Published on : 08 June, 2018
Find below a consolidated list of various Advisories and Patches released during the month of May 2018
| SNo. | Advisory/Alert | Description |
|---|---|---|
| 01. | -- | The Federal Trade Commission (FTC) has issued guidance for Twitter users on changing their passwords. Users should change their Twitter passwords as well as any other accounts that use the same password. |
| 02. | -- | FBI has released the Internet Crime Complaint Center (IC3) 2017 Internet Crime Report, which highlights scams trending online. The top three crime types reported by victims in 2017 were non-payment/non-delivery, personal data breach, and phishing. |
| 03. | APSB18-18 APSB18-16 APSB18-12 |
Adobe has released security updates to address vulnerabilities in Adobe Connect, Adobe Flash Player, and Adobe Creative Cloud Desktop Application. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. |
| 04. | May 2018 | Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. |
| 05. | VU#631579 | CERT Coordination Center (CERT/CC) has released information for CVE-2018-8897 – unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information. |
| 06. | Firefox ESR 52.8 Firefox 60 |
Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system. |
| 07. | 66.0.3359.170 | Google has released Chrome version 66.0.3359.170 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which a remote attacker could exploit to take control of an affected system. |
| 08. | APSB18-09 APSB18-17 |
Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader and Photoshop CC. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. |
| 09. | -- | The Federal Trade Commission (FTC) has released an announcement promoting Privacy Awareness Week (PAW). This year’s theme, “From Principles to Practice,” focuses on privacy protection and online security for businesses and individuals. |
| 10. | VU#122919 | The CERT Coordination Center (CERT/CC) has released information on email client vulnerabilities that can reveal plaintext versions of OpenPGP- and S/MIME-encrypted emails. A remote attacker could exploit these vulnerabilities to obtain sensitive information. |
| 11. | cisco-sa-20180516-dnac cisco-sa-20180516-dna2 cisco-sa-20180516-dna cisco-sa-20180516-nfvis cisco-sa-20180516-msms cisco-sa-20180516-iseeap cisco-sa-20180516-fnd |
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. |
| 12. | AA-01602 AA-01606 |
The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. |
| 13. | Thunderbird 52.8 | Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. |
| 14. | -- | NCCIC advisory for possible Texas school shooting scams. |
| 15. | sa-core-2018-002 | A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised |
| 16. | -- | NCCIC Advisory on Securing Mobile Devices During Summer Travels. |
| 17. | -- | The Internal Revenue Service (IRS) has issued a news release warning tax professional to beware of a new phishing email scam. Cyber criminals posing as state accounting and professional associations have been sending emails to entice their targets to reveal login credentials. |
| 18. | -- | FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers' credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk. |
| 19. | -- | NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices. Devices compromised by VPNFilter may be vulnerable to the collection of network traffic (including website credentials), as well as the monitoring of Modbus supervisory control and data acquisition (SCADA) protocols. |
| 20. | TA18-149A MAR-10135536-3 |
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) that identifies two families of malware—referred to as Joanap and Brambul—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. |
| 21. | 67.0.3396.62 | Google has released Chrome version 67.0.3396.62 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. |
