Cyware Daily Threat Intelligence May 03, 2018

Hidden backdoor in JavaScript package
Hackers are hiding and distributing a backdoor mechanism inside getcookies, present in a popular JavaScript npm package. Thus, the backdoor made an indirect entry into the structure of ‘Mailparser’ npm package which is an old library. Not attacks exploiting the backdoor have yet been registered.

RANSOM_BLACKHEART ransomware
Security researchers have discovered a new ransomware that drops malicious payload alongside the legitimate AnyDesk remote desktop tool. This ransomware uses malicious websites to propagate. It gets downloaded unknowingly when a victim visits these sites.

Kitty malware
The latest verison of the Kitty malware has been discovered by security researchers, targeting Drupal websites. The malware is exploiting Drupalgeddon2.0 vulnerability. After infecting a system, the malware leaves a cheeky note for the cat lovers. Cisco fixes multiple flaws
Several vulnerabilities affecting multiple Cisco products have been addressed by the company. Among the vulnerabilities is the flaw in the ACS Report component of Cisco Secure Access Control System (ACS) which is caused due to insufficient validation of the Action Message Format (AMF) protocol. Customers are advised to install updates immediately.

Meltdown and Spectre mitigation
A new version of the Kali Linux OS, version 2018.2, has been released with latest GNU/Linux technologies and updated components. The version also addresses the Meltdown and Spectre flaws. The release also includes the Metasploit Framework 4.16.34-0kali2 package. 

Microsoft released patches
A security update to fix the flaw in the Windows Host Compute Service Shim (hcsshim) library has been released by Microsoft. The flaw, dubbed CVE-2018-8115, allows a remote attacker to execute code on vulnerable systems. Updates are available on GitHub and users are advised to update the library to hcsshim 0.6.10. Loss of 20 million accounts data
Australia's Commonwealth Bank admitted to a data breach that affected the company in 2016, resulting in loss of bank records of almost 20 million people. The bank chose not to reveal details of the breach when it took place. Fortunately, the stolen tapes did not contain passwords, PINs or other such sensitive data.

User passwords accidentally recorded by GitHub
An issue in GitHub caused the internal logs to record user passwords in plaintext. The incident was discovered in a regular internal audit, post which, GitHub asked all its users to resert their passwords immediately. The passwords are mainly hashed with a bcrypt algorithm and so they remain secure. 

DoS attack on Knox County election office
The Knox County election office was recently hit by a cyber attack resulting in delay in the overall election process. Experts are working on to fix this problem, which didn't affect the election results.