Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On April 27, 2016

April 25, Help Net Security – (International) Compromised credentials still to blame for many data breaches. A Cloud Security Alliance survey found that a lack of scalable identity access management systems, a lack of ongoing automated rotation of cryptographic keys, passwords, and certificates, as well as failure to use multifactor authentication were the major causes of data breaches. The findings also indicated that 22 percent of companies who suffered a data breach, attributed the breach to compromised credentials. Source

April 25, Help Net Security – (International) Critical flaws in HP Data Protector open servers to remote attacks. Hewlett Packard released security updates for its HP Data Protector software patching six critical vulnerabilities for all versions prior to 7.03_108, 8.15, and 9.06 which could allow a remote code execution flaw or unauthorized disclosure of information via unauthenticated users or through an embedded Secure Sockets Layer (SSL) private key, which could increase the chance of man-in-the-middle (MitM) attacks. Source

April 22, SecurityWeek – (International) Attackers use PowerShell, Google Docs to deliver “Laziok” trojan. Security researchers from FireEye reported that attackers were able to bypass Google’s security checks and upload a trojan named Laziok to Google Docs with the intention to steal information about the user’s system by loading obfuscated JavaScript code known as “Unicorn,” as well as using “Godmode” and PowerShell to execute the malware. Source

April 22, SecurityWeek – (International) Attacker friendly hosting firm leveraged by Pawn Storm hackers. Security researchers from Micro Trend reported that the Pawn Storm Group was abusing a small Virtual Private Server (VPS) registered in United Arab Emirates (UAE) to attack governments in 80 counties including Bulgaria, Greece, Malaysia, Ukraine, and the U.S., and were seen executing more than 100 cyber-attacks within the past year. In addition, it was discovered that the group used the VPS hosting provider for command & control (C&C) servers, exploit sites, spear-phishing campaigns, domestic espionage in Russia, and Web mail phishing sites targeting high-profile users. Source

April 22, Softpedia – (International) Windows XP, IE, and Flash Usage blamed for poor security of healthcare sector. Security researchers from Duo Security reported that many healthcare organizations were using outdated software or software prone to exploit kits (EK) after discovering that 33 percent of healthcare organizations were using Internet Explorer 11 rather than using updated versions of Google Chrome, and that 52 percent of healthcare organizations were using Flash Player software on all their computers, among other collected data. Source

Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.