Cyware Daily Threat Intelligence June 20, 2018

Top Vulnerabilities Reported in the Last 24 Hours
Intel's OpenBSD
The OpenBSD project is planning to disable support for Intel CPU hyper-threading due to the security concerns that are raising due to the "Spectre-class bugs." Support for Intel HT has been removed, as it opens the door for more timing attacks. It will now be controlled through a new hw.smt sysctl.

Ubuntu fixes flaw in GnuPG
A flaw discovered in GNU Privacy Guard (GnuPG), tracked as CVE-2018-12020, has been fixed by Ubuntu. The flaw can be leveraged to cause application parsing GnuPG output, leading to incorrect interpretation of the cryptographic operation. To stay safe, users must download the gnupg - 1.4.11-3ubuntu2.11 package for Ubuntu 12.04 ESM.

Multiple vulnerabilities in Insteon Hub PubNub
Twelve new security flaws have been discovered by Talos, affecting Insteon Hub. These flaws range from remote code execution to denial of service. Root cause of majority of these flaws has been identified in the unsafe usage of the strcpy() function. The vulnerabilities are fixed in firmware version 1016.

Top Breaches Reported in the Last 24 Hours
Data leak at Tesla
Founder and CEO of Tesla, Elon Musk, said that one of the employees confessed to perpetrating a deliberate sabotage against the company. The employee changed the code in an internal product, logged into systems without authorization, and leaked highly sensitive information to unknown third parties.

Hackers Steal $32Mn from Bithumb
Bithumb, a South Korean cryptocurrency exchange, lost $30 million worth of cryptocurrencies as a result of a cyber attacks. Experts believe that the attacker gained access to an internet-connected “hot wallet” in order to carry out the breach. Deposits and withdrawals have been temporarily suspended by the cryptocurrency exchange. 

Orchestration systems exposed
Over 21,000 container orchestration and API management systems were found unprotected and publicly available on the internet. Of these systems, about 95 percent are hosted inside Amazon Web Services (AWS). Security experts advised companies to remove the orchestration panels from the internet.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.