Last week, Microsoft and Adobe issued their monthly security updates, and CrowdStrike reported a serious vulnerability affecting several virtualization platforms.
Last week, severe vulnerabilities were reported in WordPress add-ons, as well as software from Lenovo and Cisco.
THE IMPORTANCE OF INFORMATION SHARING CANNOT BE OVERSTATED.
Whether you’re a federal government agency or a small business owner selling hand knit socks on the Internet, a simple truth exists: all organizations are facing an onslaught of cyberattacks on a daily basis, and this is no secret.
It is not a secret that clients become infected with malware, internet-facing services are prodded for vulnerabilities and the volume of malicious emails received are measured in the thousands. Nor is it a secret that many of these attacks are successfully breaching security defenses and infiltrating networks globally.
No, these are merely facts, not secrets.But if we now live in an era where it is common and accepted knowledge that all organizations are under attack, many attacks of which are successful, why is there such reluctance to share data that will only benefit global defenses as a whole?
Geodo is a modified version of the Feodo Banking Trojan (also known as Bugat and Cridex). It was first spotted in June 2014 (1). An in-depth analysis of Geodo revealed that it has the ability to self-propagate through e-mail (2). Infected computers become spam bots that distribute e-mails with a link to the Trojan. Starting Monday February 23rd 2015, we observed a new wave of Geodo distribution.
Information about the vulnerability itself:
Qualys says they will soon publish exploit module for Metasploit, so exploits may soon be in the wild.
This is a short summary from mnemonic, the official information is on the vendors websites.