Internet Threat Status
CVE Statistics
From the figure above, we can see an obvious rise in CVE IDs over last week. Besides, the fact that quite a few vulnerabilites were disclosed or discovered recently also reminded people to keep close attention to their systems’ security.
Threat Review
Quarterly Threat Report |Q1 2018 Ransomware volumes reduced; Large numbers of attacks were launched based on emails, Web and social media (06-21-2018)
Proofpoint published Quarterly Threat Report(Q1 2018) last week. During Q1 2018, reduced ransomware volumes appeared to open the door for greater payload diversity. Threat situation was analyzied across email, social media, and the web.
Link: https://www.proofpoint.com/us/resources/threat-reports/latest-quarterly-threat-research
Blockchain Threat Report | Don’t join blockchain revolution without ensuring security (06-21-2018)
In the past six months, many malware developers appear to have migrated from ransomware to cryptocurrency mining, according to McAfee? Global Threat Intelligence data that show ransomware attacks declining 32% in Q1 2018 from Q4 2017 while coin mining increased by 1,189%. Attackers have adopted many methods targeting consumers and businesses. The primary attack vectors include phishing, malware, implementation vulnerabilities, and technology.
Cisco arbitray code execution vulnerability cause a DoS condition on affected devices (06-21-2018)
The June 20, 2018, release of the Cisco FXOS and NX-OS Software Security Advisory Collection includes 24 Cisco Security Advisories that describe 24 vulnerabilities in Cisco FXOS Software and Cisco NX-OS Software. Five of the vulnerabilities have a Security Impact Rating (SIR) of Critical. The remaining 19 vulnerabilities have a SIR of High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, execute arbitrary commands, gain access to sensitive information, or cause a denial of service (DoS) condition on an affected device.
Link: https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770
Malware targeting the Boleto payment system | Malware can hijack transactions. (06-22-2018)
The Boleto system is very popular in Brazil. Mareware and variants targeting the Boleto system were even used for stealing cash from ATMs.
Link: http://toutiao.secjia.com/article/page?topid=110380
New vulnerabilities in Phoenix Contact switches endanger industrial networks (06-21-2018)
Phoenix Contact, a German electrical engineering and automation company, has disclosed four vulnerabilities in FL SWITCH industrial switches. These devices are used for automation at digital substations and in oil and gas, maritime, and other industries.The vulnerabilities affect FL SWITCH models 3xxx, 4xxx, and 48xxx running firmware versions 1.0–1.33. To stay safe, the vendor strongly recommends updating to firmware version 1.34.
Hackers who sabotaged the Olympic games return for more mischief (06-19-2018)
The advanced hacking group that sabotaged the Pyeongchang Winter Olympics in February has struck again, this time in attacks that targeted financial institutions in Russia and chemical- and biological-threat prevention labs in France, Switzerland, the Netherlands, and Ukraine, researchers said.
Link: https://arstechnica.com/information-technology/2018/06/hackers-whosabotaged-
Phishers Use ‘ZeroFont’ Technique to Bypass Office 365 Protections (06-19-2018)
Cybercriminals have been leveraging a technique that involves manipulating font sizes in an effort to increase the chances of their phishing emails bypassing the protections implemented by Microsoft in Office 365.
Link: https://www.securityweek.com/phishers-use-zerofont-technique-bypass-office-365-protections
Google Marks APKs Distributed by Google Play (06-21-2018)
Description: Google this week announced that it is adding a small amount of security metadata on top of APKs distributed by Google Play in order to verify their authenticity.
Link: https://www.securityweek.com/google-marks-apks-distributed-google-play
(Compiled by: NSFOCUS TI & Cybersecurity Lab)
Vulnerability Research
Updates of NSFOCUS’s Vulnerability Database
As of 22 June 2018, there have been 40,154 vulnerabilities in NSFOCUS’s vulnerability database. Among 52 vulnerabilities that were newly-added last week, two were high-risk ones, 18 were of medium severity, and 32 were low-risk vulnerability.
