Cyware Daily Threat Intelligence June 25, 2018

Share Blog post

Top Vulnerabilities Reported in the Last 24 Hours
WebAssembly additions might cause serious issues
Upcoming WebAssembly additions might render Spectre and Meltdown mitigations useless. Hence, the WebAssembly team has this feature on hold for the time being. WebAssembly gains support for threads with shared memory. This creates very accurate JavaScript timers which may render browser mitigations of certain CPU side channel attacks non-working.

Patched Drupal flaw exploited
Cybercriminals are leveraging the Drupal vulnerability (CVE-2018-7602) in order to deliver Monero-mining malware. The malware is a modified variant of the open-source XMRig version 2.6.3. The malware adds a crontab entry to automatically update itself. Interestingly, the exploited flaw was already patched in April this year.

Oracle releases microcode updates
Software and microcode updates have been released by Oracle to patch the Spectre and Meltdown vulnerabilities. The updates have been released for the Oracle Linux distribution and Oracle VM virtualization products. Oracle will continue to release new microcode updates and firmware patches.


 Tags

drupal flaw
webassembly

Posted on: June 25, 2018

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!