Security Flaws & Fixes – W/E – 072018

Analysis of Russia's Vuln Database Finds Deep Focus, Few Publications of Bugs (07/16/2018)
Recorded Future assessed vulnerabilities published by the Federal Service for Technical and Export Control of Russia (FSTEC) and learned that Russia's vulnerability database is highly focused, incomplete, and slow. FSTEC is the military organization responsible for protecting state secrets and supporting counterintelligence and counterespionage operations and it runs Russia's vulnerability database. Generally, Russia publishes only 10% of known vulnerabilities, is on average 83 days slower than China's National Vulnerability Database (NVD), 50 days slower than the US NVD, and incomplete in the few technologies it does cover.

Cisco Advises on Multiple Vulnerabilities (07/18/2018)
Cisco has issued multiple advisories to address security issues across its product lines. Among the most severe issues are four critical vulnerabilities in the vendor's Policy Suite. Cisco posted the advisories on July 18 and recommends that users immediately update their products.

Eaton 9000X Drive Vulnerable to Stack-Based Overflow (07/16/2018)
A stack-based overflow bug in Eaton's 9000X Drive can be exploited to allow for a remote code execution, the ICS-CERT has warned. Eaton has issued an update.

Improper Input Bug Affecting ABB Panel Builder 800 (07/17/2018)
ABB's Panel Builder 800 is vulnerable to an improper input validation, according to an ICS-CERT advisory. All versions are affected. The advisory offers recommended security practices for mitigation purposes.

Juniper Networks Issues Security Bulletins (07/16/2018)
Juniper Networks released multiple bulletins to address vulnerabilities across its product lines. The bulletins focus on vulnerabilities in Juno OS and Contrail Service Orchestration.

Multiple Products from PEPPERL+FUCHS Plagued by Improper Authentication (07/17/2018)
An improper authentication vulnerability exists in VisuNet RM, VisuNet PC, and Box Thin Client from PEPPERL+FUCHS. Mitigation techniques are listed in an ICS-CERT's advisory.

Oracle Boots 334 Bugs Across Multiple Product Lines (07/17/2018)
Oracle's Critical Patch Update, which was issued on July 17, resolves 334 vulnerabilities across multiple product portfolios. The massive bulletin contains fixes for, among other products, MySQL, Fusion Middleware, Java SE, retail applications, financial services applications, and supply chain products.

Siemens Assessing Products for Vulnerabilities to New Spectre, Meltdown Variants (07/18/2018)
In an updated advisorySiemens has advised that it is assessing its products to see if they are vulnerable to the newest versions of the zero-day Meltdown and Spectre vulnerabilities known as LazyFP and Spectre 1.1.

VPNFilter Malware Can Still Afflict Home Routers (07/17/2018)
Trend Micro has analyzed the VPNFilter malware that has infected over a half million devices across 54 countries including those from Linksys and Netgear. While scanning the Internet for vulnerable devices, Trend Micro noted that 34% of home networks scanned between June 1 and July 12 had at least one device with a known vulnerability and that 9% of vulnerable devices can be exploited by VPNFilter.

WAGO e!DISPLAY Web-Based-Management Has Multiple Bugs (07/17/2018)
Multiple vulnerabilities were found in WAGO's e!DISPLAY Web-Based-Management and are detailed in an advisory from the ICS-CERT. WAGO recommends affected users update to the latest firmware (FW 02).

Malware Watch – W/E – 072018

Blackgear Cyberspy Campaign Exploits Social Media, Blogging Services (07/17/2018)
Blackgear, a cyber espionage campaign that dates back to 2008 (based on the Protux backdoor used by its operators), has had its tools fine-tuned to effectively target victims. The campaign, according to research from Trend Micro, is abusing blogging, micro-blogging, and social media services to hide its command and control configuration. Blackgear is using a new version of Protux and the Marade downloader, both of which have been found encrypted on blog and social media posts.

DanaBot Trojan Hides Inside Fake Invoices from Phishing Scam (07/17/2018)
Trustwave observed phishing emails targeting Australian customers with fake invoices from the software company MYOB, which contained FTP links pointing to compromised FTP servers. The FTP links were pointing to a zipped archive. This zipped archive contained a JavaScript that on execution downloads the DanaBot malware. DanaBot is a multi-component banking Trojan written in Delphi.

Emotet's Evolution: From Banking Trojan to Threat Delivery Service (07/17/2018)
Mealybug, the threat actor that has been active since 2014 and uses the customized Emotet Trojan, has changed the malware's infrastructure to act as a global packing and delivery service for other threat actors. Emotet typically has been used to attack European banking customers but Symantec noticed that Mealybug is offering an "end-to-end" service to deliver threats, obfuscate them, and provide a spreader module that allows the threats to self-propagate.

Hawkeye Keylogger Is Reborn in High-Volume Campaign (07/17/2018)
Microsoft's researchers have seen a resurgence of the Hawkeye keylogger, an information stealer that is being sold as a malware-as-a-service. In April, Hawkeye Keylogger - Reborn v8 made its debut and on April 30, Microsoft detected a high-volume campaign that distributed the latest variants of the keylogger. The campaign mostly targeted the software and technology sector.

