Internet Threat Status
CVE Statistics
The number of new CVE IDs in last week was 193, a decrease compared with the previous week.
Threat Review
WPA3 Standard Officially Launches With New Wi-Fi Security Features (06-25-2018)
The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi
security standard that promises to eliminate all the known security vulnerabilities and
wireless attacks that are up today including the dangerous KRACK attacks
Gentoo Linux on Github hacked; repositories modified (06-29-2018)
Another day, another data breach – This time, it is Linux distribution Gentoo
whose GitHub mirror was compromised and content of repositories was modified by
unknown hackers.
https://www.hackread.com/gentoo-linux-on-github-hacked-repositoriesmodified/
House Passes Bill to Enhance Industrial Cybersecurity (06-27-2018)
The U.S. House of Representatives on Monday passed a bill aiming at
protecting industrial control systems (ICS), particularly ones used in critical
infrastructure, against cyberattacks.
https://www.securityweek.com/house-passes-bill-enhance-industrial-cybersecurity
Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen (06-28-2018)
Global entertainment ticketing service Ticketmaster has admitted that the
company has suffered a security breach, warning customers that their personal and
payment information may have been accessed by an unknown third-party.
Adidas US breach may have exposed millions of customers’ personal info (06-29-2018)
Adidas warned late on Thursday that hackers may have lifted customer data
from its US website.
https://www.theregister.co.uk/2018/06/29/adidas_breach/
Hyperthreading under scrutiny with new TLBleed crypto key leak (06-26-2018)
Last week, developers on OpenBSD—the open source operating system that
prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo
de Raadt said that a research paper due to be presented at Black Hat in August
prompted the change, but he would not elaborate further.
RAMpage Attack Explained—Exploiting RowHammer On Android Again!(06-29-2018)
A team of security researchers has discovered a new set of techniques that
could allow hackers to bypass all kind of present mitigations put in place to prevent
DMA-based Rowhammer attacks against Android devices.
Pbot: evolving adware (06-26-2018)
The adware PBot (PythonBot) got its name because its core modules are
written in Python. It was more than a year ago that we detected the first member of
this family. Since then, we have encountered several modifications of the program,
one of which went beyond adware by installing and running a hidden miner on victim
computers:
https://securelist.com/pbot-evolving-adware/86242/
(Compiled by: NSFOCUS TI & Cybersecurity Lab)
Vulnerability Research
Updates of NSFOCUS’s Vulnerability Database
As of 29 June 2018, there have been 40,222 vulnerabilities in NSFOCUS’s vulnerability database. Among 68 vulnerabilities that were newly-added last week, 12 were high-risk ones, 25 were of medium severity, and 31 were low-risk vulnerability.
Cisco FXOS/NX-OS Software Remote Denial of Service Vulnerability(CVE-2018-0312)
Severity: Critical
BID:104515
CVE ID: CVE-2018-0312
Cisco FXOS/NX-OS Software Remote Denial of Service Vulnerability(CVE-2018-0314)
Severity: Critical
BID:104516
CVE ID: CVE-2018-0314
Cisco FXOS/NX-OS Software Remote Denial of Service Vulnerability (CVE-2018-0304)
Severity: Critical
BID:104513
CVE ID: CVE-2018-0304
Cisco FXOS/NX-OS Software Fabric Services Remote Denial of Service Vulnerability(CVE-2018-0305)
Severity: Critical
CVE ID: CVE-2018-0305
Cisco Firepower 4100 Series Next-Generation Firewall/Firepower 9300 Security Appliance 路径
Traversal Vulnerability (CVE-2018-0300)
Severity: Critical
CVE ID: CVE-2018-0300
Cisco Nexus 4000 Series Switch NX-OS Input Validation Error(CVE-2018-0299)
Severity: Critical
CVE ID: CVE-2018-0299
Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service Vulnerability(CVE-2018-0331)
Severity: Critical
CVE ID: CVE-2018-0331
