Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Uncategorized
On May 23, 2016

May 20, The Register – (International) 60 percent of Androids exposed by new attack on mediaserver. A security researcher from Duo reported that about 60 percent of enterprise Android phones running Lollipop version 5 operating system (OS), KitKat version 4.4, and Marshmallow version 6 OS were susceptible to a Qualcomm Secure Execution Environment (QSEE) vulnerability after researchers discovered the flaw in the mediaserver component that could allow an attacker to gain complete control over the device by tricking users into installing a malicious app. Source

May 20, Softpedia – (International) Researcher wins $5,000 for finding two ways to brute-force Instagram accounts. Facebook fixed two security flaws on its social network, Instagram that could have allowed an attacker to execute brute-force attacks and gain control over users’ accounts due to Instagram’s weak password policy, its usage of incremental user identifications, and lack of proper rate limiting protection. Source

May 20, SecurityWeek – (International) Vulnerabilities found in Siemens SIPROTEC protection relays. Security researchers from Siemens and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) discovered SIPROTEC 4 and SIPROTEC Compact devices were plagued with several information disclosure vulnerabilities that can allow attackers to obtain sensitive device information if hackers gain access to the network hosting the devices. Siemen released updates for its firmware version 4.27, but has yet to release updates for other relays. Source

Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.