Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 5, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 5, 2018
Top Malware Reported in the Last 24 Hours
Backdoor based on RCS
A new backdoor, associated with the operation of the Iron cybercrime group, has been discovered by security researchers. The backdoor is based on the leaked source code of Remote Control System (RCS), a surveillance software that infects devices for covert surveillance. Once infecting a system, malware installs a malicious certificate to sign the backdoor binary as root CA.
Botnet server databases
Principal Researcher at NewSky Security, Ankit Anubhav, identified two databases used by two distinct IoT botnets. These databases contain default credentials to carry out their operations. The botnets are built with a version of Owari, a malware strain that infects IoT devices using weak or default credentials.
Top Vulnerabilities Reported in the Last 24 Hours
Zip Slip vulnerability
This is an arbitrary file overwrite vulnerability that impacts multiple Java projects. Exploiting this flaw could impact several projects including AWS CodePipeline, Spring Integration, LinkedIn's Pinot, Alibaba JStorm, Gradle, and Google Cloud Platform. Using this flaw, attackers can overwrite executable files and invoke them.
Drupal sites still vulnerable to Drupalgeddon 2
Two months after the vulnerability has been made public, 115,070 out of 500,000 scanned Drupal websites are still vulnerable to Drupalgeddon 2 (CVE-2018-7600). These websites are running on an outdated Drupal 7.x CMS version. Patches are available for Drupal 6.x, 7.x, and 8.x.
Ubuntu releases fixes
A vulnerability--that incorrectly handles core dumps when certain files are missing--in Apport has been fixed by Ubuntu. Affected products include versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, and 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and also Ubuntu 14.04 LTS. Users are advised to install updates immediately.