Multiple Cisco NX-OS Software Input Validation Error Vulnerability (CVE-2018-0313)
Severity: Critical
CVE ID: CVE-2018-0313
Cisco Nexus 3000/9000 Series Switches NX-OS Denial of Service Vulnerability (CVE-2018-0309)
Severity: Critical
CVE ID: CVE-2018-0309
Cisco NX-OS Software Role-Based Access Arbitray Command Execution Vulnerability(CVE-2018-0337)
Severity: Medium
CVE ID: CVE-2018-0337
Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability (CVE-2018-0358)
Severity: Medium
BID:104521
CVE ID: CVE-2018-0358
Micro Focus Solutions Business Manager Code Injection Vulnerability (CVE-2018-7679)
Severity: Medium
CVE ID: CVE-2018-7679
Micro Focus Solutions Business Manager Cross-site Scripting Vulnerability (CVE-2018-7680)
Severity: Medium
CVE ID: CVE-2018-7680
Micro Focus Solutions Business Manager Code Injection Vulnerability (CVE-2018-7681)
Severity: Medium
CVE ID: CVE-2018-7681
Micro Focus Solutions Business Manager Information Disclosure Vulnerability (CVE-2018-7683)
Severity: Medium
CVE ID: CVE-2018-7683
GNU libiberty Memory Corruption Vulnerability(CVE-2018-12697)
Severity: Low
BID:104538
CVE ID: CVE-2018-12697
GNU libiberty Memory Corruption Vulnerability(CVE-2018-12698)
Severity: Low
BID:104539
CVE ID: CVE-2018-12698
GNU Binutils Heap Buffer Overflow Vulnerability(CVE-2018-12699)
Severity: Low
BID:104540
CVE ID: CVE-2018-12699
GNU Binutils Denial of Service Vulnerability(CVE-2018-12700)
Severity: Low
BID:104541
CVE ID: CVE-2018-12700
Micro Focus Solutions Business Manager Access Authentication Vulnerability (CVE-2018-7682)
Severity: Low
CVE ID: CVE-2018-7682
SLiMS 8 Akasia Security Bypass Vulnerability (CVE-2018-12659)
Severity: Low
CVE ID: CVE-2018-12659
SLiMS 8 Akasia Stock Take Cross-site Scripting Vulnerability (CVE-2018-12658)
Severity: Low
CVE ID: CVE-2018-12658
SLiMS 8 Akasia Master File Cross-site Scripting Vulnerability (CVE-2018-12657)
Severity: Low
CVE ID: CVE-2018-12657
SLiMS 8 Akasia Membership Cross-site Scripting Vulnerability (CVE-2018-12656)
Severity: Low
CVE ID: CVE-2018-12656
SLiMS 8 Akasia Circulation Cross-site Scripting Vulnerability(CVE-2018-12655)
Severity: Low
CVE ID: CVE-2018-12655
GNU Binutils Buffer Overflow Vulnerability (CVE-2018-12641)
Severity: Low
CVE ID: CVE-2018-12641
SLiMS 8 Akasia Bibliography Cross-site Scripting Vulnerability (CVE-2018-12654)
Severity: Low
CVE ID: CVE-2018-12654
Adobe Acrobat/Reader Remote Code Execution Vulnerability(CVE-2018-4999)
Severity: Medium
BID:104266
CVE ID: CVE-2018-4999
Adobe Acrobat Pro DC ImageConversion EMF Resolution Information Disclosure Vulnerability(CVE-2018-4901)
Severity: Low
CVE ID: CVE-2018-4901
Delta Industrial Automation COMMGR AHSIM_5x0 SimulatorStack-based Buffer Overflow and Remote Code Execution Vulnerability (CVE-2018-10594)
Severity: Critical
CVE ID: CVE-2018-10594
Fortinet FortiManager Cross-site Scripting Vulnerability (CVE-2018-1351)
Severity: Medium
BID:104533
CVE ID: CVE-2018-1351
Fortinet FortiOS Information Disclosure Vulnerability (CVE-2018-9185)
Severity: Low
BID:104535
CVE ID: CVE-2018-9185
Fortinet FortiAnalyzer/FortiManager Open Redirect Vulnerability (CVE-2018-1355)
Severity: Low
BID:104546
CVE ID: CVE-2018-1355
Schneider Electric U.motion Builder Stack-based Buffer Overflow Vulnerability (CVE-2018-7784)
Severity: Critical
CVE ID: CVE-2018-7784
Schneider Electric U.motion Builder Command Injection Vulnerability (CVE-2018-7785)
Severity: Critical
CVE ID: CVE-2018-7785
Schneider Electric U.motion Builder Cross-site Scripting Vulnerability(CVE-2018-7786)
Severity: Medium
CVE ID: CVE-2018-7786
Schneider Electric U.motion Builder Input Validation Error(CVE-2018-7787)
Severity: Medium
CVE ID: CVE-2018-7787
Cybozu Office Cross-site Scripting Vulnerability (CVE-2018-0565)
Severity: Low
CVE ID: CVE-2018-0565
Cybozu Office Security Bypass Vulnerability(CVE-2018-0567)
Severity: Low
CVE ID: CVE-2018-0567
Cybozu Office Denial of Service Vulnerability(CVE-2018-0529)
Severity: Low
CVE ID: CVE-2018-0529
