Security News Letter - may 2017
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CONTENT<br />
04 18<br />
19 24<br />
25 ‐ 41<br />
42<br />
42<br />
43 ‐ 45<br />
46 ‐ 50<br />
VULNERABILITY AND ATTACK SUMMARY<br />
CVE ID RELEASE SUMMARY<br />
SIGNATURE SUMMARY<br />
IPS SIGNATURE RELEASE SUMMARY<br />
ANTIVIRUS DATABASE VERSION<br />
MALWARE OUTBREAK<br />
SECURITY NEWS
AUTHOR PROFILE<br />
Gayathri Vigneswaran is the Cyber <strong>Security</strong> Center Manager with Savanture Softech. She has more than 9 years of<br />
experience in Application and Information <strong>Security</strong>. She holds a Bachelor Degree in B.Sc Computer Science & Diploma<br />
in Information Technologyy. She holds a MCP certification and is trained in CISSP & CEH.<br />
Chandru is the <strong>Security</strong> Analyst with Savanture Softech. He has knowledge in network administration. He holds a<br />
Bachelor Degree in Electronics & Communication Engineering from Anna University. He works as a <strong>Security</strong> Engineer<br />
instructing and configuring the firewalls, IDS, IPS of various organizations.
VULNERABILITY AND ATTACK SUMMARY<br />
Apple Revokes Certificate Used By OSX/Dok Malware<br />
May 01 , 201 7<br />
Apple revoked a legitimate developer certificate used by hackers behind malware dubbed OSX/Dok, which was<br />
able to eavesdrop on secure HTTPS traffic of infected systems. On Sunday, Apple also rolled out an update to its<br />
XProtect built‐in antimalware software to fend off existing and upcoming OSX/Dok‐type attacks.<br />
See more at:https://threatpost.com/apple‐revokes‐certificate‐used‐by‐osxdok‐malware/125322/<br />
Flickr Vulnerability Worth $7K Bounty to Researcher<br />
May 01 , 201 7<br />
Yahoo has patched an account takeover vulnerability on its Flickr image‐hosting service that earned an<br />
independent security researcher a $7,000 bounty. The issue was patched April 10, eight days after Michael<br />
Reizelman privately disclosed it through Yahoo’s HackerOne bounty program.<br />
See more at: https://threatpost.com/flickr‐vulnerability‐worth‐7k‐bounty‐to‐researcher/125312/<br />
Google Patches Six Critical Mediaserver Bugs in Android<br />
May 02, 201 7<br />
Google pushed out its monthly Android patches Monday, addressing 17 critical vulnerabilities, six of which are<br />
tied to its problematic Mediaserver component. An additional four critical vulnerabilities related to Qualcomm<br />
components in Android handsets including Google’s own Nexus 6P, Pixel XL and Nexus 9 devices were also<br />
patched.<br />
See more at : https://threatpost.com/google‐patches‐six‐critical‐mediaserver‐bugs‐in‐android/125347/
Fuze Patches Bug That Exposed Recordings of Private Business Meetings<br />
May 02, 201 7<br />
MFuze, an enterprise‐grade voice and video collaboration platform, has patched a vulnerability that exposed<br />
recordings of private meetings.<br />
A fix was made server‐side by Fuze, and a patch was pushed to its endpoint client apps within 11 days of being<br />
privately notified by researchers at Rapid7.<br />
See more at : https://threatpost.com/fuze‐patches‐bug‐that‐exposed‐recordings‐of‐private‐businessmeetings/125334/<br />
IBM: Destroy USBs Infected with Malware Dropper<br />
May 02, 201 7<br />
USB drives shipped with some IBM’s Storwize storage products are infected with malware, and the tech giant<br />
advises customers destroy the devices.IBM would not comment on the source of the infection or where in the<br />
supply chain the interdiction happened, and instead referred Threatpost to an advisory<br />
See more at: https://threatpost.com/ibm‐destroy‐usbs‐infected‐with‐malware‐dropper/125377/<br />
Malware Hunter Crawls Internet Looking for RAT C2s<br />
May 02, 201 7<br />
A new crawler released today by Shodan designed to find command and control servers has already unearthed<br />
5,800 controllers for more than 10 remote access Trojan ﴾RAT﴿ families.The crawler, called Malware Hunter, poses<br />
as an infected computer beaconing out to an attacker’s server waiting for additional commands or malware<br />
downloads.<br />
See more at: https://threatpost.com/malware‐hunter‐crawls‐internet‐looking‐for‐rat‐c2s/125360/
Proposed NIST Password Guidelines Soften Length, Complexity Focus<br />
May 03, 201 7<br />
A comment period has closed on NIST’s new password guidelines for federal agencies that challenge the<br />
effectiveness of traditional behaviors around authentication such as an insistence on complex passwords and<br />
scheduled resets.<br />
See more at: https://threatpost.com/proposed‐nist‐password‐guidelines‐soften‐length‐complexity‐focus/125393/<br />
Researcher: ‘Baseless Assumptions’ Exist About Intel AMT Vulnerability<br />
May 03, 201 7<br />
Researchers at Embedi who found the critical Active Management Technology ﴾AMT﴿ flaw in Intel chips said in a<br />
blog published today there were “a tremendous amount of baseless assumptions” being made about the<br />
vulnerability. According Embedi CTO Dmitry Evdokimov, an information vacuum has predictably sparked false<br />
assumptions about the vulnerability, otherwise known as Intel Standard Manageability Escalation of Privilege –<br />
INTEL‐SA‐00075 ﴾CVE‐<strong>2017</strong>‐5689﴿.<br />
See more at: https://threatpost.com/researcher‐baseless‐assumptions‐exist‐about‐intel‐amt‐vulnerability/125390/<br />
Google Shuts Down Docs Phishing Spree<br />
May 03, 201 7<br />
Google said it has disabled offending accounts involved in a widespread spree of phishing emails today<br />
impersonating Google Docs.<br />
The emails, at the outset, targeted journalists primarily and attempted to trick victims into granting the malicious<br />
application permission to access the user’s Google account.<br />
See more at: https://threatpost.com/google‐shuts‐down‐docs‐phishing‐spree/125414/<br />
Unpatched WordPress Password Reset Vulnerability Lingers<br />
May 04, 201 7<br />
A zero‐day vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s<br />
password and gain access to their account. Researcher Dawid Golunski of Legal Hackers disclosed the vulnerability<br />
on Wednesday via his new ExploitBox service. All versions of WordPress, including the latest, 4.7.4, are vulnerable,<br />
the researcher said.<br />
See more at: https://threatpost.com/unpatched‐wordpress‐password‐reset‐vulnerability‐lingers/125421/
Blackmoon Banking Trojan Using New Infection Technique<br />
May 04, 201 7<br />
New clues have surfaced on how the Blackmoon banking Trojan is infecting its victims using a new framework to<br />
deliver the malware.<br />
“We noticed recent campaigns ﴾two weeks ago﴿ where Blackmoon had shifted its infection strategy and is now<br />
utilizing a unique and interesting technique,” said Hardik Modi, vice president of threat research at Fidelis<br />
Cybersecurity in an interview with Threatpost.<br />
See more at:https://threatpost.com/blackmoon‐banking‐trojan‐using‐new‐infection‐technique/125425/<br />
1 Million Gmail Users Impacted by Google Docs Phishing Attack<br />
May 04, 201 7<br />
Google said that up to 1 million Gmail users were victimized by yesterday’s Google Docs phishing scam that<br />
spread quickly for a short period of time. In a statement, Google said that fewer than 0.1 percent of Gmail users<br />
were affected; as of last February, Google said it had one billion active Gmail users. Google took measures to<br />
protect its users by disabling offending accounts, and removing phony pages and malicious applications involved<br />
in the attacks. Other security measures were pushed out in updates to Gmail, Safe Browsing and other in‐house<br />
systems.<br />
See more at: https://threatpost.com/1‐million‐gmail‐users‐impacted‐by‐google‐docs‐phishing‐attack/125436/<br />
Carbanak Attackers Devise Clever New Persistence Trick<br />
May 05, 201 7<br />
Hackers behind the Carbanak criminal gang have devised a clever way to gain persistence on targeted systems to<br />
more effectively pull off financially motivated crimes. The technique involves creating a bogus instance of a<br />
Microsoft Windows app compatibility feature.<br />
See more at: https://threatpost.com/carbanak‐attackers‐devise‐clever‐new‐persistence‐trick/125457/<br />
Supply Chain Update Software Unknowingly Used in Attacks<br />
May 05, 201 7<br />
Microsoft said a recent attack it calls Operation WilySupply utilized the update mechanism of an unnamed<br />
software editing tool to infect targets in the finance and payment industries with in‐memory malware. The<br />
unnamed editing tool was used to send unsigned malicious updates to users in targeted attacks, according to a<br />
report published Thursday<br />
See more at: https://threatpost.com/supply‐chain‐update‐software‐unknowingly‐used‐in‐attacks/125483/
Researchers Disclose Intel AMT Flaw Research<br />
May 05, 201 7<br />
On Friday, just as Intel released additional information regarding a critical flaw found earlier this week in a subset<br />
of its business‐class PCs, the researchers behind the initial vulnerability discovery, Embedi, also published their<br />
research on the flaw.<br />
See more at:https://threatpost.com/researchers‐disclose‐intel‐amt‐flaw‐research/125503/<br />
Wormable Windows Zero Day Reported tosoft<br />
May 08, 201 7<br />
Google Project Zero researcher Tavis Ormandy has a long legacy of finding unknown, critical software<br />
vulnerabilities to his credit. So when he calls a new bug the worst in recent memory, it’s likely not hyperbole. On<br />
Saturday, Ormandy tweeted that he and colleague Natalie Silvanovich has found a Windows remote code<br />
execution vulnerability that he labeled “crazy bad.”<br />
See more at: https://threatpost.com/wormable‐windows‐zero‐day‐reported‐to‐microsoft/125513/<br />
HandBrake for Mac Compromised with Proton Spyware<br />
May 08, 201 7<br />
The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the<br />
Mac version of the software that they’re likely infected with malware<br />
See more at: https://threatpost.com/handbrake‐for‐mac‐compromised‐with‐proton‐spyware/125518/<br />
Hikvision Patches Backdoor in IP Cameras<br />
