FBI Warns Again of New Hidden Cobra Strike

Hidden Cobra Strikes Again

US-CERT and the FBI have issued a new alert on cyber-attacks it blames on North Korea.  The warning is about the hacking operations dubbed “HIDDEN COBRA” that the United States charges were launched by Pyongyang. The alert did not identify specific victims, though it cited a February 2016 report from several security firms that blamed the same group for a 2014 cyberattack on Sony Pictures Entertainment.

HIDDEN COBRA uses two pieces of malicious software: the self-spreading “worm” Brambul that attackers use to infect computers and malware known as Joanap.Joanap gives hackers remote control of devices so they can steal data, install additional viruses and perform other tasks. Hidden Cobra has used Brambul and Joanap for several years, making little change to the malware over that period.  The first alert of HIDDEN COBRA dates back to 2009, meaning the patches for these vulnerabilities have existed for years.

Google Chrome ‘Out of Bounds’

Google has released Chrome 67 to the stable channel to provide various improvements, including patches for 34 vulnerabilities.

Of the 34 security fixes delivered in the new browser release, 24 are for vulnerabilities reported by external researchers.  These include 9 flaws rated High, 12 as Medium and the remaining 3 considered Low severity.  The worst of the vulnerabilities could allow an attacker to take control of an affected system.

Google also addressed Out of bounds memory access in PDFium, Incorrect escaping of MathML in Blink, and Password fields not taking advantage of OS protections in Views.

The top mitigation strategy recommended in the alert is keeping software up-to-date. “Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.”

How to Handle Software Updates

Syxsense is the solution for your patching needs. At a glance, you can easily tell which devices need updates. Our color-coded indicators tell you the severity and number of patches a device requires. Then it’s a few simple steps to set up an automated patch deployment. You can ensure no work is interrupted by scheduling patches to be deployed around business hours.

There’s a better way to manage patching. Come see how with a trial of Syxsense.

Third-Party Patch Updates

Below is a table of third-party updates from May 2018:

Vendor	Category	Patch Version and Release Notes:	CVSS SCORE
Adobe	Media Software	Acrobat: v11.0.23 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html   Acrobat Reader: v18.011.20040 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html   AcrobatDC: v18.011.20040 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html   FlashPlayer ActiveX: v29.0.0.171 – https://helpx.adobe.com/security/products/flash-player/apsb18-16.html   FlashPlayer: v29.0.0.0171 – https://helpx.adobe.com/security/products/flash-player/apsb18-16.html	N/A
FileZilla	FTP Solution	FileZilla: v3.33 – https://filezilla-project.org/versions.php	N/A
GNOME Foundation	GIMP	GIMP: v2.10.2 – https://www.gimp.org/release-notes/gimp-2.10.html
Google	Browser	Chrome: v67.0.3396.62 – https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html	N/A
KeePass	Password Locker	KeePass: v2.39.1 – https://keepass.info/news/n180506_2.39.html
Malwarebytes	Antivirus	Malwarebytes: v3.5.1.2522 – https://www.malwarebytes.com/support/releasehistory/
Mozilla	Browser and Email Application	Thunderbird: v52.8.0 – https://www.thunderbird.net/en-US/thunderbird/52.8.0/releasenotes/   Firefox: v60.0.1 – https://www.mozilla.org/en-US/firefox/60.0/releasenotes/
Wireshark	Network Protocol Analyzer	2.6.1 – https://www.wireshark.org/docs/relnotes/wireshark-2.6.1.html	N/A