Gotham Security Daily Threat Alerts

By Gotham
Posted in Security
On July 19, 2013

Here are some of the technology stories that caught our eye today:

July 18, Softpedia – (International) Experts find sandbox bypass vulnerability in Java 7 Update 25. Researchers at Security Explorations identified a critical vulnerability in Java 7 Update 25 and previous versions that can be exploited with a known attack method. Details and a proof-of-concept were submitted to Oracle. Source:

July 18, Krebs on Security – (International) Botcoin: Bitcoin mining by botnet. Researchers discovered a Bitcoin mining malware affiliate program that utilizes infected computers to ‘mine’ Bitcoins via botnets. Source:

July 18, IDG News Service – (International) Most enterprise networks riddled with vulnerable Java installations. A report by Bit9 found that outdated Java installations are currently deployed on most enterprise networks, posing a major security risk. Source:


July 18, Softpedia – (International) Fake AV “Antivirus System” prevents victims from booting in safe mode. A fake antivirus found by Webroot researchers called Antivirus System injects itself into a device’s system shell, booting up in safe mode to prevent removal. Source:

July 18, – (International) Hackers knock Network Solutions websites offline with DDoS attack. Network Solutions was the target of a distributed denial of service (DDoS) attack July 15, affecting its own and an unknown number of customers’ Web sites. Source:

July 18, Softpedia – (International) Android apps that exploit “master key” bug found on Google Play. Bitdefender researchers identified two apps in the Google Play store that exploit the Android “master key” exploit in a non-malicious manner. Source:

July 18, Help Net Security – (International) Android backup sends unencrypted WiFi passwords to Google. A researcher found that the Android “Back up my data” feature sends private information such as WiFi passwords in plaintext to Google. Source:

July 18, Softpedia – (International) KakaoTalk users warned of malicious applications. Trend Micro researchers found an e-mail distributed trojanized version of the KakaoTalk instant messaging app designed to collect contact information, text messages, and phone settings. Source:

July 17, eWeek – (International) Cyber-criminals selling fraudulent identity ‘kitz’ on web black market. Dell Secureworks researchers found cybercriminals selling various identity fraud packages called “kitz” that contain an individual’s personal information and documents, including full profiles called “fullz” made by using information leaked in data breaches.


July 17, CNET – (International) Google Glass patch fixes vulnerability through QR code. Google closed a security vulnerability in its Google Glass device that could allow an attacker to compromise the device by using a QR code. Source:

July 17, Dark Reading – (International) DDoS average packet-per-second and attack bandwidth rates rise. Prolexic Technologies released their second quarter 2013 Quarterly Global DDoS attack report, which found that distributed denial of service (DDoS) attacks increased in average packet-per-second rate and average bandwidth by 1,655 percent and 925 percent, respectively, compared to 2012 levels. Source: