Gotham Security Daily Threat Alerts July 9-10, 2015

By Nancy Rand
Posted in Security
On July 10, 2015

July 9, Securityweek – (International) APT-style evasion techniques spotted in “Kofer” ransomware campaign. Security researchers from Cybereason discovered a ransomware campaign primarily targeting European users dubbed “Operation Kofer” that is mimicking advanced persistent threat (APT) operations by continuously generating new variants of the same malware to evade detection, among other anti-detection techniques. Source

July 9, CSO Online – (International) Despite warnings, majority of firms still run some Windows Server 2003. Softchoice released findings from a June report covering 200 enterprise data centers comprised of over 90,000 servers revealing that all but 7 percent of enterprises still used Microsoft Windows Server 2003, exposing companies to security, compliance, and operational risks as support for the platform is set to end July 14. Source

July 9, Threatpost – (International) Bug in Android ADB backup system can allow injection of malicious apps. Security researchers discovered a severe vulnerability in all versions of the Android debug bridge (ADB) in which an attacker could inject a malicious Android application package (APK) file via the BackupAgent, which does not require Android permissions and does not filter the data stream returned by applications. Source

July 9, Securityweek – (International) OpenSSL patches serious certificate forgery vulnerability. OpenSSL developers released patches for a high severity alternative chain certificate forgery flaw, in which an attacker could bypass untrusted certificate checks and issue invalid certificates. The vulnerability affects versions 1.0.1n and 1.0.2b. Source

July 8, Dark Reading – (International) Cybercriminal group spying on U.S., European businesses for profit. Symantec reported that a cybercriminal group dubbed Morpho that was known for hacking Apple, Microsoft, Facebook, and Twitter, has extended its cyber-espionage to hit research-and-development related computer systems in 49 different multi-billion dollar pharmaceutical, software, Internet, oil, and metal mining commodities organizations across 20 countries, with the majority being in the U.S. Researchers believe the group has U.S. ties and is run by an organized crime ring. Source

July 8, Securityweek – (International) Hacker search engine becomes the new Internet of Things search engine. The developer of the Shodan Internet device search engine reported that the search engine exposes the systemic vulnerabilities present in consumer-grade Internet of Things hubs due to a poor security posture, where many hubs still use default passwords and have telnet enabled. Once compromised attackers could leverage hubs to monitor sensor data or determine if someone is home. Source

July 8, Securityweek – (International) Adobe patches Hacking Team’s Flash Player zero-day. Adobe released an emergency update for its Flash Player to address a zero-day vulnerability in the ActionScript 3 ByteArray class, which could allow a remote, unauthenticated attacker to execute arbitrary code. The vulnerability was exposed after hackers breached and dumped corporate information of the Hacking Team surveillance software company. Source

July 7, Securityweek – (International) ANTlabs patches vulnerabilities in gateway products. ANTlabs released patches for several of its gateway products addressing a Structured Query Language (SQL) injection flaw in the default login page in which a remote attacker could execute arbitrary queries, and a cross-site scripting (XSS) vulnerability in the admin login page that could allow an attacker to obtain login credentials from the administrator panel. Source

July 7, Securityweek – (International) Zero-day exploits leaked in Hacking Team breach. Security researchers from Trend Micro and Symantec reported that data from a recently confirmed Hacking Team breach contained several zero-day vulnerabilities and exploits, including a use-after-free (UAF) flaw affecting Adobe Flash Player versions 9 and later on Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, and Apple Safari, and a Microsoft Windows kernel vulnerability. Source

July 7, Network World – (International) Microsoft security tool fails malware detection test. AV Test released results from a recent experiment revealing that Microsoft Security Essentials performed the worst out of 11 tested antivirus products, only detecting 87 percent of malware in real-time tests, when the others were all at least 95 percent effective. Source

July 7, Threatpost – (International) Crypto leaders: “exceptional access” will undo security. Cryptography experts released a report warning of the long term economic and security risks associated with “exceptional access,” a U.S. government initiative to maintain access to cryptographic keys to secure information over the Internet primarily for law enforcement use.  Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.