Exiv2 LoaderExifJpeg Integer Overflow Vulnerability(CVE-2018-12265)
Severity: Medium
CVE ID: CVE-2018-12265
Exiv2 LoaderTiff::getData()Integer Overflow Vulnerability (CVE-2018-12264)
Severity: Medium
CVE ID: CVE-2018-12264
CA Privileged Access ManagerInput Validation Error (CVE-2018-9029)
Severity: Medium
CVE ID: CVE-2018-9029
CA Privileged Access Manager Session Fixation Vulnerability (CVE-2018-9026)
Severity: Low
CVE ID: CVE-2018-9026
CA Privileged Access Manager Cross-site Scripting Vulnerability (CVE-2018-9027)
Severity: Low
CVE ID: CVE-2018-9027
CA Privileged Access Manager Weak Cryptography Vulnerability (CVE-2018-9028)
Severity: Low
CVE ID: CVE-2018-9028
CA Privileged Access Manager Input Validation Error(CVE-2018-9025)
Severity: Low
CVE ID: CVE-2018-9025
CA Privileged Access Manager Authentication Bypass Vulnerability (CVE-2018-9021)
Severity: Medium
CVE ID: CVE-2018-9021
CA Privileged Access Manager Authentication Bypass Vulnerability (CVE-2018-9022)
Severity: Medium
CVE ID: CVE-2018-9022
CA Privileged Access Manager Input Validation Error (CVE-2018-9023)
Severity: Medium
CVE ID: CVE-2018-9023
CA Privileged Access Manager Authentication Bypass Vulnerability (CVE-2018-9024)
Severity: Low
CVE ID: CVE-2018-9024
CA Privileged Access Manager Input Validation Error (CVE-2015-4664)
Severity: Medium
CVE ID: CVE-2015-4664
McAfee Threat Intelligence Exchange Server Code Injection Vulnerability (CVE-2017-3907)
Severity: Medium
CVE ID: CVE-2017-3907
QEMU Heap Buffer Overflow Vulnerability(CVE-2018-11806)
Severity: Low
BID:104400
CVE ID: CVE-2018-11806
McAfee ePolicy Orchestrator Security Bypass Vulnerability (CVE-2018-6671)
Severity: Low
BID:104485
CVE ID: CVE-2018-6671
McAfee ePolicy Orchestrator Information Disclosure Vulnerability (CVE-2018-6672)
Severity: Low
BID:104485
CVE ID: CVE-2018-6672
FFmpeg ff_mpeg4_decode_picture_header Denial of Service Vulnerability (CVE-2018-12459)
Severity: Medium
CVE ID: CVE-2018-12459
FFmpeg mpeg4_encode_gop_header Denial of Service Vulnerability (CVE-2018-12458)
Severity: Medium
CVE ID: CVE-2018-12458
PHPOK Arbitrary File Deletion Vulnerability (CVE-2018-12492)
Severity: Low
CVE ID: CVE-2018-12492
PHPOK Arbitrary File Deletion Vulnerability (CVE-2018-12491)
Severity: Low
CVE ID: CVE-2018-12491
FFmpeg libavcodec Denial of Service Vulnerability (CVE-2018-12460)
Severity: Medium
CVE ID: CVE-2018-12460
CA Privileged Access Manager Input Validation Error (CVE-2015-4664)
Severity: Low
CVE ID: CVE-2015-4664
PublicCMS Directory Traversal Vulnerability(CVE-2018-12493)
Severity: Low
CVE ID: CVE-2018-12493
PublicCMS Directory Traversal Vulnerability (CVE-2018-12494)
Severity: Low
CVE ID: CVE-2018-12494
AKCMS Cross Site Request Forgery Vulnerability (CVE-2018-12583)
Severity: Low
CVE ID: CVE-2018-12583
AKCMS Cross Site Request Forgery Vulnerability(CVE-2018-12582)
Severity: Low
CVE ID: CVE-2018-12582
libfsntfs libfsntfs_mft_entry_read_attributes Information Disclosure Vulnerability (CVE-2018-11731)
Severity: Low
CVE ID: CVE-2018-11731
liblnk liblnk_data_string_get_utf8_string_size Information Disclosure Vulnerability(CVE-2018-12096)
Severity: Low
CVE ID: CVE-2018-12096
liblnk liblnk_location_information_read_data Information Disclosure Vulnerability (CVE-2018-12097)
Severity: Low
CVE ID: CVE-2018-12097
liblnk liblnk_data_block_read Information Disclosure Vulnerability (CVE-2018-12098)
Severity: Low
CVE ID: CVE-2018-12098
libfsntfs libfsntfs_reparse_point_values_read_data Information Disclosure Vulnerability (CVE-2018-11728)
Severity: Low
CVE ID: CVE-2018-11728
libfsntfs libfsntfs_mft_entry_read_header Information Disclosure Vulnerability (CVE-2018-11729)
Severity: Low
CVE ID: CVE-2018-11729
libfsntfs libfsntfs_security_descriptor_values_free Information Disclosure Vulnerability(CVE-2018-11730)
Severity: Low
CVE ID: CVE-2018-11730
Libmobi mobi_pk1_decrypt Denial of Service Vulnerability (CVE-2018-11724)
Severity: Low
CVE ID: CVE-2018-11724
Libmobi mobi_parse_index_entry Information Disclosure Vulnerability (CVE-2018-11725)
Severity: Low
CVE ID: CVE-2018-11725
Libmobi mobi_decode_font_resource Denial of Service Vulnerability (CVE-2018-11726)
Severity: Low
CVE ID: CVE-2018-11726
libfsntfs libfsntfs_attribute_read_from_mft Information Disclosure Vulnerability (CVE-2018-11727)
Severity: Low
CVE ID: CVE-2018-11727
