Gotham Security Daily Threat Alerts

By Gotham
Posted in Security
On July 26, 2013

July 25, The Register – (International) LinkedIn snaps shut OAuth login token snaffling vulnerability. A software developer found and reported a vulnerability in LinkedIn’s customer help Web site that give out the OAuth token of the logged-in user, which could be used to potentially access profile information. The vulnerability was then fixed by LinkedIn. Source:

July 25, Associated Press; NBC News – (International) 5 charged in ‘largest hacking and data breach scheme’ bust in US. U.S. authorities charged four Russian nationals and one Ukrainian national for allegedly running a massive data theft scheme that stole at least 160 million credit and debit card numbers and sold them, resulting in hundreds of millions of dollars in losses. The members allegedly hacked into the computer systems of major companies and payment processors to obtain the financial information. Source:

July 24, Softpedia – (International) New Xpiro infectors are persistent and can infect both 32-bit and 64-bit files. Symantec researchers found that the latest versions of the Xpiro family of file infectors include a number of capabilities, including the ability to infect 32-bit and 64-bit files, add browser extensions, and prevent browser updates. Source:

July 24, – (International) First active Google Android Master Key exploit discovered in the wild. Researchers at Symantec found the first attacks leveraging the ‘Master Key’ exploit for Android in the wild. Two legitimate Chinese apps were modified to control devices, disable mobile security apps, sends SMS messages, and steal information. Source: