Cyware Daily Threat Intelligence June 18, 2018

Microsoft releases patches
A remote code execution vulnerability, tracked as CVE-2018-8210, has been patched by Microsoft. The flaw affected the wimgapi library, used to perform operations on Windows Imaging Format (WIM) files. Exploiting this vulnerability will allow hackers to execute malicious code with the same access rights as the logged-in user. Users are advised to install the recent patches to keep their systems safe.

Schneider Electric patches flaws
Schneider Electric released updates that patch four flaws found in the U.motion Builder software. The flaws affect Schneider-Electric U.motion Builder 1.2.1 and Schneider-Electric U.motion Builder 1.0.1. To stay safe, users are advised to install patches and minimize network exposure for all control system devices.

Flaw in RSS Authentication Manager
Vulnerabilities targeting RSA Authentication Manager versions prior to 8.3 P1 have been patched. Exploiting these flaws could allow malicious users to compromise the system. Users are advised to upgrade their software to version 8.3 P1 and later in order to stay safe. Liberty Holdings attacked
A South African insurer, Liberty Holdings, announced that the company became a victim of a cyber attack. As per Liberty, the breach occurred on Saturday and hackers obtained sensitive data--in the form of emails and attachments--of some of the insurer’s top clients. Investigations are going on to determine the impact of the attack.

Syscoin GitHub account hacked
Cyber criminals hacked the GitHub account of Syscoin to replace the Syscoin 3.0.4.1 Windows-based installer with a malicious software containing the Arkei Stealer. Users who downloaded version 3.0.4.1 of the Syscoin client between June 09th, 2018 10:14 PM UTC and June 13th, 2018 10:23 PM UTC. Arkei Stealer is used by hackers to steal passwords and wallet private keys.