Advisory and Patches for May 2018





Published on : 08 June, 2018

Find below a consolidated list of various Advisories and Patches released during the month of May 2018

SNo. Advisory/Alert Description
01. -- The Federal Trade Commission (FTC) has issued guidance for Twitter users on changing their passwords. Users should change their Twitter passwords as well as any other accounts that use the same password.
02. -- FBI has released the Internet Crime Complaint Center (IC3) 2017 Internet Crime Report, which highlights scams trending online. The top three crime types reported by victims in 2017 were non-payment/non-delivery, personal data breach, and phishing.
03. APSB18-18
APSB18-16
APSB18-12
Adobe has released security updates to address vulnerabilities in Adobe Connect, Adobe Flash Player, and Adobe Creative Cloud Desktop Application. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
04. May 2018 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
05. VU#631579 CERT Coordination Center (CERT/CC) has released information for CVE-2018-8897 – unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information.
06. Firefox ESR 52.8
Firefox 60
Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system.
07. 66.0.3359.170 Google has released Chrome version 66.0.3359.170 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which a remote attacker could exploit to take control of an affected system.
08. APSB18-09
APSB18-17
Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader and Photoshop CC. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
09. -- The Federal Trade Commission (FTC) has released an announcement promoting Privacy Awareness Week (PAW). This year’s theme, “From Principles to Practice,” focuses on privacy protection and online security for businesses and individuals.
10. VU#122919 The CERT Coordination Center (CERT/CC) has released information on email client vulnerabilities that can reveal plaintext versions of OpenPGP- and S/MIME-encrypted emails. A remote attacker could exploit these vulnerabilities to obtain sensitive information.
11. cisco-sa-20180516-dnac
cisco-sa-20180516-dna2
cisco-sa-20180516-dna
cisco-sa-20180516-nfvis
cisco-sa-20180516-msms
cisco-sa-20180516-iseeap
cisco-sa-20180516-fnd
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
12. AA-01602
AA-01606
The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
13. Thunderbird 52.8 Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
14. -- NCCIC advisory for possible Texas school shooting scams.
15. sa-core-2018-002 A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised
16. -- NCCIC Advisory on Securing Mobile Devices During Summer Travels.
17. -- The Internal Revenue Service (IRS) has issued a news release warning tax professional to beware of a new phishing email scam. Cyber criminals posing as state accounting and professional associations have been sending emails to entice their targets to reveal login credentials.
18. -- FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers' credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk.
19. -- NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices. Devices compromised by VPNFilter may be vulnerable to the collection of network traffic (including website credentials), as well as the monitoring of Modbus supervisory control and data acquisition (SCADA) protocols.
20. TA18-149A
MAR-10135536-3
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) that identifies two families of malware—referred to as Joanap and Brambul—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
21. 67.0.3396.62 Google has released Chrome version 67.0.3396.62 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system.

References:


  1. https://www.spellsecurity.com/

Disclaimer: This list is a way to make readers aware on various advisories/patches on monthly basis. However,the list may not be exhaustive.