Symantec Warns PowerShell Threats Increasing Exponentially (07/17/2018)
Symantec analyzed PowerShell threats and found that attacks had increased 661% between the second half of 2017 and the first half of 2018. The number of computers where PowerShell commands were executed doubled from 734,262 in Q1 2018 to 1,451,449 in Q2 2018. In May 2018, PowerShell scripts was observed being executed on an average of 480,000 computers per day.

Unsuspecting Soccer Fans Targeted by Malware, Phishing (07/16/2018)
McAfee has spotted malicious apps and phishing emails created specifically to target soccer supporters. Fans using the "Golden Cup" app are unaware that criminals have laced it with spyware. The threat campaign, called Android/FoulGoal.A, silently transfers information to cybercriminals, including victims' phone numbers, installed apps, device model and manufacturer, available internal storage capacity, and more.

CyberCrime – W/E – 072018

Andariel Group Uses Tactics to Spy on South Korean Parties (07/17/2018)
Trend Micro has observed new scouting techniques used by the Andariel Group, a known branch of the Lazarus threat entity, to target South Korean victims. According to South Korean security researchers IssueMakersLab, the group used an ActiveX zero-day exploit for watering hole attacks on South Korean Web sites in May. In June, Trend Micro noticed that Andariel injected its script into four other compromised South Korean Web sites for reconnaissance purposes. While the code of the new script was similar to the malware used in May, it was trying to obtain different ActiveX object information and targeted objects that it hadn't previously attacked.

Business Email Compromise Scams Eclipse $12 Billion in Global Losses (07/16/2018)
The Internet Crime Complaint Center (IC3) published an alert on business email compromise (BEC) scams. Between December 2016 and May 2018, there was a 136% increase in identified global exposed losses. The scam has been reported in all 50 states and in 150 countries. Over $12 billion USD has been lost globally as a result of BECs. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Consumers and businesses have both been victimized.

Cybercriminals Continue to Use Tech Support Scams to Swindle Money (07/17/2018)
The Federal Trade Commission (FTC) posted an alert regarding tech support scams and is warning consumers and businesses to be on the lookout for such criminal activity. Pop-up messages, fake Web sites, and phone calls are all part of the trick to get people to pay for worthless software, enroll in fake programs, or pay for nonexistent tech support, the FTC warned.

LuminosityLink Malware Creator Pleads Guilty, Faces 25 Years in Jail (07/17/2018)
Colton Ray Grubbs has pled guilty to creating and distributing LuminosityLink, a hacking tool that was used by customers to gain unauthorized access to and control over computers in over 78 countries. KrebsOnSecurity reported that Grubbs, a 21-year-old from Kentucky, developed the malware and later sold it online, mostly from the HackForums portal. He sold LuminosityLink for about $40 USD. Grubbs faces up to 25 years in prison and up to $750,000 in fines.

Twelve Russian Intelligence Officials Indicted for Hacking 2016 US Presidential Election (07/16/2018)
The Justice Department (DOJ) announced that a grand jury has indicted 12 Russian nationals for committing federal crimes that were intended to interfere with the 2016 US presidential election. All the defendants are members of the GRU, a Russian Federation intelligence agency within the Main Intelligence Directorate of the Russian military. The officers engaged in a sustained effort to hack into the computer networks of the Democratic Congressional Campaign Committee, the Democratic National Committee, and the presidential campaign of Hillary Clinton, and released that information under the names "DCLeaks" and "Guccifer 2.0" and through another entity. To avoid detection, the defendants used false identities while utilizing a network of computers located around the world, including the United States, paid for with cryptocurrency through mining bitcoin and other means intended to obscure the origin of the funds.

Vermin Joins Quasar and Sobaken RATs to Conduct Cyber Espionage on Ukraine (07/18/2018)
ESET published its findings on a continuous espionage campaign that has been attacking Ukrainian government institutions with sophisticated remote access tools (RATs) to exfiltrate sensitive documents from the victims' computers. The researchers have identified three different strains of .NET malware in these campaigns: the Quasar RAT, Sobaken RAT, and a custom-made RAT called Vermin. Quasar is an open-source RAT and is freely available on GitHub while Sobaken is a heavily modified version of Quasar. Vermin is a customized backdoor that currently supports 24 commands which are implemented in the main payload and several additional commands implemented via optional components, including audio recording, keylogging and password stealing.

