Cyware Daily Threat Intelligence April 24, 2018

A second patch for Drupalgeddon2
As per the announcement made by Drupal developers, another Drupalgeddon2 (tracked as CVE-2018-7600) patch is going to be released on 25th of April, 2018. The patch is for 7.x, 8.4.x and 8.5.x of the content management system. At least three different attack groups are exploiting Drupalgeddon2, after it received its first patch in late March.

Flaws fixed in Foxit PDF reader
Over a dozen vulnerabilities have been fixed by Foxit in its PDF reader. The vulnerabilities include an Unsafe DLL Loading security bug, five code execution vulnerabilities, and flaws that could result in remote code execution, in information disclosure, or in application crashes. The vulnerabilities were addressed in Foxit Reader and Foxit PhantomPDF 9.1.

Vulnerable Nintendo switch
A vulnerability, known as Fusée Gelée, in an Nvidia chip used by the Switch was found to allow hackers inject code into the system and modify it. Unfortunately, this flaw cannot be fixed with a security patch. Millions of Switches are vulnerable, permanently, to what amounts to a total jailbreak. MEDantex data breach
Sensitive patient medical records and personal information of thousands of physicians had been leaking online from MEDantex, a Kansas-based medical transcription company. The firm took down it’s customer Web portal after it was informed of the issue. It’s unclear exactly how many patient records were left exposed on MEDantex’s site.

TSB customer accounts aren't secure
Around two million UK banking customers are reportedly experiencing issues while trying to use their accounts online. Some users were also able to access other users’ funds. The problems occurred after an IT upgrade went wrong. Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO) are investigating the incident.

Ukrainian energy website compromised
Ukraine's energy and coal ministry website has been affected by a ransomware attack. Hackers posted a note in English, asking for ransom to be paid in Bitcoin. Ukraine has repeatedly blamed Russia for the attacks, though Moscow has denied any involvement in such attacks.