Cyware Daily Threat Intelligence June 20, 2018

Intel's OpenBSD
The OpenBSD project is planning to disable support for Intel CPU hyper-threading due to the security concerns that are raising due to the "Spectre-class bugs." Support for Intel HT has been removed, as it opens the door for more timing attacks. It will now be controlled through a new hw.smt sysctl.

Ubuntu fixes flaw in GnuPG
A flaw discovered in GNU Privacy Guard (GnuPG), tracked as CVE-2018-12020, has been fixed by Ubuntu. The flaw can be leveraged to cause application parsing GnuPG output, leading to incorrect interpretation of the cryptographic operation. To stay safe, users must download the gnupg - 1.4.11-3ubuntu2.11 package for Ubuntu 12.04 ESM.

Multiple vulnerabilities in Insteon Hub PubNub
Twelve new security flaws have been discovered by Talos, affecting Insteon Hub. These flaws range from remote code execution to denial of service. Root cause of majority of these flaws has been identified in the unsafe usage of the strcpy() function. The vulnerabilities are fixed in firmware version 1016. Data leak at Tesla
Founder and CEO of Tesla, Elon Musk, said that one of the employees confessed to perpetrating a deliberate sabotage against the company. The employee changed the code in an internal product, logged into systems without authorization, and leaked highly sensitive information to unknown third parties.

Hackers Steal $32Mn from Bithumb
Bithumb, a South Korean cryptocurrency exchange, lost $30 million worth of cryptocurrencies as a result of a cyber attacks. Experts believe that the attacker gained access to an internet-connected “hot wallet” in order to carry out the breach. Deposits and withdrawals have been temporarily suspended by the cryptocurrency exchange. 

Orchestration systems exposed
Over 21,000 container orchestration and API management systems were found unprotected and publicly available on the internet. Of these systems, about 95 percent are hosted inside Amazon Web Services (AWS). Security experts advised companies to remove the orchestration panels from the internet.