FBI Warns Again of New Hidden Cobra Strike

Hidden Cobra Strikes Again

US-CERT and the FBI have issued a new alert on cyber-attacks it blames on North Korea.  The warning is about the hacking operations dubbed “HIDDEN COBRA” that the United States charges were launched by Pyongyang. The alert did not identify specific victims, though it cited a February 2016 report from several security firms that blamed the same group for a 2014 cyberattack on Sony Pictures Entertainment.

HIDDEN COBRA uses two pieces of malicious software: the self-spreading “worm” Brambul that attackers use to infect computers and malware known as Joanap.Joanap gives hackers remote control of devices so they can steal data, install additional viruses and perform other tasks. Hidden Cobra has used Brambul and Joanap for several years, making little change to the malware over that period.  The first alert of HIDDEN COBRA dates back to 2009, meaning the patches for these vulnerabilities have existed for years.

Google Chrome ‘Out of Bounds’

Google has released Chrome 67 to the stable channel to provide various improvements, including patches for 34 vulnerabilities.

Of the 34 security fixes delivered in the new browser release, 24 are for vulnerabilities reported by external researchers.  These include 9 flaws rated High, 12 as Medium and the remaining 3 considered Low severity.  The worst of the vulnerabilities could allow an attacker to take control of an affected system.

Google also addressed Out of bounds memory access in PDFium, Incorrect escaping of MathML in Blink, and Password fields not taking advantage of OS protections in Views.

The top mitigation strategy recommended in the alert is keeping software up-to-date. “Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.”

How to Handle Software Updates

Syxsense is the solution for your patching needs. At a glance, you can easily tell which devices need updates. Our color-coded indicators tell you the severity and number of patches a device requires. Then it’s a few simple steps to set up an automated patch deployment. You can ensure no work is interrupted by scheduling patches to be deployed around business hours.

There’s a better way to manage patching. Come see how with a trial of Syxsense.

Third-Party Patch Updates

Below is a table of third-party updates from May 2018:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

Acrobat: v11.0.23 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html


Acrobat Reader: v18.011.20040 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html


AcrobatDC: v18.011.20040 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html


FlashPlayer ActiveX: v29.0.0.171 – https://helpx.adobe.com/security/products/flash-player/apsb18-16.html


FlashPlayer: v29.0.0.0171 – https://helpx.adobe.com/security/products/flash-player/apsb18-16.html


FileZilla FTP Solution FileZilla: v3.33 – https://filezilla-project.org/versions.php


GNOME Foundation GIMP  

GIMP: v2.10.2 – https://www.gimp.org/release-notes/gimp-2.10.html


Google Browser  

Chrome: v67.0.3396.62 – https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html


KeePass Password Locker  

KeePass: v2.39.1 – https://keepass.info/news/n180506_2.39.html





Malwarebytes: v3.5.1.2522 – https://www.malwarebytes.com/support/releasehistory/


Mozilla Browser and Email Application  

Thunderbird: v52.8.0 – https://www.thunderbird.net/en-US/thunderbird/52.8.0/releasenotes/


Firefox: v60.0.1 – https://www.mozilla.org/en-US/firefox/60.0/releasenotes/


Wireshark Network Protocol Analyzer  

2.6.1 – https://www.wireshark.org/docs/relnotes/wireshark-2.6.1.html