Cyware Daily Threat Intelligence June 25, 2018

WebAssembly additions might cause serious issues
Upcoming WebAssembly additions might render Spectre and Meltdown mitigations useless. Hence, the WebAssembly team has this feature on hold for the time being. WebAssembly gains support for threads with shared memory. This creates very accurate JavaScript timers which may render browser mitigations of certain CPU side channel attacks non-working.

Patched Drupal flaw exploited
Cybercriminals are leveraging the Drupal vulnerability (CVE-2018-7602) in order to deliver Monero-mining malware. The malware is a modified variant of the open-source XMRig version 2.6.3. The malware adds a crontab entry to automatically update itself. Interestingly, the exploited flaw was already patched in April this year.

Oracle releases microcode updates
Software and microcode updates have been released by Oracle to patch the Spectre and Meltdown vulnerabilities. The updates have been released for the Oracle Linux distribution and Oracle VM virtualization products. Oracle will continue to release new microcode updates and firmware patches.