Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence June 25, 2018 - Featured Image

Daily Threat Briefing Jun 25, 2018

Top Vulnerabilities Reported in the Last 24 Hours

WebAssembly additions might cause serious issues
Upcoming WebAssembly additions might render Spectre and Meltdown mitigations useless. Hence, the WebAssembly team has this feature on hold for the time being. WebAssembly gains support for threads with shared memory. This creates very accurate JavaScript timers which may render browser mitigations of certain CPU side channel attacks non-working.

Patched Drupal flaw exploited
Cybercriminals are leveraging the Drupal vulnerability (CVE-2018-7602) in order to deliver Monero-mining malware. The malware is a modified variant of the open-source XMRig version 2.6.3. The malware adds a crontab entry to automatically update itself. Interestingly, the exploited flaw was already patched in April this year.

Oracle releases microcode updates
Software and microcode updates have been released by Oracle to patch the Spectre and Meltdown vulnerabilities. The updates have been released for the Oracle Linux distribution and Oracle VM virtualization products. Oracle will continue to release new microcode updates and firmware patches.

Related Threat Briefings