zero-day vulnerability, specifically a memory corruption flaw that can be exploited for remote code execution, after a security researcher from Proofpoint found changes in the Magnitude exploit kit (EK); and upon further investigation, discovered attackers were delivering various threats such as Cerber and Locky ransomware via the Magnitude EK. Source

April 7, Softpedia – (International) Authorities shut down botnet of 4,000 Linux servers used to send spam. ESET reported that a joint effort with CyS Centrum LLC and the Cyber Police of Ukraine helped shut down the six-year-old Mumblehard botnet after researchers pinpointed the location of the true command and control (C&C) server when Mumblehard operators began making changes to their malware’s code. Authorities seized the Internet Protocol (IT) of the server and transferred it to a security firm who is running a server that is cancelling all requests made by Mumblehard’s botnets. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.