Oracle Fusion Middleware Outside In Technology Component Security Vulnerability(CVE-2018-2806)
Severity: Medium
BID:103816
CVE ID: CVE-2018-2806
Oracle Fusion Middleware Outside In Technology Component Security Vulnerability (CVE-2018-2801)
Severity: Medium
BID:103819
CVE ID: CVE-2018-2801
Oracle Fusion Middleware Outside In Technology Component Security Vulnerability (CVE-2018-2768)
Severity: Medium
BID:103815
CVE ID: CVE-2018-2768
Symantec Endpoint Protection Local Denial of Service Vulnerability(CVE-2018-5236)
Severity: Medium
BID:104198
CVE ID: CVE-2018-5236
Symantec Endpoint Protection Local Privilege Escalation Vulnerability(CVE-2018-5237)
Severity: Medium
BID:104199
CVE ID: CVE-2018-5237
FastStone Image Viewer Access Violation Vulnerability (CVE-2018-11702)
Severity: Medium
CVE ID: CVE-2018-11702
FastStone Image Viewer Denial of Service Vulnerability (CVE-2018-11701)
Severity: Low
CVE ID: CVE-2018-11701
NTP ntpq and ntpdc Stack-based Buffer Overflow Vulnerability (CVE-2018-12327)
Severity: Medium
CVE ID: CVE-2018-12327
Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability (CVE-2018-0301)
Severity: Critical
CVE ID: CVE-2018-0301
Cisco FXOS/NX-OS Software Fabric Services Remote Code Execution Vulnerability (CVE-2018-0308)
Severity: Critical
BID: 104514
CVE ID: CVE-2018-0308
FastStone Image Viewer Denial of Service Vulnerability (CVE-2018-11705)
Severity: Low
CVE ID: CVE-2018-11705
FastStone Image Viewer 0x00402d7d Access Violation Vulnerability (CVE-2018-11704)
Severity: Low
CVE ID: CVE-2018-11704
FastStone Image Viewer 0x00402d6a Access Violation Vulnerability (CVE-2018-11703)
Severity: Low
CVE ID: CVE-2018-11703
FastStone Image Viewer 0x0057898e Access Violation Vulnerability (CVE-2018-11707)
Severity: Low
CVE ID: CVE-2018-11707
FastStone Image Viewer 0x00578dd8 Access Violation Vulnerability (CVE-2018-11706)
Severity: Low
CVE ID: CVE-2018-11706
Microsoft Windows Desktop Bridge Local Privilege Escalation Vulnerability (CVE-2018-8214)
Severity: Critical
BID:104394
CVE ID: CVE-2018-8214
Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8246)
Severity: Critical
BID:104322
CVE ID: CVE-2018-8246
Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8248)
Severity: Critical
BID:104318
CVE ID: CVE-2018-8248
Microsoft SharePoint Server Remote Privilege Escalation Vulnerability (CVE-2018-8252)
Severity: Critical
BID:104317
CVE ID: CVE-2018-8252
Microsoft SharePoint Server Remote Privilege Escalation Vulnerability (CVE-2018-8254)
Severity: Critical
BID:104325
CVE ID: CVE-2018-8254
Microsoft Windows Hyper-V Code Integrity Privilege Escalation Vulnerability (CVE-2018-8219)
Severity: Critical
BID:104353
CVE ID: CVE-2018-8219
Microsoft Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8227)
Severity: Critical
BID:104368
CVE ID: CVE-2018-8227
Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CVE-2018-0978)
Severity: Critical
BID:104364
CVE ID: CVE-2018-0978
Microsoft Windows Hyper-V Remote Denial of Service Vulnerability (CVE-2018-8218)
Severity: Critical
BID:104402
CVE ID: CVE-2018-8218
Microsoft Windows Kernel Local Privilege Escalation Vulnerability (CVE-2018-8224)
Severity: Critical
BID:104381
CVE ID: CVE-2018-8224
Microsoft Windows ‘HTTP.sys’Remote Denial of Service Vulnerability(CVE-2018-8226)
Severity: Critical
BID:104361
CVE ID: CVE-2018-8226
Microsoft Windows Kernel ‘Win32k.sys’ Local Privilege Escalation Vulnerability(CVE-2018-8233)
Severity: Critical
BID:104383
CVE ID: CVE-2018-8233
Vulnerability in the Spotlight
Microsoft Windows VBScript Engine Security Vulnerability
NSFOCUS: ID 39836
CVE ID: CVE-2018-8174
Affected Versions:
- Microsoft Windows Server 2016
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2008 R2
- Microsoft Windows Server 2008
- Microsoft Windows RT 8.1
- Microsoft Windows 8.1
- Microsoft Windows 7
Comment
Microsoft Windows is a set of operting systems developed by Microsoft Corporation. The Windows VBScript is one of the VBScript (Scripting Language) Engines. Recently a remote code execution vulnerability was discovered when Micorsoft Windows VBScript engine is processing a memory object. A remote attacker could exploit this vulnerability to execute arbitrary code in the current user’s context. Vendor has released patches (Download Page) to address this flaw.
(Source: NSFOCUS Security Research & Product Groups)