Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On May 03, 2016

May 2, SecurityWeek – (International) Serious flaw found in “PL/SQL Developer” update system. Allround Automations released a new version of its PL/SQL Developer product after an application security consultant discovered that version 11.0.4, and earlier versions, used Hyper Text Transfer Protocol (HTTP) updates and did not validate the downloaded file’s authenticity, allowing a man-in-the-middle (MitM) attacker to replace the authentic Uniform Resource Locator (URL) with another URL that leads to a malicious file, as well as replace the download link with an arbitrary command that will execute in a user’s context during the PL/.SQL Developer update process. Source

May 2, SecurityWeek – (International) Microsoft adds Nano server to bug bounty program. Microsoft reported April 29 that it is offering large monetary rewards for vulnerabilities found in the Nano Server installation option of its Windows Server 2016 Technical Preview 5 and all subsequent releases after stating that the product was ideal for a compute host for Hyper-V virtual machines, a storage host for Scale-Out File Server, a Domain Name System (DNS) server, and a host for cloud apps, and if infected, could pose severe damages to each component. Source

May 1, Softpedia – (International) Valve fixes steam crypto bug that exposed passwords in plaintext. Valve updated its Steam gaming client after a security researcher found that the lack of Message Authentication Code (MAC) in its application’s crypto package allowed an attacker to carry out man-in-the-middle (MitM) attacks, enabled victims to become Valve Anti-Cheat (VAC) banned, or potentially exposed users’ passwords in plaintext. Source

May 1, Softpedia – (International) Decrypter for Alpha ransomware lets victims recover files for free. A team of security researchers discovered and decrypted a new ransomware version called Alpha ransomware, which demands targets pay $400 worth of iTunes gift cards to decrypt encrypted files by using AES-256 encryption to lock files, change each file’s name with the .encrypted extension, add a ransom note in text format in each folder, change the target’s wallpaper, and delete itself to avoid detection. Researchers found a weakness in the ransomware’s encryption routine and released a decrypter to help victims retrieve locked files. Source

April 29, Softpedia – (International) Crooks deliver android malware via Fake Google Chrome updates. Security researchers from Zscaler discovered that cyber criminals were distributing fake Google Chrome update packages disguised as Android application package (APK) files affecting Android users to steal a target’s credit card information, terminate the device’s antivirus software, monitor incoming and outgoing calls and Short Message Service (SMS) messages, as well as start or end calls, among other actions. Attackers were seen using large collections of domain names to host the malware, which were changed a regular intervals. Source

April 29, Softpedia – (International) BPlug trojan hides in Chrome Extensions and Spams your Facebook friends. Security researchers from Dr. Web discovered that over 12,000 users were infected with the trojan titled, Trojan.BPlug.1074 or BPlug after the bug was seen hiding in Google Chrome’s extensions and collecting a target’s Facebook user identifier (UID) and their cross-site request forgery (CSRF) token to execute actions on a Facebook users’ behalf. Attackers can send out malicious links disguised as YouTube videos to Facebook friends in an aim to increase the trojan’s infection. Source

April 29, SecurityWeek – (International) Malware leverages Windows “God Mode” for persistency. Researchers from Intel Security reported that the malware dubbed, “Dynamer” was abusing the Microsoft Windows Easter Egg called “God Mode” function to gain persistency on an infected machine by installing itself into a folder inside the %AppData% directory, creating a registry run key, and executing its capability normally. Researchers advised affected users to terminate the malware’s process via Task Manager and run a specially crafted command from the command prompt. Source

Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.