May 08, 201 7<br />
Hikvision, a Chinese manufacturer of video surveillance equipment, recently patched a backdoor in a slew of its<br />
cameras that could have made it possible for a remote attacker to gain full admin access to affected devices. The<br />
backdoor stems from two bugs: an improper authentication bug and a password in configuration file vulnerability.<br />
Both bugs could have allowed an attacker to escalate privileges and access sensitive information.<br />
See more at: https://threatpost.com/hikvision‐patches‐backdoor‐in‐ip‐cameras/125522/
Emergency Update Patches Zero Day in Microsoft Malware Protection Engine<br />
May 09, 201 7<br />
Microsoft made quick work of what two prominent Google researchers called the worst Windows vulnerability in<br />
recent memory, releasing an emergency patch Monday night, 48 hours after Google’s private disclosure was made.<br />
The mystery Windows zero day ﴾CVE‐<strong>2017</strong>‐0290﴿ was in the Microsoft Malware Protection Engine running in most<br />
of Microsoft’s antimalware offerings bundled with Windows.<br />
See more at: https://threatpost.com/emergency‐update‐patches‐zero‐day‐in‐microsoft‐malware‐protectionengine/125529/<br />
Adobe Patches Seven Critical Vulnerabilities in Flash, AEM<br />
May 09, 201 7<br />
Adobe fixed eight vulnerabilities, seven critical, in Flash Player and its Adobe Experience Manager ﴾AEM﴿ Forms<br />
product as part of a regularly scheduled update Tuesday morning.<br />
See more at: https://threatpost.com/adobe‐patches‐seven‐critical‐vulnerabilities‐in‐flash‐aem/125539/<br />
Microsoft Plugs Three Zero Day Holes as Part of May Patch Tuesday<br />
May 09, 201 7<br />
Microsoft patched three zero day vulnerabilities actively under attack today as part of its May Patch Tuesday<br />
release. Researchers with FireEye who uncovered the three vulnerabilities said the bugs were actively being<br />
exploited by threat actors Turla and APT28.<br />
See more at: https://threatpost.com/microsoft‐plugs‐three‐zero‐day‐holes‐as‐part‐of‐<strong>may</strong>‐patchtuesday/125544/<br />
Cisco Patches IOS XE Vulnerability Leaked in Vault 7 Dump<br />
May 1 0, 201 7<br />
Cisco released an update this week that addresses a vulnerability in software running in more than 300 of its<br />
switches. The flaw was disclosed among the WikiLeaks Vault 7 dump of alleged CIA offensive hacking tools, and<br />
proof‐of‐concept exploit code exists that targets the vulnerability.<br />
See more at: https://threatpost.com/cisco‐patches‐ios‐xe‐vulnerability‐leaked‐in‐vault‐7‐dump/125568/
Microsoft Makes it Official, Cuts off SHA1 Support in IE, Edge<br />
May 1 0, 201 7<br />
Lost in yesterday’s shuffle of emergency updates and regularly scheduled monthly patches was Microsoft’s<br />
announcement that it was officially cutting off SHA‐1 support in Internet Explorer 11 and Edge. Going forward,<br />
both browsers will block webpages signed with a SHA‐1 TLS or SSL certificate from loading and users will be<br />
shown a warning about an invalid certificate.<br />
See more at: https://threatpost.com/microsoft‐makes‐it‐official‐cuts‐off‐sha‐1‐support‐in‐ie‐edge/125579/<br />
Session Hijacking, CookieStealing WordPress Malware Spotted<br />
May 1 0, 201 7<br />
Researchers have identified a strain of cookie stealing malware injected into a legitimate JavaScript file, that<br />
masquerades as a WordPress core domain. Cesar Anjos, a security analyst at Sucuri, a firm that specializes in<br />
WordPress security, came across the malware during an incident response investigation and described it in a blog<br />
post Tuesday.<br />
See more at: https://threatpost.com/session‐hijacking‐cookie‐stealing‐wordpress‐malware‐spotted/125586/<br />
ASUS Patches RT Router Vulnerabilities<br />
May 11 , 201 7<br />
A recent ASUS firmware update addressed a number of vulnerabilities in 30 models of its popular RT routers. The<br />
flaws were privately disclosed by researchers at Baltimore consultancy Nightwatch Cybersecurity, and were patched<br />
starting in March, with 10 updates added Wednesday.<br />
See more at: https://threatpost.com/asus‐patches‐rt‐router‐vulnerabilities/125592/
Keylogger Found in Audio Drivers on Some HP Machines<br />
May 11 , 201 7<br />
An audio driver that comes installed on some HP‐manufactured computers records users’ keystrokes and stores<br />
them in a world‐readable plaintext file, researchers said Thursday.The culprit appears to be version 1.0.0.31 of<br />
MicTray64.exe, a program that comes installed with the Conexant audio driver package on select HP machines.<br />
See more at: https://threatpost.com/keylogger‐found‐in‐audio‐drivers‐on‐some‐hp‐machines/125600/<br />
Leaked NSA Exploit Spreading Ransomware Worldwide<br />
May 1 2, 201 7<br />
A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent<br />
ShadowBrokers dump.Researchers at Kaspersky Lab said the attackers behind today’s outbreak of WannaCry<br />
ransomware are using EternalBlue, the codename for an exploit made public by the mysterious group that is in<br />
possession of offensive hacking tools allegedly developed by the NSA.<br />
See more at: https://threatpost.com/leaked‐nsa‐exploit‐spreading‐ransomware‐worldwide/125654/<br />
New Jaff Ransomware Part Of Active Necurs Spam Blitz<br />
May 1 2, 201 7<br />
A new malware family called Jaff has been identified by researchers who say they are currently tracking multiple<br />
massive spam campaigns distributing the malware via the Necurs botnet. “It came out of nowhere with a huge<br />
bang,” Cisco Talos researchers said Friday<br />
See more at: https://threatpost.com/new‐jaff‐ransomware‐part‐of‐active‐necurs‐spam‐blitz/125648/
Microsoft Releases XP Patch for WannaCry Ransomware<br />
May 1 3, 201 7<br />
Microsoft has taken the extraordinary step of providing an emergency update for unsupported Windows XP and<br />
Windows 8 machines in the wake of Friday’s WannaCry ransomware outbreak.Unknown attackers were using the<br />
EternalBlue exploit leaked by the ShadowBrokers in April to spread WannaCry, a variant of the WCry malware,<br />
which surfaced in February.<br />
See more at: https://threatpost.com/microsoft‐releases‐xp‐patch‐for‐wannacry‐ransomware/125671/<br />
WannaCry Variants Pick Up Where Original Left Off<br />
May 1 5 , 201 7<br />
The inevitable wave of WannaCry ransomware variants began in earnest over the weekend after bit of sleuthing<br />
from a U.K. researcher slowed down the initial global outbreak.At least five new takes on the first attack, all still<br />
leveraging the NSA’s EternalBlue exploit and DoublePulsar rootkit, are spreading WannaCry.<br />
See more at: https://threatpost.com/wannacry‐variants‐pick‐up‐where‐original‐left‐off/125681/<br />
Matthew Hickey on WannaCry Ransomware Outbreak<br />
May 1 5, 201 7<br />
Matthew Hickey, founder of HackerHouse and @hackerfantastic on Twitter, talks to Mike Mimoso about Friday’s<br />
WannaCry ransomware outbreak, what the upcoming week bodes for businesses and the dangers of governments<br />
weaponizing attacks without sharing vulnerability information.<br />
See more at: https://threatpost.com/matthew‐hickey‐on‐wannacry‐ransomware‐outbreak/125674/<br />
OpenVPN Audits Yield Mixed Bag<br />
May 1 5, 201 7<br />
Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the<br />
open source software; one found the software was cryptographically sound, while another found two legitimate<br />
vulnerabilities.<br />
See more at: https://threatpost.com/openvpn‐audits‐yield‐mixed‐bag/125694/
WikiLeaks Reveals Two CIA Malware Frameworks<br />
May 1 6, 201 7<br />
WikiLeaks released details on what it claims are two frameworks for malware samples dubbed AfterMindnight and<br />
Assassin, both allegedly developed by the U.S. Central Intelligence Agency. The revelations come amid worldwide<br />
efforts to squelch variants of the WannaCry ransomware, an offensive hacking tool allegedly developed by the<br />
National <strong>Security</strong> Agency.<br />
See more at: https://threatpost.com/wikileaks‐reveals‐two‐cia‐malware‐frameworks/125701/<br />
ShadowBrokers Planning Monthly Exploit, Data Dump Service<br />
May 1 6, 201 7<br />
Popcorn in hand, the ShadowBrokers say they’re taking in the WannaCry outbreak from the sidelines before<br />
starting in June a subscription service for new exploits and stolen data akin to a wine of the month club.<br />
See more at: https://threatpost.com/shadowbrokers‐planning‐monthly‐exploit‐data‐dump‐service/125710/<br />
Shrome Browser Hack Opens Door to Credential Theft<br />
May 1 6, 201 7<br />
A vulnerability in Google’s Chrome browser allows hackers to automatically download a malicious file onto a<br />
victim’s PC that could be used to steal credentials and launch SMB relay attacks.<br />
See more at: https://threatpost.com/chrome‐browser‐hack‐opens‐door‐to‐credential‐theft/125686/<br />
Next Payload Could be Much Worse Than WannaCry<br />
May 1 7, 201 7<br />
No one should be letting their guard down now that the WannaCry ransomware attacks have been relatively<br />
contained. Experts intimately involved with analyzing the malware and worldwide attacks urge quite the opposite,<br />
warning today that there’s nothing stopping attackers from using the available NSA exploits to drop more<br />
destructive malware.<br />
See more at: https://threatpost.com/next‐nsa‐exploit‐payload‐could‐be‐much‐worse‐than‐wannacry/125743/
APT3 Linked to Chinese Ministry of State <strong>Security</strong><br />
May 1 7, 201 7<br />
Researchers claim that APT3, widely believed to be a China‐based threat actor, is directly connected to the<br />
Chinese Ministry of State <strong>Security</strong> ﴾MSS﴿. The allegations come from Recorded Future which released a report<br />
Wednesday that claims it has found conclusive ties that link APT3 with MSS, China’s equivalent of the National<br />
<strong>Security</strong> Agency.<br />
See more at: https://threatpost.com/apt3‐linked‐to‐chinese‐ministry‐of‐state‐security/125750/<br />
Patches Pending for Medical Devices Hit By WannaCry<br />
May 1 8, 201 7<br />
It was initially thought just Windows machines were vulnerable but it probably shouldn’t come as a surprise that<br />
medical devices and industrial control systems were subjected to the perils of this weekend’s WannaCry<br />
ransomware outburst as well.<br />
See more at: https://threatpost.com/patches‐pending‐for‐medical‐devices‐hit‐by‐wannacry/125758/<br />
WordPress Fixes CSRF, XSS Bugs, Announces Bug Bounty Program<br />
May 1 8, 201 7<br />
WordPress is urging webmasters to update to the latest version of its content management system to mitigate<br />
several issues, including a pair of cross‐site scripting ﴾XSS﴿ bugs and a cross‐site request forgery ﴾CSRF﴿ bug that’s<br />
existed for 10 months.<br />
See more at: https://threatpost.com/wordpress‐fixes‐csrf‐xss‐bugs‐announces‐bug‐bounty‐program/125777/<br />
PATCH Act Calls for VEP Review Board<br />
May 1 8, 201 7<br />
The U.S. government took the first steps toward codifying the Vulnerabilities Equities Process into law yesterday<br />
through the introduction of the Protecting Our Ability to Counter Hacking ﴾PATCH﴿ Act of <strong>2017</strong>.<br />
See more at: https://threatpost.com/patch‐act‐calls‐for‐vep‐review‐board/125783/
Threatpost <strong>News</strong> Wrap, May 1 9, 201 7<br />
May 1 9, 201 7<br />
Mike Mimoso and Chris Brook discuss WannaCry, Microsoft’s response, the killswitches, a potential link with<br />
Lazarus Group, and what the future holds for the ShadowBrokers.<br />
See more at: https://threatpost.com/threatpost‐news‐wrap‐<strong>may</strong>‐19‐<strong>2017</strong>/125796/<br />
VMware Patches Multiple <strong>Security</strong> Issues in Workstation<br />
May 1 9, 201 7<br />
VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading<br />
vulnerability and a NULL pointer dereference vulnerability.The virtualization software company warned of the<br />
issues Thursday night in a security advisory VMSA‐<strong>2017</strong>‐0009.<br />
See more at: https://threatpost.com/vmware‐patches‐multiple‐security‐issues‐in‐workstation/125805/<br />
Available Tools Making Dent in WannaCry Encryption<br />
May 1 9, 201 7<br />
Tools are beginning to emerge that can be used to start the process of recovering files encrypted by WannaCry on<br />
some Windows systems. This takes on extra urgency because today marks one week from the initial outbreak, and<br />
files encrypted during that first wave are on the clock and close to being lost forever.<br />
See more at: https://threatpost.com/available‐tools‐making‐dent‐in‐wannacry‐encryption/125806/<br />
EternalRocks Worm Spreads Seven NSA SMB Exploits<br />
May 22, 201 7<br />
Someone has stitched together seven of the Windows SMB exploits leaked by the ShadowBrokers, creating a<br />
worm that has been spreading through networks since at least the first week of May.<br />
See more at: https://threatpost.com/eternalrocks‐worm‐spreads‐seven‐nsa‐smb‐exploits/125825/
Verizon Patches XSS Issues in its Messaging Client<br />
May 22, 201 7<br />
Someone has stitched together seven of the Windows SMB exploits leaked by the ShadowBrokers, creating a<br />
worm that has been spreading through networks since at least the first week of May.Verizon late last year patched<br />
a vulnerability in its Message+ messaging client that could have allowed an attacker to take over a session and<br />
possibly extend their reach into a user’s account management settings<br />
See more at: https://threatpost.com/verizon‐patches‐xss‐issues‐in‐its‐messaging‐client/125829/<br />
Apple Receives First National <strong>Security</strong> <strong>Letter</strong>, Reports Spike in Requests for Data<br />
May 23, 201 7<br />
SApple revealed this week that it received a National <strong>Security</strong> <strong>Letter</strong> during the last six months of 2016. The news,<br />
which came as part of the company’s latest biannual transparency report, marks the first NSL Apple has reported<br />
receiving. The iPhone manufacturer released the report via a portal on its website late Monday.<br />
See more at: https://threatpost.com/apple‐receives‐first‐national‐security‐letter‐reports‐spike‐in‐requests‐fordata/125856/<br />
Yahoo Retires ImageMagick After Bugs Leak Server Memory<br />
May 23, 201 7<br />
Yahoo has exorcised itself of the troublesome ImageMagick image processing software after it learned of<br />
vulnerabilities in an outdated version of the open source tool it was running could be exploited to steal secrets<br />
from Yahoo servers.<br />
See more at: https://threatpost.com/yahoo‐retires‐imagemagick‐after‐bugs‐leak‐server‐memory/125862/
Malware Network Communication Provides Better Early Warning Signal<br />
May 24, 201 7<br />
Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware<br />
analysis as the best means of early detection of infections.<br />
See more at: https://threatpost.com/malware‐network‐communication‐provides‐better‐early‐warningsignal/125874/<br />
Password Breaches Fueling Booming Credential Stuffing Business<br />
May 24, 201 7<br />
The market for credential stuffing software and services is thriving thanks in large part to an epidemic of breaches<br />
of usernames and passwords.Digital Shadows said today in a new report that credential leaks, such as this past<br />
month’s Anti Public Combo List and others, have buoyed the market for credential stuffing and made it a lucrative<br />
part of the black market economy.<br />
See more at: https://threatpost.com/password‐breaches‐fueling‐booming‐credential‐stuffing‐business/125900/<br />
Samba Patches Wormable Bug Exploitable With One Line Of Code<br />
May 25, 201 7<br />
A patch for a critical vulnerability impacting the free networking software Samba was issued Wednesday. The flaw<br />
poses a severe threat to users, with approximately 104,000 Samba installations vulnerable to remote takeover.<br />
More troubling, experts say, the vulnerability can be exploited with just one line of code.<br />
See more at: https://threatpost.com/samba‐patches‐wormable‐bug‐exploitable‐with‐one‐line‐of‐code/125915/<br />
Keybase Extension Brings EndtoEnd Encrypted Chat To Twitter, Reddit, GitHub<br />
May 25, 201 7<br />
A recently released Chrome extension, developed by the public key crypto database Keybase, brought end‐to‐end<br />
encrypted messaging to several apps this week.<br />
See more at: https://threatpost.com/keybase‐extension‐brings‐end‐to‐end‐encrypted‐chat‐to‐twitter‐redditgithub/125921/
Rash Of Phishing Attacks Use HTTPS To Con Victims<br />
May 26, 201 7<br />
Scammers are increasingly abusing consumer awareness of sites that encrypt data sent over the internet using<br />
HTTPS, particularly through a spike in phishing attacks that hope to win the confidence of victims by using the<br />
protocol on spoofed sites.<br />
See more at: https://threatpost.com/rash‐of‐phishing‐attacks‐use‐https‐to‐con‐victims/125937/<br />
Pacemaker Ecosystem Fails its Cybersecurity Checkup<br />
May 26, 201 7<br />
Pacemakers continue to be the front line of medical device security debates after a research paper published this<br />
week described a frightening list of cybersecurity issues plaguing devices built by leading manufacturers, including<br />
a lack of authentication and encryption, and the use of third‐party software libraries ravaged by thousands of<br />
vulnerabilities.<br />
See more at: https://threatpost.com/pacemaker‐ecosystem‐fails‐its‐cybersecurity‐checkup/125942/<br />
Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw<br />
May 28, 201 7<br />
Microsoft quietly patched a critical vulnerability Wednesday in its Malware Protection Engine. The vulnerability<br />
was found May 12 by Google’s Project Zero team, which said an attacker could have crafted an executable that<br />
when processed by the Malware Protection Engine’s emulator could enable remote code execution.<br />
See more at: https://threatpost.com/microsoft‐quietly‐patches‐another‐critical‐malware‐protection‐engineflaw/125951/
CVE ID RELEASE SUMMARY<br />
1 CVE‐<strong>2017</strong>‐8377 GeniXCMS 1.0.2 has SQL Injection in<br />
Remote Low <strong>2017</strong>‐05‐10<br />
inc/lib/Control/Backend/menus.control.php via the menuid<br />
Sql<br />
parameter.<br />
2 CVE‐<strong>2017</strong>‐8393 The Binary File Descriptor ﴾BFD﴿ library ﴾aka libbfd﴿, as<br />
distributed in GNU Binutils 2.28, is vulnerable to a global buffer<br />
Remote Low <strong>2017</strong>‐05‐11<br />
over‐read error because of an assumption made by code that<br />
Overflow<br />
runs for objcopy and strip, that SHT! REL/SHR! RELA sections are<br />
always named starting with a .rel/.rela prefix. This vulnerability<br />
causes programs that conduct an analysis of binary programs<br />
using the libbfd library, such as objcopy and strip, to crash.<br />
3 CVE‐<strong>2017</strong>‐8086 Memory leak in the v9fs! list! xattr function in hw/9pfs/9p‐xattr.c<br />
in QEMU ﴾aka Quick Emulator﴿ allows local guest OS privileged<br />
users to cause a denial of service ﴾memory consumption﴿ via<br />
vectors involving the orig! value variable.<br />
DoS<br />
Remote Low <strong>2017</strong>‐05‐11<br />
4<br />
CVE‐<strong>2017</strong>‐8453<br />
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an<br />
out‐of‐bounds read that allows remote attackers to obtain<br />
Exec Code +Info<br />
Remote Medium <strong>2017</strong>‐05‐12<br />
sensitive information or possibly execute arbitrary code via a<br />
crafted font in a PDF document.<br />
5 CVE‐<strong>2017</strong>‐8762<br />
VGeniXCMS 1.0.2 has XSS triggered by an authenticated user<br />
who submits a page, as demonstrated by a crafted oncut<br />
XSS<br />
Remote<br />
Medium<br />
<strong>2017</strong>‐05‐12<br />
attribute in a B element.<br />
6 CVE‐<strong>2017</strong>‐7487 The ipxitf! ioctl function in net/ipx/af! ipx.c in the Linux kernel<br />
through 4.11.1 mishandles reference counts, which allows local<br />
DoS<br />
Remote<br />
Low<br />
<strong>2017</strong>‐05‐14<br />
users to cause a denial of service ﴾use‐after‐free﴿ or possibly<br />
have unspecified other impact via a failed SIOCGIFADDR ioctl<br />
call for an IPX interface.
7 CVE‐<strong>2017</strong>‐7887 Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the<br />
Remote Medium <strong>2017</strong>‐05‐15<br />
sall parameter.<br />
XSS<br />
8 CVE‐<strong>2017</strong>‐8876<br />
Symphony 2 2.6.11 has XSS in the meta!navigation! group!<br />
parameter to content/content.blueprintssections.php.<br />
Remote<br />
Medium<br />
<strong>2017</strong>‐05‐15<br />
XSS<br />
9<br />
CVE‐<strong>2017</strong>‐8872<br />
The htmlParseTryOrFinish function in HTMLparser.c in libxml2<br />
2.9.4 allows attackers to cause a denial of service ﴾buffer over‐<br />
DoS<br />
Remote Low <strong>2017</strong>‐05‐15<br />
read﴿ or information disclosure..<br />
10<br />
CVE‐<strong>2017</strong>‐8899<br />
Invision Power Services ﴾IPS﴿ Community Suite 4.1.19.2 and<br />
earlier has a composite of Stored XSS and Information<br />
XSS<br />
Remote Medium <strong>2017</strong>‐05‐16<br />
Disclosure issues in the attachments feature found in User CP.<br />
This can be triggered by any Invision Power Board user and can<br />
be used to gain access to moderator/admin accounts. The<br />
primary cause is the ability to upload an SVG document with a<br />
crafted attribute such an onload; however, full path disclosure is<br />
required for exploitation.<br />
11 CVE‐<strong>2017</strong>‐8878<br />
ASUS RT‐AC! and RT‐N! devices with firmware before<br />
3.0.0.4.380.7378 allow remote authenticated users to discover<br />
the Wi‐Fi password via WPS! info.xml.<br />
+Info<br />
Remote<br />
Low<br />
<strong>2017</strong>‐05‐16<br />
12 CVE‐<strong>2017</strong>‐8789 An issue was discovered on Accellion FTA devices before<br />
FTA! 9! 12! 180. A report! error.php! year! 'payload SQL injection<br />
Sql<br />
Remote<br />
Low<br />
<strong>2017</strong>‐05‐17<br />
vector exists.
13 CVE‐<strong>2017</strong>‐5909 The Electronic Funds Source ﴾EFS﴿ Mobile Driver Source app 2.5 for iOS<br />
Remote Medium <strong>2017</strong>‐05‐17<br />
does not verify X.509 certificates from SSL servers, which allows manin‐the‐middle<br />
attackers to spoof servers and obtain sensitive<br />
+Info<br />
information via a crafted certificate.<br />
14 CVE‐<strong>2017</strong>‐<br />
6557<br />
SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the<br />
portal bookmark function is enabled, allows remote authenticated<br />
SQL Inject<br />
Remote<br />
Low<br />
<strong>2017</strong>‐05‐17<br />
users to execute arbitrary SQL commands via unspecified vectors<br />
15<br />
CVE‐<strong>2017</strong>‐6051<br />
An Uncontrolled Search Path Element issue was discovered in BLF‐Tech<br />
Remote High <strong>2017</strong>‐05‐18<br />
LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search<br />
Exec Code<br />
path element vulnerability has been identified, which <strong>may</strong> allow an<br />
attacker to run a malicious DLL file within the search path resulting in<br />
execution of arbitrary code.<br />
16 CVE‐<strong>2017</strong>‐7927 A Use of Password Hash Instead of Password for Authentication issue<br />
Remote Low <strong>2017</strong>‐05‐18<br />
was discovered in Dahua DH‐IPC‐HDBW23A0RN‐ZS, DH‐IPC‐<br />
Bypass<br />
HDBW13A0SN, DH‐IPC‐HDW1XXX, DH‐IPC‐HDW2XXX, DH‐IPC‐<br />
HDW4XXX, DH‐IPC‐HFW1XXX, DH‐IPC‐HFW2XXX, DH‐IPC‐HFW4XXX,<br />
DH‐SD6CXX, DH‐NVR1XXX, DH‐HCVR4XXX, DH‐HCVR5XXX, DHI‐<br />
HCVR51A04HE‐S3, DHI‐HCVR51A08HE‐S3, and DHI‐HCVR58A32S‐S2<br />
devices. The use of password hash instead of password for<br />
authentication vulnerability was identified, which could allow a<br />
malicious user to bypass authentication without obtaining the actual<br />
password.<br />
17 CVE‐<strong>2017</strong>‐5948<br />
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.<br />
OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This<br />
is due to a lenient 'updater‐script' in OTAs that does not check that the<br />
MITM<br />
Remote<br />
Medium<br />
<strong>2017</strong>‐05‐19<br />
current version is lower than or equal to the given image's.<br />
Downgrades can occur even on locked bootloaders and without<br />
triggering a factory reset, allowing for exploitation of now‐patched<br />
vulnerabilities with access to user data. This vulnerability can be<br />
exploited by a Man‐in‐the‐Middle ﴾MiTM﴿ attacker targeting the<br />
update process<br />
18 CVE‐<strong>2017</strong>‐8851<br />
This vulnerability can be exploited by Man‐in‐the‐Middle ﴾MiTM﴿<br />
attackers targeting the update process. This is possible because the<br />
update transaction does not occur over TLS ﴾CVE‐2016‐10370﴿. In<br />
DoS<br />
Remote<br />
Medium<br />
<strong>2017</strong>‐05‐19<br />
addition, physical attackers can reboot the phone into recovery, and<br />
then use 'adb sideload' to push the OTA.
19<br />
CVE‐<strong>2017</strong>‐6867<br />
A vulnerability was discovered in Siemens SIMATIC WinCC ﴾V7.3<br />
Remote Low <strong>2017</strong>‐05‐20<br />
before Upd 11 and V7.4 before SP1﴿, SIMATIC WinCC Runtime<br />
Professional ﴾V13 before SP2 and V14 before SP1﴿, SIMATIC<br />
DOS<br />
WinCC ﴾TIA Portal﴿ Professional ﴾V13 before SP2 and V14 before<br />
SP1﴿ that could allow an authenticated, remote attacker who is<br />
member of the "administrators" group to crash services by<br />
sending specially crafted messages to the DCOM interface.<br />
20 CVE‐<strong>2017</strong>‐5461 Mozilla Network <strong>Security</strong> Services ﴾NSS﴿ before 3.21.4, 3.22.x<br />
through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x<br />
before 3.30.1 allows remote attackers to cause a denial of service<br />
﴾out‐of‐bounds write﴿ or possibly have unspecified other impact<br />
by leveraging incorrect base64 operations.<br />
DoS<br />
Remote Low <strong>2017</strong>‐05‐20<br />
21 CVE‐<strong>2017</strong>‐2681 Siemens SIMATIC S7‐300 incl. F and T ﴾All versions before<br />
Local<br />
Low <strong>2017</strong>‐05‐22<br />
V3.X.14﴿, SIMATIC S7‐400 incl. F and H ﴾All versions﴿, SIMATIC<br />
DOS<br />
Network<br />
HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels ﴾All<br />
versions﴿ could be affected by a Denial‐of‐Service condition<br />
induced by a specially crafted PROFINET DCP ﴾Layer 2 ‐ Ethernet﴿<br />
packet sent to an affected product.<br />
22 CVE‐<strong>2017</strong>‐7213 Zoho ManageEngine Desktop Central before build 100082 allows<br />
Remote Low <strong>2017</strong>‐05‐22<br />
remote attackers to obtain control over all connected active<br />
Priviledge<br />
desktops via unspecified vectors.<br />
Escalation<br />
23 CVE‐<strong>2017</strong>‐4011<br />
Embedding Script ﴾XSS﴿ in HTTP Headers vulnerability in the<br />
server in McAfee Network Data Loss Prevention ﴾NDLP﴿ 9.3.x<br />
XSS Remote Medium<br />
<strong>2017</strong>‐05‐23<br />
allows remote attackers to get session/cookie information via<br />
modification of the HTTP request.<br />
24 CVE‐<strong>2017</strong>‐4016 Web Server method disclosure in the server in McAfee Network<br />
Data Loss Prevention ﴾NDLP﴿ 9.3.x allows remote attackers to<br />
+Info<br />
Remote<br />
Low<br />
<strong>2017</strong>‐05‐23<br />
exploit and find another hole via HTTP response header.
25 CVE‐<strong>2017</strong>‐9147 LibTIFF 4.0.7 has an invalid read in the ! TIFFVGetField<br />
Remote Medium <strong>2017</strong>‐05‐24<br />
function in tif! dir.c, which might allow remote attackers to<br />
cause a denial of service ﴾crash﴿ via a crafted TIFF file.<br />
DoS<br />
26 CVE‐<strong>2017</strong>‐9090 reg.php in Allen Disk 1.6 doesn't check if<br />
isset﴾$! SESSION!'captcha'!!'code'!﴿! ! 1, which makes it<br />
Remote Low <strong>2017</strong>‐05‐24<br />
possible to bypass the CAPTCHA via an empty<br />
Bypass<br />
$! POST!'captcha'!.<br />
27 CVE‐<strong>2017</strong>‐8942 The YottaMark ShopWell ‐ Healthy Diet & Grocery Food<br />
Scanner app 5.3.7 through 5.4.2 for iOS does not verify<br />
Remote Medium <strong>2017</strong>‐05‐25<br />
X.509 certificates from SSL servers, which allows man‐in‐<br />
+Info<br />
the‐middle attackers to spoof servers and obtain sensitive<br />
information via a crafted certificate.<br />
28<br />
CVE‐<strong>2017</strong>‐8930<br />
Multiple cross‐site request forgery ﴾CSRF﴿ vulnerabilities in<br />
Simple Invoices 2013.1.beta.8 allow remote attackers to<br />
CSRF<br />
Remote Medium <strong>2017</strong>‐05‐25<br />
hijack the authentication of admins for requests that can ﴾1﴿<br />
create new administrator user accounts and take over the<br />
entire application, ﴾2﴿ create regular user accounts, or ﴾3﴿<br />
change configuration parameters such as tax rates and the<br />
enable/disable status of PayPal payment modules.<br />
29 CVE‐<strong>2017</strong>‐8900<br />
Remote<br />
<strong>2017</strong>‐05‐26<br />
LightDM through 1.22.0, when systemd is used in Ubuntu<br />
Bypass<br />
Low<br />
16.10 and 17.x, allows physically proximate attackers to<br />
bypass intended AppArmor restrictions and visit the home<br />
directories of arbitrary users by establishing a guest session.<br />
30 CVE‐<strong>2017</strong>‐9030 The Codextrous B2J Contact ﴾aka b2j! contact﴿ extension<br />
before 2.1.13 for Joomla! allows a directory traversal attack<br />
Dir. Trav. Bypass<br />
Remote<br />
Low<br />
<strong>2017</strong>‐05‐26<br />
that bypasses a uniqid protection mechanism, and makes it<br />
easier to read arbitrary uploaded files.
31 CVE‐<strong>2017</strong>‐9031 The WebUI component in Deluge before 1.3.15 contains a<br />
Remote Medium <strong>2017</strong>‐05‐27<br />
directory traversal vulnerability involving a request in which<br />
the name of the render file is not associated with any<br />
Dir. Trav<br />
template file.<br />
32 CVE‐<strong>2017</strong>‐2513<br />
An issue was discovered in certain Apple products. iOS<br />
before 10.3.2 is affected. macOS before 10.12.5 is affected.<br />
Remote<br />
Low<br />
<strong>2017</strong>‐05‐27<br />
tvOS before 10.2.1 is affected. watchOS before 3.2.2 is<br />
DoS Exec Code<br />
affected. The issue involves the "SQLite" component. A useafter‐free<br />
vulnerability allows remote attackers to execute<br />
arbitrary code or cause a denial of service ﴾application crash﴿<br />
via a crafted SQL statement.<br />
33<br />
CVE‐<strong>2017</strong>‐9172<br />
libautotrace.a in AutoTrace 0.31.1 has a heap‐based buffer<br />
overflow in the ReadImage function in input‐bmp.c:496:29.<br />
Remote Low <strong>2017</strong>‐05‐28<br />
Overflow<br />
34 CVE‐<strong>2017</strong>‐9175 libautotrace.a in AutoTrace 0.31.1 allows remote attackers to<br />
Remote Low <strong>2017</strong>‐05‐28<br />
cause a denial of service ﴾invalid write and SEGV﴿, related to<br />
DoS<br />
the ReadImage function in input‐bmp.c:353:25.
SIGNATURE SUMMARY<br />
Cisco<br />
<strong>2017</strong> May 03 High Cisco Firepower Management Console Rule Import Acce<br />
<strong>2017</strong> May 03 High Adobe Flash Player Use After Free Attempt<br />
<strong>2017</strong> May 03 High Adobe Acrobat and Reader Code Execution<br />
<strong>2017</strong> May 03 High Cisco TelePresence ICMP Denial of Service<br />
<strong>2017</strong> May 03 High Adobe Flash Player Arbitrary Code Execution<br />
<strong>2017</strong> May 03 High Cisco Aironet Mobility Express Arbitrary Code Execution<br />
<strong>2017</strong> May 03 High Adobe Flash Player Memory Corruption<br />
High<br />
Adobe Flash Player Heap Overflow<br />
<strong>2017</strong> May 09<br />
High<br />
Adobe Flash Player Use After Free<br />
<strong>2017</strong> May 09<br />
High<br />
Microsoft Internet Explorer Mixed Content Warnings Bypa<br />
<strong>2017</strong> May 09<br />
High<br />
Microsoft Edge Use After Free<br />
<strong>2017</strong> May 09<br />
High<br />
Microsoft Edge Memory Corruption<br />
<strong>2017</strong> May 09<br />
High<br />
Microsoft Edge Type Confusion<br />
<strong>2017</strong> May 09<br />
<strong>2017</strong> May 09 High Microsoft Internet Explorer and Edge Scripting Engine Me<br />
High<br />
<strong>2017</strong> May 09<br />
Microsoft Edge Remote Code Execution
Cisco<br />
<strong>2017</strong> May 18<br />
High<br />
Microsoft Windows SMB Remote Code Execution<br />
<strong>2017</strong> May 18 High Trend Micro Smart Protection Command Injection<br />
<strong>2017</strong> May 18 High Apache Struts Remote Code Execution<br />
<strong>2017</strong> May 18 High EyesOfNetwork Command Injection<br />
<strong>2017</strong> May 18 Medium EyesOfNetwork Module Command Injection<br />
<strong>2017</strong> May 18 High<br />
IIntel AMT Remote Administration Tool Authentication Bypass<br />
<strong>2017</strong> May 18 High<br />
Trend Micro Threat Discovery Appliance Command Injection<br />
High<br />
Trend Micro SafeSync Command Injection<br />
<strong>2017</strong> May 18<br />
High<br />
Adobe Reader Information Disclosure<br />
<strong>2017</strong> May 18<br />
High<br />
Trend Micro Deep Discovery Inspector Command Injection<br />
<strong>2017</strong> May 18<br />
High<br />
<strong>2017</strong> May 18<br />
Microsoft Windows SMB Remote Code Execution
CHECKPOINT<br />
1 May <strong>2017</strong> Medium Adobe Acrobat and Reader Information Disclosure ﴾APSB17‐11: CVE‐<strong>2017</strong>‐3052﴿<br />
1 May <strong>2017</strong> Critical Adobe Acrobat and Reader Memory Corruption ﴾APSB17‐11: CVE‐<strong>2017</strong>‐3044﴿<br />
3 May <strong>2017</strong> High Microsoft Windows SMB2 Tree Connect Response Denial of Service ﴾MS17‐012: CVE‐<strong>2017</strong>‐0016﴿<br />
3 May <strong>2017</strong> Medium Adobe Acrobat and Reader Information Disclosure ﴾APSB17‐11: CVE‐<strong>2017</strong>‐3053﴿<br />
3 May <strong>2017</strong> Critical Adobe Acrobat and Reader Memory Corruption ﴾APSB17‐11: CVE‐<strong>2017</strong>‐3051﴿<br />
4 May <strong>2017</strong> Medium Microsoft Edge <strong>Security</strong> Feature Bypass ﴾MS17‐007: CVE‐<strong>2017</strong>‐0066﴿<br />
4 May <strong>2017</strong> Critical Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow ﴾CVE‐<strong>2017</strong>‐7269﴿<br />
4 May <strong>2017</strong> Critical KaiXin Exploit Kit<br />
Critical<br />
4 May <strong>2017</strong><br />
Adobe Acrobat and Reader Memory Corruption ﴾APSB17‐11: CVE‐<strong>2017</strong>‐3037﴿<br />
4 May <strong>2017</strong> Medium HPE Intelligent Management Center FileDownloadServlet fileName Directory Traversal ﴾CVE‐<strong>2017</strong>‐5795﴿<br />
High<br />
4 May <strong>2017</strong><br />
ALLPlayer M3U File Stack Buffer Overflow ﴾CVE‐2013‐7409﴿﴿<br />
Critical<br />
4 May <strong>2017</strong><br />
Popcorn Time Subtitles Remote Code Execution<br />
High<br />
7 May <strong>2017</strong><br />
Microsoft Scripting Engine Memory Corruption ﴾MS17‐007: CVE‐<strong>2017</strong>‐0070﴿
CHECKPOINT<br />
7 May <strong>2017</strong> Medium OpenSSL Encrypt‐Then‐Mac Renegotiation Denial of Service ﴾CVE‐<strong>2017</strong>‐3733﴿<br />
7 May <strong>2017</strong> Medium Adobe Acrobat and Reader Information Disclosure ﴾APSB17‐11: CVE‐<strong>2017</strong>‐3046﴿<br />
7 May <strong>2017</strong> Critical Adobe Acrobat and Reader Use After Free ﴾APSB17‐11: CVE‐<strong>2017</strong>‐3047﴿<br />
7 May <strong>2017</strong> High Microsoft Edge asm.js Type Confusion ﴾CVE‐<strong>2017</strong>‐0093﴿<br />
7 May <strong>2017</strong> Medium ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization ﴾CVE‐2016‐9498﴿<br />
8 May <strong>2017</strong> High URSoft W32Dasm Disassembler Function Buffer Overflow ﴾CVE‐2005‐0308﴿<br />
8 May <strong>2017</strong> Critical Zinf Audio Player PLS File Stack Buffer Overflow ﴾CVE‐2004‐0964﴿<br />
Medium<br />
8 May <strong>2017</strong><br />
Digium Asterisk CDR ast! cdr! setuserfield Buffer Overflow ﴾CVE‐<strong>2017</strong>‐7617﴿<br />
High<br />
8 May <strong>2017</strong><br />
ManageEngine Applications Manager MenuHandlerServlet SQL Injection ﴾CVE‐2016‐9488﴿<br />
Critical<br />
8 May <strong>2017</strong><br />
Moodle Remote Code Execution ﴾CVE‐<strong>2017</strong>‐2641﴿<br />
9 May <strong>2017</strong> High Check‐Host Website Monitoring Service<br />
9 May <strong>2017</strong> High Microsoft Windows COM Elevation of Privilege ﴾CVE‐<strong>2017</strong>‐0214﴿<br />
9 May <strong>2017</strong> Critical Adobe Flash Player Memory Corruption ﴾APSB17‐15: CVE‐<strong>2017</strong>‐3069﴿
CHECKPOINT<br />
9 May <strong>2017</strong> Critical Microsoft Edge Memory Corruption ﴾CVE‐<strong>2017</strong>‐0227﴿<br />
9 May <strong>2017</strong> Critical Microsoft Browser Scripting Engine Memory Corruption ﴾CVE‐<strong>2017</strong>‐0228﴿<br />
9 May <strong>2017</strong> Critical Adobe Flash Player Memory Corruption ﴾APSB17‐15: CVE‐<strong>2017</strong>‐3073﴿<br />
9 May <strong>2017</strong> Critical Suspicious Microsoft Office File Archive Mail Attachment<br />
9 May <strong>2017</strong><br />
High<br />
Ghostscript Type Confusion Arbitrary Command Execution ﴾CVE‐<strong>2017</strong>‐8291﴿<br />
9 May <strong>2017</strong> High Check‐Host Website Monitoring Service<br />
9 May <strong>2017</strong> High Microsoft Windows COM Elevation of Privilege ﴾CVE‐<strong>2017</strong>‐0214﴿<br />
9 May <strong>2017</strong> High Microsoft Office Remote Code Execution ﴾CVE‐<strong>2017</strong>‐0243﴿<br />
9 May <strong>2017</strong> High Microsoft Windows Kernel Information Disclosure ﴾CVE‐<strong>2017</strong>‐0175﴿<br />
9 May <strong>2017</strong> High Microsoft Win32k Elevation of Privilege ﴾CVE‐<strong>2017</strong>‐0246﴿<br />
9 May <strong>2017</strong> High Microsoft Win32k Information Disclosure ﴾CVE‐<strong>2017</strong>‐0077﴿<br />
9 May <strong>2017</strong> High Microsoft Windows DNS Server Denial of Service ﴾CVE‐<strong>2017</strong>‐0171﴿<br />
9 May <strong>2017</strong> High Microsoft Win32k Information Disclosure ﴾CVE‐<strong>2017</strong>‐0245﴿<br />
9 May <strong>2017</strong> High Microsoft Windows Kernel Information Disclosure ﴾CVE‐<strong>2017</strong>‐0259﴿<br />
9 May <strong>2017</strong> High Microsoft Win32k Elevation of Privilege ﴾CVE‐<strong>2017</strong>‐0263﴿
CHECKPOINT<br />
10 May <strong>2017</strong> Critical Kodi Open Subtitles Addon Remote Code Execution<br />
10 May <strong>2017</strong> High SAP GUI regsvr32.exe Rule <strong>Security</strong> Policy Bypass ﴾CVE‐<strong>2017</strong>‐6950﴿<br />
10 May <strong>2017</strong> Critical HPE Intelligent Management Center FileUploadServlet Directory Traversal ﴾CVE‐<strong>2017</strong>‐5794﴿<br />
10 May <strong>2017</strong> Critical Intel AMT Framework Unauthorized Admin Entry ﴾CVE‐<strong>2017</strong>‐5689﴿<br />
10 May <strong>2017</strong> Medium Adobe Acrobat and Reader Information Disclosure ﴾APSB17‐11: CVE‐<strong>2017</strong>‐3045﴿<br />
10 May <strong>2017</strong> High Apple Safari WebKit JSString Use After Free Code Execution ﴾CVE‐<strong>2017</strong>‐2491﴿<br />
10 May <strong>2017</strong> Critical HPE Intelligent Management Center CommonUtils ZIP Directory Traversal ﴾CVE‐<strong>2017</strong>‐5793﴿<br />
10 May <strong>2017</strong> Critical Microsoft Office Multiple Remote Code Execution ﴾CVE‐<strong>2017</strong>‐0261﴿<br />
10 May <strong>2017</strong> Critical Adobe Flash Player Memory Corruption ﴾APSB17‐15: CVE‐<strong>2017</strong>‐3074﴿<br />
10 May <strong>2017</strong> Critical Microsoft Office EPS Remote Code Execution ﴾CVE‐<strong>2017</strong>‐0262﴿<br />
14 May <strong>2017</strong> Critical Flash File Malicious Code Execution<br />
High<br />
14 May <strong>2017</strong><br />
Terror Exploit Kit URL Pattern<br />
High<br />
15 May <strong>2017</strong><br />
Microsoft Windows SMB Information Disclosure ﴾MS17‐010: CVE‐<strong>2017</strong>‐0147﴿
CHECKPOINT<br />
16 May <strong>2017</strong> Critical Microsoft Windows SMB Remote Code Execution ﴾MS17‐010: CVE‐<strong>2017</strong>‐0143﴿<br />
16 May <strong>2017</strong> Critical Microsoft Windows SMB Remote Code Execution ﴾MS17‐010: CVE‐<strong>2017</strong>‐0148﴿<br />
18 May <strong>2017</strong> Critical Microsoft Windows EternalBlue SMB Remote Code Execution<br />
18 May <strong>2017</strong> Critical Microsoft Windows Eternalromance SMB Remote Code Execution<br />
18 May <strong>2017</strong> Critical Microsoft Windows DoublePulsar SMB Remote Code Execution<br />
18 May <strong>2017</strong> Critical Microsoft Windows EsteemAudit RDP Remote Code Execution<br />
21 May <strong>2017</strong> Critical Microsoft Windows Eternalchampion SMB Remote Code Execution<br />
21 May <strong>2017</strong> Critical VLC ParseJSS Null Skip Subtitle Remote Code Execution<br />
Critical<br />
22 May <strong>2017</strong><br />
Joomla com! fields Component SQL Injection ﴾CVE‐<strong>2017</strong>‐8917﴿<br />
24 May <strong>2017</strong> Critical Microsoft Windows SMBTouch Scanner<br />
Critical<br />
25 May <strong>2017</strong><br />
Microsoft Windows EternalSynergy SMB Remote Code Execution<br />
Critical<br />
28 May <strong>2017</strong><br />
PDF File Containing Ransomware Downloader<br />
Critical<br />
28 May <strong>2017</strong><br />
Linux EternalRed Samba Remote Code Execution ﴾CVE‐<strong>2017</strong>‐7494﴿
JUNIPER<br />
05/02/<strong>2017</strong><br />
HIGH<br />
HTTP:STC:CHROME:PDF‐MC‐DOS<br />
05/04/<strong>2017</strong> MEDIUM APP:WIRESHARK‐CAPWAP<br />
05/04/<strong>2017</strong> HIGH SCADA:ATVISE‐WEBMI‐SHUTDOWN<br />
05/04/<strong>2017</strong> HIGH HTTP:STC:MOZILLA:JS‐INJCTN<br />
05/04/<strong>2017</strong> HIGH HTTP:STC:MOZILLA:INDEX‐FMT‐OOB<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0234‐RCE<br />
05/09/<strong>2017</strong> HIGH HTTP:SQL:EXPONENT‐CMS‐INJ<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:ADOBE:ACROBAT‐OOB<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:DL:CVE‐<strong>2017</strong>‐0175‐PE<br />
05/09/<strong>2017</strong> MEDIUM HTTP:STC:DL:CVE‐<strong>2017</strong>‐0245‐ID<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0266‐CE<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:QUICKTIME‐FLI‐RCE<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:ADOBE:CVE‐<strong>2017</strong>‐3070‐CE<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:ADOBE:CVE‐<strong>2017</strong>‐3073‐CE<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:ADOBE:CVE‐<strong>2017</strong>‐3072‐CE<br />
05/09/<strong>2017</strong> HIGH HTTP:DOS:APACHE‐CXF
JUNIPER<br />
05/09/<strong>2017</strong><br />
HIGH<br />
HTTP:STC:CHROME:CVE‐2014‐7927<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2014‐7928<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:DL:CVE‐<strong>2017</strong>‐0263‐EOP<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:DL:CVE‐<strong>2017</strong>‐0214‐EOP<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:DL:CVE‐<strong>2017</strong>‐0213‐EOP<br />
05/09/<strong>2017</strong> MEDIUM HTTP:MISC:SPLUNK‐CSRF<br />
05/09/<strong>2017</strong> MEDIUM HTTP:STC:DL:CVE‐<strong>2017</strong>‐0258‐ID<br />
05/09/<strong>2017</strong> MEDIUM HTTP:STC:DL:CVE‐<strong>2017</strong>‐0259‐ID<br />
05/09/<strong>2017</strong> HIGH DB:MYSQL:AUTH‐INT‐OF<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:DL:DOUBLE‐FETCH‐PRIV<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:DL:CVE‐<strong>2017</strong>‐0243‐RCE<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:DL:CVE‐<strong>2017</strong>‐0077‐DOS<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0236‐UAF<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:DL:CVE‐<strong>2017</strong>‐0246‐EOP<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0064‐SB<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0238‐RCE
JUNIPER<br />
05/09/<strong>2017</strong><br />
HIGH<br />
HTTP:STC:IE:CVE‐<strong>2017</strong>‐0228‐RCE<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0221‐RCE<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0227‐AV<br />
05/09/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0240‐RCE<br />
05/10/<strong>2017</strong> HIGH DB:ORACLE:TNS:REMOTE‐LISTNR‐MC<br />
05/10/<strong>2017</strong> HIGH APP:ISC‐BIND‐RNDC‐DOS<br />
05/10/<strong>2017</strong> HIGH HTTP:STC:ADOBE:CVE‐<strong>2017</strong>‐3069‐CE<br />
05/10/<strong>2017</strong> HIGH SSL:TREND‐MICRO‐COMM‐INJ<br />
05/10/<strong>2017</strong> HIGH HTTP:STC:ADOBE:CVE‐<strong>2017</strong>‐3074‐CE<br />
05/11/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2015‐6764<br />
05/11/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2014‐3176<br />
05/11/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2015‐1242<br />
05/11/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2013‐6632<br />
05/11/<strong>2017</strong> MEDIUM HTTP:MAL‐REDIRECT‐EXP‐142<br />
05/12/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2015‐6771<br />
05/12/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2016‐1646
JUNIPER<br />
05/12/<strong>2017</strong><br />
HIGH<br />
HTTP:STC:CHROME:CVE‐2016‐1653<br />
05/12/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2016‐1665<br />
05/12/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2016‐1669<br />
05/12/<strong>2017</strong> MEDIUM HTTP:STC:CHROME:CVE‐2016‐1677<br />
05/12/<strong>2017</strong> HIGH VOIP:SIP:DIGIUM‐ASTERSK‐BO<br />
05/12/<strong>2017</strong><br />
HTTP:XSS:IBM‐WEBSPHERE‐XSS<br />
MEDIUM<br />
05/16/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2016‐5129<br />
05/16/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2016‐1688<br />
05/16/<strong>2017</strong> MEDIUM HTTP:IBM‐ACLM‐PD<br />
05/16/<strong>2017</strong> HIGH HTTP:MISC:JENKINS‐CI‐CSRF<br />
05/16/<strong>2017</strong> HIGH DNS:ISC‐BIND‐CNAME‐DNAME‐DOS<br />
05/16/<strong>2017</strong> HIGH SMB:EMARALDTHREAD<br />
05/16/<strong>2017</strong> HIGH SMB:CVE‐2008‐4250‐BO<br />
05/16/<strong>2017</strong> HIGH SMB:ERRATICGOPHER<br />
05/16/<strong>2017</strong> HIGH IMAP:EMPHASISMINE<br />
05/16/<strong>2017</strong> HIGH HTTP:STC:CVE‐<strong>2017</strong>‐0290‐RCE
JUNIPER<br />
05/16/<strong>2017</strong><br />
INFO<br />
SMB:SMBV1‐REQ<br />
05/16/<strong>2017</strong> HIGH SMB:EXPLOIT:ANOMALOUS‐SMB<br />
05/16/<strong>2017</strong> HIGH SMB:EXPLOIT:EDUCATEDSCHOLAR‐RCE<br />
05/18/<strong>2017</strong> HIGH IMAP:OUTLOOK‐RCE<br />
05/18/<strong>2017</strong> HIGH APP:MISC:ESKIMOROLL‐KERBEROS‐PE<br />
05/18/<strong>2017</strong> HIGH MS‐RPC:RPC‐OVF<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:MOZILLA:CVE‐2014‐1513<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:SAFARI:CVE‐<strong>2017</strong>‐2446<br />
05/18/<strong>2017</strong> HIGH HTTP:MISC:GENERIC‐DIR‐TRAVERSAL<br />
05/18/<strong>2017</strong> CRITICAL APP:REMOTE:ESTEEMAUDIT‐RCE<br />
05/18/<strong>2017</strong> HIGH HTTP:HPE‐INTELLIGENT‐CENTER‐ID<br />
05/18/<strong>2017</strong> MEDIUM DNS:CVE‐<strong>2017</strong>‐0171‐DOS<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:MANTIS‐PASS‐RESET<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:ADOBE:CVE‐<strong>2017</strong>‐3071‐CE<br />
05/18/<strong>2017</strong> HIGH IHTTP:STC:ADOBE:CVE‐<strong>2017</strong>‐3068‐CE<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐<strong>2017</strong>‐5030
JUNIPER<br />
05/18/<strong>2017</strong><br />
HIGH<br />
HTTP:STC:CHROME:CVE‐2016‐5198<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:CHROME:CVE‐2016‐5200<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:IE:CVE‐<strong>2017</strong>‐0134‐RCE<br />
05/18/<strong>2017</strong> HIGH IHTTP:INTEL‐AMT‐PE<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:APPLE‐SAFARI‐PARAM‐UAF<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:APPLE‐CVE‐2016‐4622‐CE<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:APPLE‐TYPARRAY‐BUF‐NEU<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:APPLE‐SAFARI‐OOB<br />
05/18/<strong>2017</strong> HIGH HTTP:STC:CVE‐<strong>2017</strong>‐2464‐MC<br />
05/20/<strong>2017</strong> HIGH HTTP:MISC:JENKINS‐CI‐CSRF<br />
05/20/<strong>2017</strong> MEDIUM FTP:OVERFLOW:WINFTP‐DATA‐OF<br />
05/23/<strong>2017</strong> HIGH APP:MISC:ZABBIX‐PROXY‐CI<br />
05/23/<strong>2017</strong> HIGH HTTP:STC:DL:MS‐CVE‐<strong>2017</strong>‐0262‐TC<br />
05/24/<strong>2017</strong> HIGH HTTP:IIS:CVE‐<strong>2017</strong>‐7269‐RCE<br />
05/25/<strong>2017</strong> INFO CHAT:MSN:HTTP:CHAT<br />
05/28/<strong>2017</strong> MEDIUM HTTP:SUSP‐HDR‐REDRCT‐EXP‐143
FORTIGATE<br />
May 02, <strong>2017</strong> High Vulnerability: Mozilla.Firefox.CreateImageBitmap.Integer.Overflow<br />
May 02, <strong>2017</strong> Critical Vulnerability:WePresent.WiPG1000.Command.Injection<br />
May 02, <strong>2017</strong> Critical Vulnerability:Backdoor.DoublePulsar<br />
May 02, <strong>2017</strong> Medium Vulnerability: Apache.Tomcat.HTTP2.GOAWAY.Frame.DoS<br />
May 03, <strong>2017</strong> Medium Vulnerability: Backdoor.Redleaves<br />
May 04, <strong>2017</strong> Critical Vulnerability: Mozilla.Firefox.Table.Selection.Range.Handling.Use.After.Free<br />
May 05, <strong>2017</strong> High Vulnerability: MS.Edge.Asm.JS.Type.Confusion<br />
May 09, <strong>2017</strong> Critical Vulnerability: Microsoft.Edge.AudioContext.Memory.Corruption<br />
May 09, <strong>2017</strong> Critical Vulnerability: MS.Browser.Scripting.Engine.Array.SetUint32.Memory.Corruption<br />
May 09, <strong>2017</strong> High Vulnerability: MS.Windows.Kernel.TCPIP.SYS.Double.Fetch.Information.Disclosure<br />
May 09, <strong>2017</strong> High Vulnerability: MS.Windows.COM.Search.Service.Privilege.Escalation<br />
May 09, <strong>2017</strong> High Vulnerability:HPE.LoadRunner.Performance.Center.XDR.Strings.Buffer.Overflow<br />
May 09, <strong>2017</strong> High Vulnerability: MISC.BIND.DNS.Amplification.Root.DNAME.Query.Response.DoS<br />
May 09, <strong>2017</strong> Critical Vulnerability: MS.Browser.Scripting.Engine.Array.JIT.Handle.Memory.Corruption<br />
May 09, <strong>2017</strong> High Vulnerability: MS.Windows.TCPIP.Sys.Information.Disclosure<br />
May 10, <strong>2017</strong> Critical Vulnerability: Adobe.Flash.Multiple.Display.Objects.Mask.Memory.Corruption
FORTIGATE<br />
May 10, <strong>2017</strong> Medium Vulnerability: HPE.Intelligent.Management.ZIP.Directory.Traversal<br />
May 10, <strong>2017</strong> Critical Vulnerability: Ghostscript.Type.Confusion.Arbitrary.Command.Execution<br />
May 10, <strong>2017</strong> Critical Vulnerability:Intel.AMT.ISM.Web.Interface.Authorization.Privilege.Escalation<br />
May 10, <strong>2017</strong> Critical Vulnerability:Adobe.Flash.Gradient.Fill.Memory.Corruption<br />
May 10, <strong>2017</strong> Critical Vulnerability:Adobe.Flash.DisplayObject.BlendMode.Memory.Corruption<br />
May 10, <strong>2017</strong> Medium Vulnerability:Magento.Vimeo.Invalid.Image.CSRF<br />
May 11, <strong>2017</strong> Medium Vulnerability: Exponent.CMS.EaasController.API.Function.SQL.Injection<br />
May 11, <strong>2017</strong> High Vulnerability: Oracle.Fusion.Middleware.MapViewer.Directory.Traversal<br />
May 11, <strong>2017</strong> Medium Vulnerability:Mozilla.Firefox.HTTP.Index.Format.File.Information.Disclosure<br />
May 11, <strong>2017</strong> Critical Vulnerability: MS.Windows.MsMpEng.Type.Confusion.Code.Execution<br />
May 12, <strong>2017</strong> High Vulnerability: Schneider.Electric.VAMPSET.Memory.Corruption<br />
May 15, <strong>2017</strong> High Vulnerability :MS.SMB.Server.Trans.Peeking.Data.Information.Disclosure<br />
May 16, <strong>2017</strong> Critical Vulnerability: Crypttech.CryptoLog.Remote.Code.Injection<br />
May 17, <strong>2017</strong> Critical Vulnerability:MS.SMB.Server.SMB1.MID.FID.Parsing.Remote.Code.Execution<br />
May 18, <strong>2017</strong> High Vulnerability: ISC.BIND.CName.Record.Incorrect.Order.DoS<br />
May 18, <strong>2017</strong> Criticals Vulnerability : MS.SMB.Server.SMB1.Trans2.Secondary.Query.Path.Code.Execution
FORTIGATE<br />
May 19, <strong>2017</strong> High Vulnerability: Splunk.Enterprise.Alerts.ID.Server.CSRF<br />
May 24, <strong>2017</strong> Critical Vulnerability:Quest.Privilege.Manager.pmmasterd.Buffer.Overflow<br />
May 24, <strong>2017</strong> Critical Vulnerability:3S‐Smart.GmbH.CODESYS.Web.Server.Buffer.Overflow<br />
May 24, <strong>2017</strong> High Vulnerability: VLC.Player.VOB.File.Parsing.Heap.Corruption<br />
May 25, <strong>2017</strong> Moderate Vulnerability: MDaemon.Mail.Server.EasyBee.Command.Injection<br />
May 25, <strong>2017</strong> Critical Vulnerability: Joomla.Component.ComFields.SQL.Injection<br />
May 25, <strong>2017</strong> Critical Vulnerability: Avaya.ShadowBroker.EPICHERO.Remote.Code.Execution<br />
May 26, <strong>2017</strong> Critical Vulnerability: Samba.Writable.Share.Code.Execution<br />
May 26, <strong>2017</strong> High Vulnerability: Jenkins.CI.Server.Multiple.CSRF
IPS SIGNATURE RELEASE SUMMARY<br />
VENDOR<br />
DESCRIPTION<br />
RELEASE<br />
Fortigate Latest IPS Database version for Fortigate 11.148<br />
Cisco<br />
Latest IPS Database version for Cisco<br />
S983<br />
Juniper Latest IPS Database version for Juniper 2873<br />
Snort Latest IPS Database version for Snort 3.0<br />
Suricata Latest IPS Database version for Suricata 3.2.1<br />
Cyberoam Latest IPS Database version for Cyberoam 5.13.61<br />
ANTIVIRUS DATABASE VERSION<br />
VENDOR<br />
DESCRIPTION<br />
RELEASE<br />
Fortigate Latest Antivitus version for Fortigate 47.133<br />
ClamAv Latest Antivirus version for ClamAv 0.99.2<br />
NOD32 Latest Antivirus version for NOD32 15493<br />
McAfee Latest Antivirus version for McAfee 8543<br />
Comodo Latest Antivirus version for Comodo 27180<br />
AVG Latest Antivirus version for AVG 14512<br />
Cyberoam Latest Antivirus version for Cyberoam 10.06.3.719﴾vX to vX﴿
MALWARE OUTBREAK<br />
05/08/<strong>2017</strong> Threat Name Type Severity Affected Products Posted Date<br />
1 SONAR.Luminrat!g1 Trojan, Virus, Worm Low<br />
Windows<br />
05/02/<strong>2017</strong><br />
2 SONAR.SuspScript!g10 Trojan, Virus, Worm Low<br />
Windows<br />
05/02/<strong>2017</strong><br />
3 SONAR.SuspScript!g9 Trojan, Virus, Worm Low Windows 05/02/<strong>2017</strong><br />
4 Trojan.Destfallen.B Trojan, Low<br />
5 Python.Bellabot Trojan Low<br />
6 OSX.Turla Trojan Low<br />
7 Backdoor.Noknef Trojan Low<br />
8 Backdoor.Noknef!gm Trojan Low<br />
9 VBS.Halabake Trojan Low<br />
Windows<br />
Mac<br />
Mac<br />
Windows<br />
Windows<br />
Windows<br />
05/02/<strong>2017</strong><br />
05/02/<strong>2017</strong><br />
05/04/<strong>2017</strong><br />
05/04/<strong>2017</strong><br />
05/04/<strong>2017</strong><br />
05/05/<strong>2017</strong><br />
10 Trojan.Cassowar Trojan Low<br />
Windows<br />
05/07/<strong>2017</strong><br />
11 JS.Netrepser Trojan Low<br />
Windows<br />
05/08/<strong>2017</strong><br />
12 OSX.Proton Trojan Low<br />
Mac<br />
05/07/<strong>2017</strong><br />
13 W32.Cridex!gen16 Worm Low<br />
Windows<br />
05/08/<strong>2017</strong><br />
14 SONAR.Cryptlck!g146 Trojan, Virus, Worm Low<br />
Windows<br />
05/09/<strong>2017</strong><br />
15 Trojan.Reblight!gen1 Trojan Low<br />
Windows<br />
05/09/<strong>2017</strong><br />
16 Trojan.Halabake Trojan Low<br />
Windows<br />
05/08/<strong>2017</strong>
SNO Threat Name Type Severity Affected Products Posted Date<br />
17 VBS.Halabake!lnk Trojan Low Windows 05/08/<strong>2017</strong><br />
18 Ransom.Cerber!g23 Trojan Low<br />
Windows<br />
05/09/<strong>2017</strong><br />
19 SONAR.Cryptlck!g153 Trojan, Virus, Worm Low<br />
Windows<br />
05/09/<strong>2017</strong><br />
20 SONAR.SuspBeh!gen609 Trojan, Virus, Worm Low<br />
Windows<br />
05/09/<strong>2017</strong><br />
21 SONAR.Cryptlck!g152 Trojan, Virus, Worm Low<br />
Windows<br />
05/09/<strong>2017</strong><br />
22 SONAR.SuspJAR!gen3 Trojan, Virus, Worm Low<br />
Windows<br />
05/09/<strong>2017</strong><br />
23 Trojan.Boyapki Trojan Low<br />
Windows<br />
05/09/<strong>2017</strong><br />
24 Ransom.Wannacry Trojan, Worm Medium<br />
Windows<br />
05/12/<strong>2017</strong><br />
25 Ransom.Wannacry!gen2 Trojan, Worm Medium<br />
Windows<br />
05/15/<strong>2017</strong><br />
26 Ransom.Wannacry!gen1 Trojan, Worm Medium<br />
Windows<br />
05/15/<strong>2017</strong><br />
27 Ransom.Wannacry!gen3 Trojan, Worm Medium<br />
Windows<br />
05/16/<strong>2017</strong><br />
28 Trojan.Adylkuzz Trojan Low<br />
Windows<br />
05/17/<strong>2017</strong><br />
29 Hacktool.Seasharpee Trojan Low<br />
Windows<br />
05/17/<strong>2017</strong>
SNO Threat Name Type Severity Affected Products Posted Date<br />
17 SONAR.Hacktool!gen3 Trojan, Virus, Worm Low Windows 05/17/<strong>2017</strong><br />
18 Trojan.Sosopod Trojan Low<br />
Windows<br />
05/18/<strong>2017</strong><br />
19 Trojan.Adylkuzz!gen1 Trojan Low<br />
Windows<br />
05/18/<strong>2017</strong><br />
20 Ransom.Uiwix Trojan Low<br />
Windows<br />
05/18/<strong>2017</strong><br />
21 Exp.CVE‐<strong>2017</strong>‐0261 Trojan Low<br />
Windows<br />
05/20/<strong>2017</strong><br />
22 Trojan.Bravonc Trojan Low<br />
Windows<br />
05/21/<strong>2017</strong><br />
23 Trojan.Alphanc Trojan Low<br />
Windows<br />
05/21/<strong>2017</strong><br />
24 Trojan.Bravonc!gm Trojan Low<br />
Windows<br />
05/21/<strong>2017</strong><br />
25 W32.Eternalrocks Worm Low<br />
Windows<br />
05/22/<strong>2017</strong><br />
26 Ransom.Cerber!g25 Trojan Low<br />
Windows<br />
05/22/<strong>2017</strong><br />
27 SONAR.SuspBeh!gen93 Trojan, Virus, Worm Low<br />
Windows<br />
05/22/<strong>2017</strong><br />
28 Packed.Vmpbad!gen40 Trojan Low<br />
Windows<br />
05/23/<strong>2017</strong><br />
29 Trojan.Agentemis!gen1 Trojan Low<br />
Windows<br />
05/25/<strong>2017</strong>
SECURITY NEWS<br />
Intel Firmware Vulnerability<br />
May 01 , 201 7<br />
Intel has released recommendations to address a vulnerability in the firmware of the following Intel products:<br />
Active Management Technology, Standard Manageability, and Small Business Technology, firmware versions 6.x,<br />
7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel‐based consumer PCs. An attacker could<br />
exploit this vulnerability to take control of an affected system.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/01/Intel‐Firmware‐Vulnerability<br />
Google Releases <strong>Security</strong> Updates for Chrome<br />
May 02, 201 7<br />
Google has released Chrome version 58.0.3029.96 for Windows, Mac, and Linux. This version addresses a<br />
vulnerability that an attacker could exploit to cause a denial‐of‐service condition.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/02/Google‐Releases‐<strong>Security</strong>‐Updates‐Chrome<br />
Cisco Releases <strong>Security</strong> Updates<br />
May 03, 201 7<br />
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit<br />
some of these vulnerabilities to take control of an affected system.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/03/Cisco‐Releases‐<strong>Security</strong>‐Updates<br />
Microsoft Ending <strong>Security</strong> Updates for Windows 1 0 version 1 507<br />
May 04, 201 7<br />
After May 9, <strong>2017</strong>, devices running Windows 10 version 1507 will no longer receive security updates..<br />
Read more :https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/04/Microsoft‐Ending‐<strong>Security</strong>‐Updates‐<br />
Windows‐10‐version‐1507
IC3 Warns of Increase in BEC/EAC Schemes<br />
May 04, 201 7<br />
The Internet Crime Complaint Center ﴾IC3﴿ has issued an alert describing a growing number of scams targeting<br />
businesses working with foreign suppliers or businesses that regularly perform wire transfer payments. These<br />
sophisticated scams are classified as business email compromise ﴾BEC﴿ or email account compromise ﴾EAC﴿ and use<br />
social engineering techniques to defraud businesses.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/04/IC3‐Warns‐Increase‐BECEAC‐Schemes<br />
Mozilla Releases <strong>Security</strong> Updates<br />
May 05, 201 7<br />
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit<br />
this vulnerability to take control of an affected system.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/05/Mozilla‐Releases‐<strong>Security</strong>‐Updates<br />
Intel Firmware Vulnerability<br />
May 07, 201 7<br />
Intel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active<br />
Management Technology, Standard Manageability, and Small Business Technology firmware versions 6.x, 7.x, 8.x,<br />
9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel‐based consumer PCs. An attacker could exploit<br />
this vulnerability to take control of an affected system.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/07/Intel‐Firmware‐Vulnerability
Microsoft Releases Critical <strong>Security</strong> Update<br />
May 08, 201 7<br />
Microsoft has released a critical out‐of‐band security update addressing a vulnerability in the Microsoft Malware<br />
Protection Engine. A remote attacker could exploit this vulnerability to take control of an affected system.<br />
Read more :https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/08/Microsoft‐Releases‐Critical‐<strong>Security</strong>‐Update<br />
Adobe Releases <strong>Security</strong> Updates<br />
May 09, 201 7<br />
Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Experience<br />
Manager Forms. Exploitation of one of these vulnerabilities <strong>may</strong> allow a remote attacker to take control of an<br />
affected system.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/09/Adobe‐Releases‐<strong>Security</strong>‐Updates<br />
FTC Announces Resource for Small Business Owners<br />
May 09, 201 7<br />
The Federal Trade Commission ﴾FTC﴿ has released an announcement about its new website devoted to protecting<br />
small businesses. This resource aims to help business owners avoid scams, protect their computers and networks,<br />
and keep their customers' and employees' data safe.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/09/FTC‐Announces‐Resources‐Small‐<br />
Businesses
Cisco Releases <strong>Security</strong> Update<br />
May 1 0, 201 7<br />
Cisco has released a security update to address a vulnerability in its WebEx Meetings Server which could allow a<br />
remote attacker to obtain sensitive information.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/10/Cisco‐Releases‐<strong>Security</strong>‐Update<br />
Multiple Ransomware Infections Reported<br />
May 1 2, 201 7<br />
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is<br />
paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee<br />
access will be restored. Using unpatched and unsupported software <strong>may</strong> increase the risk of proliferation of<br />
cybersecurity threats, such as ransomware.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/12/Multiple‐Ransomware‐Infections‐Reported<br />
Apple Releases <strong>Security</strong> Updates<br />
May 1 5, 201 7<br />
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker <strong>may</strong> exploit<br />
some of these vulnerabilities to take control of an affected system.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/15/Apple‐Releases‐<strong>Security</strong>‐Updates<br />
FTC Releases Alert on Fraudulent Emails<br />
May 1 6, 201 7<br />
The Federal Trade Commission ﴾FTC﴿ has released an alert about scammers sending out fake emails that look<br />
authentic to trick you into sending money to them. Users should be suspicious of unsolicited phone calls or email<br />
messages from individuals asking about your information. If an unknown individual claims to be from a legitimate<br />
organization, try to verify his or her identity directly with the company.<br />
https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/16/FTC‐Releases‐Alert‐Fraudulent‐Emails<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/16/FTC‐Releases‐Alert‐Fraudulent‐Emails
WordPress Releases <strong>Security</strong> Update<br />
May 1 7, 201 7<br />
WordPress versions prior to 4.7.5 are affected by multiple vulnerabilities. A remote attacker could exploit some of<br />
these vulnerabilities to take control of an affected website.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/17/WordPress‐Releases‐<strong>Security</strong>‐Update<br />
ICSCERT Releases WannaCry Fact Sheet<br />
May 1 7, 201 7<br />
The Industrial Control Systems Cyber Emergency Response Team ﴾ICS‐CERT﴿ has released a short overview of the<br />
WannaCry ransomware infections. This fact sheet provides information on how the WannaCry program spreads,<br />
what users should do if they have been infected, and how to protect against similar attacks in the future.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/17/ICS‐CERT‐Releases‐WannaCry‐Fact‐Sheet<br />
Samba Releases <strong>Security</strong> Updates<br />
May 24, 201 7<br />
The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0<br />
onward. A remote attacker could exploit this vulnerability to take control of an affected system..<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/24/Samba‐Releases‐<strong>Security</strong>‐Updates<br />
FTC Releases Alert on Identity Theft<br />
May 25, 201 7<br />
The Federal Trade Commission ﴾FTC﴿ has released an alert about how quickly criminals begin using your personal<br />
information once it is posted to a hacker site by an identity thief. FTC researchers found that it can take as few as<br />
9 minutes for crooks to access stolen personal information posted to hacker sites. To prevent identity theft, a<br />
user should follow password security best practices, such as multi‐factor authentication, which requires a user to<br />
simultaneously present multiple pieces of information to verify their identity.<br />
Read more : https://www.us‐cert.gov/ncas/current‐activity/<strong>2017</strong>/05/25/FTC‐Releases‐Alert‐Identity‐Theft