Share Blog post
AMD has recently released a microcode update for all Ubuntu users to address the well-known Spectre security flaw. Dubbed CVE-2017-5715, this flaw is being used to launch branch target injection attacks. The update is available for Ubuntu 18.04 LTS, 17.10, 16.04 LTS, and 14.04 LTS. Once installing the patch, users are advised to reboot their systems.
Cisco patches flaws
Fixes for 34 flaws have been released by Cisco. Out of the 34 vulnerabilities, 24 flaws affect FXOS software for Firepower firewalls and NX-OS software for Nexus switches. With its update, Cisco also patched DoS flaws in the SNMP feature of the Cisco Nexus 4000 Series Switch. Cisco customers are advised to upgrade to the latest security updates.
Hackers exploit Drupal flaw
The Drupal vulnerability is being exploited by hackers in order to mine Monero cryptocurrency. Dubbed CVE-2018-7602, the flaw downloads a shell script which retrieves an ELF downloader. This downloader then adds ‘crontrab entry’ and retrieves a Monero-mining malware. This flaw can be thwarted by implementing virtual patching, firewalls and application control.
Unprotected Firebase databases--containing thousands of iOS and Android mobile applications--exposed around 100 million records. The breach occurred due to a critical Firebase flaw called HospitalGown. The flaw affects over 2300 unsecured Firebase databases & 3,000 iOS and Android Apps. Data exposed includes plaintext passwords, user IDs, location, and financial records.
Healthcare data breach
Med Associates Inc., recently suffered a data breach which resulted in the loss of PHI of more than 270,000 people. Stolen information includes patient name, date of birth, address, date of service, diagnosis codes, procedure codes, insurance information, and insurance ID number. Fortunately, no banking information was stolen.
Posted on: June 22, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.