Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On April 15, 2016

April 14, SecurityWeek – (International) Google patches serious account recovery vulnerability. Google released patches addressing several vulnerabilities in its account recovery process after a researcher named “Ramzes” found that attackers could change a user’s password and hijack a user’s account by executing arbitrary code in the context of a help article by specifying a page, which attackers controlled, in an sanitized Universal Resource Language (URL) parameter that could have been exploited when a user activated the account recovery process on Source

April 14, SecurityWeek – (International) White House announces commission on enhancing national cybersecurity. White House officials announced April 13 that a new non-partisan commission, the Commission on Enhancing National Cybersecurity will help gather input from subject matter experts (SMEs) for the Federal government and the private sector to strengthen cybersecurity awareness, to protect privacy, and to ensure public safety and economic and national security, as well as encourage the public to better control their digital security by recommending actionable steps each party can implement. The commission is expected to report its findings to the White House by December 2016. Source

April 13, SecurityWeek – (International) SAP patches XSS, DoS vulnerabilities. SAP released patches for several of its various products including five cross-site scripting (XSS) issues, four denial of service (DoS) vulnerabilities, three missing authorization check flaws, and one remote code execution (RCE) vulnerability, among other patched flaws. Customers were advised to apply new updates to their systems to patch the vulnerabilities and prevent business risks in their SAP systems. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.