GOT(IT) #27 is here with a lot of must-patch and must-keep-an-eye-out-for news. It’s the week of revivals. Remember the Drupal armageddon? The Meltdown exploit? What about GrandCrab? Well, they are all back!
Spam Campaign Infects Victims with GrandCrab Ransomware
The security company Fortinet found three new samples of the GandCrab ransomware, which are being distributed through a single massive spam phishing campaign.
The strategy this campaign relies on mostly focuses on trying to convince the user that he has received a payment receipt, tickets or an invoice that comes ‘attached’ to the email itself.
Unfortunately, there’s no decryption tool available like in prior editions, so Fortinet suggests you keep an online backup of your data just in case one of your users slips into the trap.
First Total Meltdown Exploit Bug Released
Meltdown and Spectre caused quite a ruckus in the processor industry, but after a few patches and security quick-fixes, everyone seems to have forgotten about them. Well, they shouldn’t!
At the moment, Microsoft’s announced the patch was exactly that, a patch, and today we get to know why: it created a bigger problem that’s now being called Total Meltdown. Sounds scarier, right? Well it is.
While Meltdown allowed unprivileged apps to read the kernel memory, this new exploits enables any process to read and write any memory in the system. The researcher XPN shared a working proof-of-concept code that successfully executed the exploit and posted it on GitHub.
This extremely dangerous exploit affects only Windows 7 or Server 2008 R2 64-bit systems that applied Microsoft’s Meltdown patch back in January, February, and March, but not the April one. What to do? Update! Get the April patches KB4093118 or KB4088881 ASAP on your systems.
Drupal Code Execution Flaw Found, Again
The last month wasn’t that great for Drupal at all. Three critical vulnerabilities were discovered in the last 30 days, once one was patched, a new one popped-up. It is time to, yet again, patch your websites.
A critical Remote Code Execution (RCE) vulnerability has been discovered while reviewing the prior flaw, known as Drupalgeddon 2. The popular CMS has been under heavy fire since these reports and the Drupal team has been working hard on a follow-up patch for the latest RCE (CVE-2018-7602).
Minor details were given, but the communication sent by Drupal claimed this attack could compromise a website completely and hand its control over to the attacker. It’s crucial to update your websites and install the prior Drupalgeddon 2 patches before updating to the latest ones for the fix to work:
- If you are running 7.x, upgrade to Drupal 7.59.
- If you are running 8.5.x, upgrade to Drupal 8.5.3.
- If you are running 8.4.x, which is no longer supported, you need first to update your site to 8.4.8 release and then install the latest 8.5.3 release as soon as possible.
What’s your score by now? One out of three? Two? Hopefully, you’re not getting a strike, with three vulnerabilities to patch!