Share Blog post
A malware strain has been discovered targeting WordPress sites with self-preservation technique. Dubbed BabaYaga, this malware can also infect Joomla and Drupal sites, or even generic PHP sites. The malware injects sites with special keyboards to redirect users to affiliate marketing links.
A new ransomware, dubbed RedEye, has been discovered. Unlike other ransomware which encrypt victims' files and holds them for ransom, RedEye was found deleting files. After infecting a system, the ransomware displays a note informing victims that their files have been encrypted using AES256. Victims are asked to access a .onion website and pay 0.1 Bitcoins to a specified address.
Invisimole cyber espionage malware
A powerful and highly-targeted malware, named Invisimole, has been discovered. The malware has the capabilities of creating a backdoor and enabling hackers to have a total view of the computer's activities. It was first picked up in May in computers based in Russia and Ukraine.
Security updates have been released by Adobe to fix a zero-day vulnerability (CVE-2018-5002) in Flash Player for Windows, macOS, Linux and Chrome OS. The flaw affects Adobe Flash Player 18.104.22.168 and earlier versions. Users are advised to update their Flash versions to 22.214.171.124.
Mozilla addresses multiple flaws
Multiple vulnerabilities in Firefox and Firefox ESR have been patched by Mozilla. A remote attacker could exploit these vulnerabilities to take control of an affected system. Users are advised to update to versions Firefox 60.0.2, Firefox ESR 52.8.1, or Firefox ESR 60.0.2.
Red Hat fixes issues
An update for java-1.7.1-ibm has been released by Red Hat for Red Hat Satellite 5.6 and Red Hat Satellite 5.7. The update addresses several flaws including insufficient validation of the invoke interface instruction, insecure handling, and use of global credentials. Users are advised to restart their systems after installing the updates.
Posted on: June 08, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.