Cybozu Office Information Disclosure Vulnerability(CVE-2018-0528)
Severity: Low
CVE ID: CVE-2018-0528
Cybozu Office Cross-site Scripting Vulnerability(CVE-2018-0527)
Severity: Low
CVE ID: CVE-2018-0527
Cybozu Office Information Disclosure Vulnerability(CVE-2018-0526)
Severity: Low
CVE ID: CVE-2018-0526
Cybozu Mailwise Address Cross-site Scripting Vulnerability (CVE-2018-0559)
Severity: Low
CVE ID: CVE-2018-0559
Cybozu Mailwise System settings Cross-site Scripting Vulnerability(CVE-2018-0558)
Severity: Low
CVE ID: CVE-2018-0558
Cybozu Mailwise E-mail Details Screen Cross-site Scripting Vulnerability (CVE-2018-0557)
Severity: Low
CVE ID: CVE-2018-0557
baserCMS Access Permission Vulnerability (CVE-2018-0573)
Severity: Low
CVE ID: CVE-2018-0573
baserCMS Access Permission Vulnerability (CVE-2018-0575)
Severity: Low
CVE ID: CVE-2018-0575
baserCMS Cross-site Scripting Vulnerability (CVE-2018-0574)
Severity: Low
CVE ID: CVE-2018-0574
baserCMS Access Permission Vulnerability CVE-2018-0572)
Severity: Low
CVE ID: CVE-2018-0572
baserCMS Arbitrary File Upload Vulnerability(CVE-2018-0571)
Severity: Low
CVE ID: CVE-2018-0571
baserCMS Cross-site Scripting Vulnerability(CVE-2018-0570)
Severity: Low
CVE ID: CVE-2018-0570
baserCMS Command Execution Vulnerability(CVE-2018-0569)
Severity: Medium
CVE ID: CVE-2018-0569
Microsoft Visual C++ Redistributable installer Privilege Escalation Vulnerability(CVE-2018-0599)
Severity: Medium
CVE ID: CVE-2018-0599
Microsoft Windows Iexpress Privilege Escalation Vulnerability(CVE-2018-0598)
Severity: Medium
CVE ID: CVE-2018-0598
Microsoft Visual Studio Code installer Privilege Escalation Vulnerability(CVE-2018-0597)
Severity: Medium
CVE ID: CVE-2018-0597
Microsoft Visual Studio Community installer Privilege Escalation Vulnerability(CVE-2018-0596)
Severity: Medium
CVE ID: CVE-2018-0596
Microsoft Skype for Windows installer Privilege Escalation Vulnerability(CVE-2018-0595)
Severity: Medium
CVE ID: CVE-2018-0595
Microsoft Skype for Windows Privilege Escalation Vulnerability(CVE-2018-0594)
Severity: Medium
CVE ID: CVE-2018-0594
Microsoft OneDrive installer Privilege Escalation Vulnerability(CVE-2018-0593)
Severity: Medium
CVE ID: CVE-2018-0593
Microsoft OneDrive Arbitray Code Execution Vulnerability(CVE-2018-0592)
Severity: Medium
CVE ID: CVE-2018-0592
Fortinet FortiAnalyzer/FortiManager Open Redirect Vulnerability(CVE-2018-1355)
Severity: Medium
BID:104546
CVE ID: CVE-2018-1355
Fortinet FortiAnalyzer/FortiManager Access Control Bypass Vulnerability (CVE-2018-1354)
Severity: Medium
BID:104537
CVE ID: CVE-2018-1354
Apache HBase Security Bypass Vulnerability(CVE-2018-8025)
Severity: Medium
BID:104554
CVE ID: CVE-2018-8025
Linux kernel hfs_ext_read_extent Null-Pointer Deference Vulnerability (CVE-2018-12928)
Severity: Low
CVE ID: CVE-2018-12928
Linux kernel ntfs_read_locked_inode Denial of Service Vulnerability(CVE-2018-12929)
Severity: Medium
CVE ID: CVE-2018-12929
Linux kernel ntfs_end_buffer_async_read Denial of Service Vulnerability (CVE-2018-12930)
Severity: Medium
CVE ID: CVE-2018-12930
Linux kernel ntfs_attr_find Denial of Service Vulnerability (CVE-2018-12931)
Severity: Medium
CVE ID: CVE-2018-12931
(Source:NSFOCUS Security Research & Product Groups)
Vulnerability in the Spotlight
Microsoft OneDrive Arbitray Code Execution Vulnerability
NSFOCUS ID:40215
CVE ID:CVE-2018-0592
Affected Version: Microsoft OneDrive
Comment
Microsoft OneDrive is a cloud backup application provided by Microsoft Corporation. It features photo saving, online office, file sharing and some more. Microsoft OneDrive has an untrusted search path vulnerability that allows attackers to obtain escalated permissions and execute arbitrary codes by using the malicious DLL in the directory. The vendor has not released patches or upgrades yet. We recommend users who are using this software pay attention to updates in the vendor’s homepage to get the latest version.
(Source: NSFOCUS Security Research & Product Groups)
