Cyware Daily Threat Intelligence June 25, 2018

Top Vulnerabilities Reported in the Last 24 Hours
WebAssembly additions might cause serious issues
Upcoming WebAssembly additions might render Spectre and Meltdown mitigations useless. Hence, the WebAssembly team has this feature on hold for the time being. WebAssembly gains support for threads with shared memory. This creates very accurate JavaScript timers which may render browser mitigations of certain CPU side channel attacks non-working.

Patched Drupal flaw exploited
Cybercriminals are leveraging the Drupal vulnerability (CVE-2018-7602) in order to deliver Monero-mining malware. The malware is a modified variant of the open-source XMRig version 2.6.3. The malware adds a crontab entry to automatically update itself. Interestingly, the exploited flaw was already patched in April this year.

Oracle releases microcode updates
Software and microcode updates have been released by Oracle to patch the Spectre and Meltdown vulnerabilities. The updates have been released for the Oracle Linux distribution and Oracle VM virtualization products. Oracle will continue to release new microcode updates and firmware patches.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.