Cyware Daily Threat Intelligence June 05, 2018

Backdoor based on RCS
A new backdoor, associated with the operation of the Iron cybercrime group, has been discovered by security researchers. The backdoor is based on the leaked source code of Remote Control System (RCS), a surveillance software that infects devices for covert surveillance. Once infecting a system, malware installs a malicious certificate to sign the backdoor binary as root CA.

Botnet server databases
Principal Researcher at NewSky Security, Ankit Anubhav, identified two databases used by two distinct IoT botnets. These databases contain default credentials to carry out their operations. The botnets are built with a version of Owari, a malware strain that infects IoT devices using weak or default credentials. Zip Slip vulnerability
This is an arbitrary file overwrite vulnerability that impacts multiple Java projects. Exploiting this flaw could impact several projects including AWS CodePipeline, Spring Integration, LinkedIn’s Pinot, Alibaba JStorm, Gradle, and Google Cloud Platform. Using this flaw, attackers can overwrite executable files and invoke them.

Drupal sites still vulnerable to Drupalgeddon 2
Two months after the vulnerability has been made public, 115,070 out of 500,000 scanned Drupal websites are still vulnerable to Drupalgeddon 2 (CVE-2018-7600). These websites are running on an outdated Drupal 7.x CMS version. Patches are available for Drupal 6.x, 7.x, and 8.x.

Ubuntu releases fixes
A vulnerability--that incorrectly handles core dumps when certain files are missing--in Apport has been fixed by Ubuntu. Affected products include versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, and 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and also Ubuntu 14.04 LTS. Users are advised to install updates immediately.