Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence March 23, 2018 - Featured Image

Daily Threat Briefing Mar 23, 2018

Top Vulnerabilities Reported in the Last 24 Hours

GitHub vulnerability scanner
The GitHub vulnerability scanner, that was launched late last year, has discovered over four million bugs in a matter of a few months. These bugs were found through public repositories for known vulnerabilities in RubyGems (Ruby) and NPM (JavaScript). Developers have been notified of these bugs, privately.

Drupal plans to patch a bug
Drupal has issued an advisory to its developers, asking them to reserve some time next week to fix what Drupal terms a "highly critical" flaw in Drupal 7 and 8 core. The advisory notifies of a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th, 2018 between 18:00 - 19:30 UTC.

Chrome OS devices to receive Meltdown and Spectre patches
Google is set to release Chrome OS 66, slated for April 24, on all older Chromebooks with Intel processors in order to mitigate against the Meltdown vulnerability. While Meltdown and Variant 1 can be addressed with software updates, Variant 2 requires additional microcode updates.

Top Breaches Reported in the Last 24 Hours

Atlanta City computers hit
Systems belonging to the city of Atlanta government have been infected with a ransomware. The computer network is currently experiencing outages on various customer-facing applications. A screenshot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems, has been submitted.

Unsecured servers
A researcher came across various servers running etcd, a type of database used by networks to store and distribute passwords and configuration settings, on Shodan search engine. Using a simple script, the researcher could extract 8,781 passwords, 650 Amazon Web services access keys, 23 secret keys, and 8 private keys.

Related Threat Briefings