Gotham Security Daily Threat Alerts

By Gotham
Posted in Security
On June 20, 2013

June 19, Softpedia – (International) Oracle fixes 40 Java vulnerabilities with June 2013 CPU. Oracle released a critical patch update for Java, closing 40 vulnerabilities, 37 of which were remotely exploitable. Source:

June 19, Softpedia – (International) Government Security News and 60 other websites hacked, abused to serve malware. Zscaler researchers investigating a piece of malware discovered on a Government Security News Web site found that 65 Web sites had been compromised in an effort to infect users with the ZeroAccess trojan. Source:

June 19, Softpedia – (International) Google updates Chrome 27 to fix Flash plugin clickjacking vulnerability. Google released an update for its Chrome browser that closes a vulnerability that uses Adobe Flash Player to hijack users’ microphones and webcams. Source:

June 19, Computerworld – (International) Apple pours OS X Snow Leopard another Java fix. Apple released a patch for Java 6 on OS X Snow Leopard Lion, and Mountain Lion following Oracle’s release of patches for Java 7. Source:

June 18, Help Net Security – (International) Facebook once again accessible via Tor. Facebook became inaccessible for several hours June 18 to users of The Onion Router (Tor) network after malicious activity on some Tor exit nodes triggered Facebook’s site integrity systems. Source:

June 18, – (International) Google Docs hijacked by Trojan.APT.Seinup malware. Researchers at FireEye found an advanced spearphishing campaign in the wild that uses Google Docs to avoid detection and install the Trojan.APT.Seinup malware. Source:

June 18, Help Net Security – (International) Customized spam uses cell phone users’ data against them. AdaptiveMobile researchers found that mobile spammers have been using databases of U.S. cell phone subscriber data to craft customized spam for use in collecting financial and personal information. Source:

June 18, The Register – (International) Remote code execution vuln appears in Puppet. Puppet Labs advised users to update to newer versions of the Puppet infrastructure management tool after a remote code execution vulnerability was discovered. Source: