NSFOCUS Weekly Cybersecurity Report (ID: 201826)

NSFOCUS Weekly Cybersecurity Report (ID: 201826)

July 3, 2018 | Adeline Zhang

Internet Threat Status

CVE Statistics

The number of new CVE IDs in last week was 193, a decrease compared with the previous week.

 

Threat Review

 

WPA3 Standard Officially Launches With New Wi-Fi Security Features (06-25-2018)

The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi
security standard that promises to eliminate all the known security vulnerabilities and
wireless attacks that are up today including the dangerous KRACK attacks

https://thehackernews.com/2018/06/wpa3-wifi-security-standard.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

 

Gentoo Linux on Github hacked; repositories modified (06-29-2018)

Another day, another data breach – This time, it is Linux distribution Gentoo
whose GitHub mirror was compromised and content of repositories was modified by
unknown hackers.

https://www.hackread.com/gentoo-linux-on-github-hacked-repositoriesmodified/

 

House Passes Bill to Enhance Industrial Cybersecurity (06-27-2018)

The U.S. House of Representatives on Monday passed a bill aiming at
protecting industrial control systems (ICS), particularly ones used in critical
infrastructure, against cyberattacks.

https://www.securityweek.com/house-passes-bill-enhance-industrial-cybersecurity

 

Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen (06-28-2018)

Global entertainment ticketing service Ticketmaster has admitted that the
company has suffered a security breach, warning customers that their personal and
payment information may have been accessed by an unknown third-party.

https://thehackernews.com/2018/06/ticketmaster-data-breach.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

 

Adidas US breach may have exposed millions of customers’ personal info (06-29-2018)

Adidas warned late on Thursday that hackers may have lifted customer data
from its US website.

https://www.theregister.co.uk/2018/06/29/adidas_breach/

 

Hyperthreading under scrutiny with new TLBleed crypto key leak (06-26-2018)
Last week, developers on OpenBSD—the open source operating system that
prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo
de Raadt said that a research paper due to be presented at Black Hat in August
prompted the change, but he would not elaborate further.

https://arstechnica.com/gadgets/2018/06/tlbleed-a-new-way-to-leak-crypto-keys-on-hyperthreaded-processors/

 

RAMpage Attack Explained—Exploiting RowHammer On Android Again!(06-29-2018)

A team of security researchers has discovered a new set of techniques that
could allow hackers to bypass all kind of present mitigations put in place to prevent
DMA-based Rowhammer attacks against Android devices.

https://thehackernews.com/2018/06/android-rowhammer-rampage-hack.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

 

Pbot: evolving adware (06-26-2018)

The adware PBot (PythonBot) got its name because its core modules are
written in Python. It was more than a year ago that we detected the first member of
this family. Since then, we have encountered several modifications of the program,
one of which went beyond adware by installing and running a hidden miner on victim
computers:

https://securelist.com/pbot-evolving-adware/86242/

(Compiled by: NSFOCUS TI & Cybersecurity Lab)

 

 

Vulnerability Research

 

Updates of NSFOCUS’s Vulnerability Database

As of 29 June 2018, there have been 40,222 vulnerabilities in NSFOCUS’s vulnerability database. Among 68 vulnerabilities that were newly-added last week, 12 were high-risk ones, 25 were of medium severity, and 31 were low-risk vulnerability.

Cisco FXOS/NX-OS Software Remote Denial of Service Vulnerability(CVE-2018-0312)
Severity: Critical
BID:104515
CVE ID: CVE-2018-0312

Cisco FXOS/NX-OS Software Remote Denial of Service Vulnerability(CVE-2018-0314)
Severity: Critical
BID:104516
CVE ID: CVE-2018-0314

Cisco FXOS/NX-OS Software Remote Denial of Service Vulnerability (CVE-2018-0304)
Severity: Critical
BID:104513
CVE ID: CVE-2018-0304

Cisco FXOS/NX-OS Software Fabric Services Remote Denial of Service Vulnerability(CVE-2018-0305)
Severity: Critical
CVE ID: CVE-2018-0305

Cisco Firepower 4100 Series Next-Generation Firewall/Firepower 9300 Security Appliance 路径
Traversal Vulnerability (CVE-2018-0300)
Severity: Critical
CVE ID: CVE-2018-0300

Cisco Nexus 4000 Series Switch NX-OS Input Validation Error(CVE-2018-0299)
Severity: Critical
CVE ID: CVE-2018-0299

Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service Vulnerability(CVE-2018-0331)
Severity: Critical
CVE ID: CVE-2018-0331

Multiple Cisco NX-OS Software Input Validation Error Vulnerability (CVE-2018-0313)
Severity: Critical
CVE ID: CVE-2018-0313

Cisco Nexus 3000/9000 Series Switches NX-OS Denial of Service Vulnerability (CVE-2018-0309)
Severity: Critical
CVE ID: CVE-2018-0309

Cisco NX-OS Software Role-Based Access Arbitray Command Execution Vulnerability(CVE-2018-0337)
Severity: Medium
CVE ID: CVE-2018-0337

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability (CVE-2018-0358)
Severity: Medium
BID:104521
CVE ID: CVE-2018-0358

Micro Focus Solutions Business Manager Code Injection Vulnerability (CVE-2018-7679)
Severity: Medium
CVE ID: CVE-2018-7679

Micro Focus Solutions Business Manager Cross-site Scripting Vulnerability (CVE-2018-7680)
Severity: Medium
CVE ID: CVE-2018-7680

Micro Focus Solutions Business Manager Code Injection Vulnerability (CVE-2018-7681)
Severity: Medium
CVE ID: CVE-2018-7681

Micro Focus Solutions Business Manager Information Disclosure Vulnerability (CVE-2018-7683)
Severity: Medium
CVE ID: CVE-2018-7683

GNU libiberty Memory Corruption Vulnerability(CVE-2018-12697)
Severity: Low
BID:104538
CVE ID: CVE-2018-12697

GNU libiberty Memory Corruption Vulnerability(CVE-2018-12698)
Severity: Low
BID:104539
CVE ID: CVE-2018-12698

GNU Binutils Heap Buffer Overflow Vulnerability(CVE-2018-12699)
Severity: Low
BID:104540
CVE ID: CVE-2018-12699

GNU Binutils Denial of Service Vulnerability(CVE-2018-12700)
Severity: Low
BID:104541
CVE ID: CVE-2018-12700

Micro Focus Solutions Business Manager Access Authentication Vulnerability (CVE-2018-7682)
Severity: Low
CVE ID: CVE-2018-7682

SLiMS 8 Akasia Security Bypass Vulnerability (CVE-2018-12659)
Severity: Low
CVE ID: CVE-2018-12659

SLiMS 8 Akasia Stock Take Cross-site Scripting Vulnerability (CVE-2018-12658)
Severity: Low
CVE ID: CVE-2018-12658

SLiMS 8 Akasia Master File Cross-site Scripting Vulnerability (CVE-2018-12657)
Severity: Low
CVE ID: CVE-2018-12657

SLiMS 8 Akasia Membership Cross-site Scripting Vulnerability (CVE-2018-12656)
Severity: Low
CVE ID: CVE-2018-12656

SLiMS 8 Akasia Circulation Cross-site Scripting Vulnerability(CVE-2018-12655)
Severity: Low
CVE ID: CVE-2018-12655

GNU Binutils Buffer Overflow Vulnerability (CVE-2018-12641)
Severity: Low
CVE ID: CVE-2018-12641

SLiMS 8 Akasia Bibliography Cross-site Scripting Vulnerability (CVE-2018-12654)
Severity: Low
CVE ID: CVE-2018-12654

Adobe Acrobat/Reader Remote Code Execution Vulnerability(CVE-2018-4999)
Severity: Medium
BID:104266
CVE ID: CVE-2018-4999

Adobe Acrobat Pro DC ImageConversion EMF Resolution Information Disclosure Vulnerability(CVE-2018-4901)
Severity: Low
CVE ID: CVE-2018-4901

Delta Industrial Automation COMMGR AHSIM_5x0 SimulatorStack-based Buffer Overflow and Remote Code Execution Vulnerability (CVE-2018-10594)
Severity: Critical
CVE ID: CVE-2018-10594

Fortinet FortiManager Cross-site Scripting Vulnerability (CVE-2018-1351)
Severity: Medium
BID:104533
CVE ID: CVE-2018-1351

Fortinet FortiOS Information Disclosure Vulnerability (CVE-2018-9185)
Severity: Low
BID:104535
CVE ID: CVE-2018-9185

Fortinet FortiAnalyzer/FortiManager Open Redirect Vulnerability (CVE-2018-1355)
Severity: Low
BID:104546
CVE ID: CVE-2018-1355

Schneider Electric U.motion Builder Stack-based Buffer Overflow Vulnerability (CVE-2018-7784)
Severity: Critical
CVE ID: CVE-2018-7784

Schneider Electric U.motion Builder Command Injection Vulnerability (CVE-2018-7785)
Severity: Critical
CVE ID: CVE-2018-7785

Schneider Electric U.motion Builder Cross-site Scripting Vulnerability(CVE-2018-7786)
Severity: Medium
CVE ID: CVE-2018-7786

Schneider Electric U.motion Builder Input Validation Error(CVE-2018-7787)
Severity: Medium
CVE ID: CVE-2018-7787

Cybozu Office Cross-site Scripting Vulnerability (CVE-2018-0565)
Severity: Low
CVE ID: CVE-2018-0565

Cybozu Office Security Bypass Vulnerability(CVE-2018-0567)
Severity: Low
CVE ID: CVE-2018-0567

Cybozu Office Denial of Service Vulnerability(CVE-2018-0529)
Severity: Low
CVE ID: CVE-2018-0529

Cybozu Office Information Disclosure Vulnerability(CVE-2018-0528)
Severity: Low
CVE ID: CVE-2018-0528

Cybozu Office Cross-site Scripting Vulnerability(CVE-2018-0527)
Severity: Low
CVE ID: CVE-2018-0527

Cybozu Office Information Disclosure Vulnerability(CVE-2018-0526)
Severity: Low
CVE ID: CVE-2018-0526

Cybozu Mailwise Address Cross-site Scripting Vulnerability (CVE-2018-0559)
Severity: Low
CVE ID: CVE-2018-0559

Cybozu Mailwise System settings Cross-site Scripting Vulnerability(CVE-2018-0558)
Severity: Low
CVE ID: CVE-2018-0558

Cybozu Mailwise E-mail Details Screen Cross-site Scripting Vulnerability (CVE-2018-0557)
Severity: Low
CVE ID: CVE-2018-0557

baserCMS Access Permission Vulnerability (CVE-2018-0573)
Severity: Low
CVE ID: CVE-2018-0573

baserCMS Access Permission Vulnerability (CVE-2018-0575)
Severity: Low
CVE ID: CVE-2018-0575

baserCMS Cross-site Scripting Vulnerability (CVE-2018-0574)
Severity: Low
CVE ID: CVE-2018-0574

baserCMS Access Permission Vulnerability CVE-2018-0572)
Severity: Low
CVE ID: CVE-2018-0572

baserCMS Arbitrary File Upload Vulnerability(CVE-2018-0571)
Severity: Low
CVE ID: CVE-2018-0571

baserCMS Cross-site Scripting Vulnerability(CVE-2018-0570)
Severity: Low
CVE ID: CVE-2018-0570

baserCMS Command Execution Vulnerability(CVE-2018-0569)
Severity: Medium
CVE ID: CVE-2018-0569

Microsoft Visual C++ Redistributable installer Privilege Escalation Vulnerability(CVE-2018-0599)
Severity: Medium
CVE ID: CVE-2018-0599

Microsoft Windows Iexpress Privilege Escalation Vulnerability(CVE-2018-0598)
Severity: Medium
CVE ID: CVE-2018-0598

Microsoft Visual Studio Code installer Privilege Escalation Vulnerability(CVE-2018-0597)
Severity: Medium
CVE ID: CVE-2018-0597

Microsoft Visual Studio Community installer Privilege Escalation Vulnerability(CVE-2018-0596)
Severity: Medium
CVE ID: CVE-2018-0596

Microsoft Skype for Windows installer Privilege Escalation Vulnerability(CVE-2018-0595)
Severity: Medium
CVE ID: CVE-2018-0595

Microsoft Skype for Windows Privilege Escalation Vulnerability(CVE-2018-0594)
Severity: Medium
CVE ID: CVE-2018-0594

Microsoft OneDrive installer Privilege Escalation Vulnerability(CVE-2018-0593)
Severity: Medium
CVE ID: CVE-2018-0593

Microsoft OneDrive Arbitray Code Execution Vulnerability(CVE-2018-0592)
Severity: Medium
CVE ID: CVE-2018-0592

Fortinet FortiAnalyzer/FortiManager Open Redirect Vulnerability(CVE-2018-1355)
Severity: Medium
BID:104546
CVE ID: CVE-2018-1355

Fortinet FortiAnalyzer/FortiManager Access Control Bypass Vulnerability (CVE-2018-1354)
Severity: Medium
BID:104537
CVE ID: CVE-2018-1354

Apache HBase Security Bypass Vulnerability(CVE-2018-8025)
Severity: Medium
BID:104554
CVE ID: CVE-2018-8025

Linux kernel hfs_ext_read_extent Null-Pointer Deference Vulnerability (CVE-2018-12928)
Severity: Low
CVE ID: CVE-2018-12928

Linux kernel ntfs_read_locked_inode Denial of Service Vulnerability(CVE-2018-12929)
Severity: Medium
CVE ID: CVE-2018-12929

Linux kernel ntfs_end_buffer_async_read Denial of Service Vulnerability (CVE-2018-12930)
Severity: Medium
CVE ID: CVE-2018-12930

Linux kernel ntfs_attr_find Denial of Service Vulnerability (CVE-2018-12931)
Severity: Medium
CVE ID: CVE-2018-12931

(Source:NSFOCUS Security Research & Product Groups)

 

Vulnerability in the Spotlight

Microsoft OneDrive Arbitray Code Execution Vulnerability

NSFOCUS ID:40215
CVE ID:CVE-2018-0592
Affected Version: Microsoft OneDrive

Comment

Microsoft OneDrive is a cloud backup application provided by Microsoft Corporation. It features photo saving, online office, file sharing and some more. Microsoft OneDrive has an untrusted search path vulnerability that allows attackers to obtain escalated permissions and execute arbitrary codes by using the malicious DLL in the directory. The vendor has not released patches or upgrades yet. We recommend users who are using this software pay attention to updates in the vendor’s homepage to get the latest version.

(Source: NSFOCUS Security Research & Product Groups)