Silobreaker Daily Cyber Digest – 11 March 2016
Adobe patches 18 critical Flash vulnerabilities
One of the patches corrects an exploit for CVE-2016-1010, an integer overflow vulnerability that allows remote code execution. Adobe noted in its advisory on Thursday that this zero-day had already been used in limited, targeted attacks.
US to indict Iranian hackers
Sources suggest that the US Justice Department is planning to indict a group of Iranian hackers for a 2013 cyber attack targeting a New York state dam.
Although the specifics of the attack are still classified, US officials have said that the Iranians accessed the back office (rather than operational) systems of the Bowman Avenue Dam, a small flood control system located approximately 50km north of New York City.
The public announcement is likely to come next week as part of the Obama administration’s ‘name and shame’ policy against foreign hackers. The last indictment of this kind came in 2014, when the DoJ charged five Chinese military hackers with commercial espionage.
Critical router vulnerabilities found
Timur Yunusov, a Russian security tester at Nullcon, found flaws in eight sets of 3G and 4G modems from Huawei, Gemtek, Quanta and ZTE.
Almost all of the models, thousands of which are exposed over Shodan, are vulnerable to cross-site request forgery (CSRF). Four of the eight have cross-site scripting vulnerabilities (XSS) and the majority of these flaws allow for remote code execution.
The Silobreaker Team