Cloud Computing – W/E – 072018

China's iCloud Data to Be Housed on Government-Owned Servers (07/18/2018)
New moves by Apple's iCloud vendor in China mean that data stored in-country will be housed on servers controlled by a government owned company. In February, Apple partnered with Chinese Internet services company Guizhou on the Cloud Big Data Industrial Development Co., Ltd. (GCBD) to provide iCloud services in mainland China. That move was to conform to Chinese regulations that require data originating from Chinese individuals and organizations to be stored locally. According to TechCrunch, GCBD has now signed an agreement to migrate all iCloud data to China Telecom's Tianyi Cloud service. China Telecom is the country's government-owned telecommunications provider. The transfer of customer private data - including e-mail, text messages, and photographs - to a state-run organization has privacy advocates alarmed, although Apple insists that the necessary encryption keys to

Microsoft Expands Partnership with GE (07/16/2018)
Microsoft expanded its existing partnership to allow General Electric (GE) to standardize its Predix solutions on Azure. GE Digital's Predix application-development platform was created to help build, deploy, and run IIoT (Industrial Internet of Things) applications from edge to cloud. This integration will combine Predix with Azure's native-cloud capabilities, with the companies also agreeing to jointly perform co-selling and go-to-market services. The agreement will also see GE leverage Azure across its business, in addition to allowing various GE businesses to tap into Microsoft's advanced enterprise capabilities.

Microsoft Issues Updates to Microsoft 365, Azure Services (07/16/2018)
Microsoft issued new updates to its popular, cloud-based Microsoft 365 and Azure services. The 365 refresh, in particular, includes a new free version of Teams, added support for "intelligent events," and a new Workplace Analytics teamwork solution, among other new elements. In addition, Microsoft also introduced new Azure cloud-based services, apps, and data technology, with prominent releases include the Azure Data Box Disk, Azure Virtual WAN, and Azure Firewall.

Microsoft Releases Windows 10 IoT Core Services Public Preview (07/18/2018)
Microsoft released a public preview version of its Windows 10 IoT Core Services. These services are designed to provide support for helping partners distribute maintenance costs over the life of a device, and include 10 years of operating system support and security updates. The services can be purchased either upfront or as part of a recurring subscription. Further details are available via Microsoft's Windows Blogs.

Oracle's Responsys Unveils SPAN Aggregator Network for Marketing Cloud (07/17/2018)
Oracle's Responsys unveiled the SMS Public Aggregator Network - or "SPAN." Oracle's SPAN offers a self-service application within the Marketing Cloud for helping to find, order, and manage SMS services from one's aggregator of choice. Customers can identify aggregator networks by region, price, or route type.

Russian Military Creating Cyber Warfare Branch

atlanticcouncil.org - Russian Military Creating Cyber Warfare Branch A separate branch dedicated to cyber warfare is being created in the Russian Armed Forces as the Internet could become a new “theater of war” in the nea…


Tweeted by @notagentsmith https://twitter.com/notagentsmith/status/1020463931075317760

New Wearable Sensor Detects Stress Hormone In Sweat

An anonymous reader quotes a report from IEEE Spectrum: Today, a team of researchers at Stanford, led by materials science and engineering associate professor Alberto Salleo and postdoctoral research fellow Onur Parlak, announced in Science Advances that they've developed a wearable patch that can determine how much cortisol someone is producing in seconds, using sweat drawn from the skin under the patch. [Cortisol, a steroid hormone, goes up when a person is under physical or emotional strain.] The stretchy patch pulls in the sweat through perforations to a reservoir. A membrane on top of the reservoir allows charged ions, like sodium and potassium, to pass through. Cortisol, which has no charge, can't pass, and instead blocks the charged ions. Signals sent from an electrical sensor in the patch can be used to detect these backups and determine how much cortisol is in the sweat. The prototype cortisol detection patch channels sweat into a reservoir; a membrane selectively lets charged ions through, and the amount of these ions detected can be translated into a reading of cortisol levels in the sweat. Parlak tested the prototype on several runners, and reported that the cortisol levels detected by the wearable sensor patch matched those obtained by running samples of the runners' sweat through an ELISA (enzyme-linked immunosorbent assay) test that takes several hours.

Read more of this story at Slashdot.

Half Of US Retailers Have Seen A Data Breach This Year

Following research from Thales eSecurity that has revealed that 50 per cent of US retailers have experienced a breach in 2018, up from 19 per cent last year, Ross Rustici, Senior Director of Intelligence Services at Cybereason, explains why this increase has occurred.

Ross Rustici, Senior Director of Intelligence Services at Cybereason:

“This jump is most likely a result of two district trends. First, more retailers are rapidly expanding their use of IT to support their business which creates new risk that is a relative unknown to the organization. Second, last year was underreported. As these companies move to more comprehensive data and IT systems, the technical knowledge within the company and the security capabilities generally increase along with it. This allows the companies to gain greater visibility into their environments and catch activity that has always been there. This is likely a case of a spike in new detections not a spike in new activity.”

The ISBuzz Post: This Post Half Of US Retailers Have Seen A Data Breach This Year appeared first on Information Security Buzz.

PeerTube, the ‘Decentralized YouTube,’ Succeeds In Crowdfunding

A crowdfunded project, known as "PeerTube," has blown through its initial goal with 53,100 euros collected in forty-two days. The project aims to be "a fully decentralized version of YouTube, whose computer code is freely accessible and editable, and where videos are shared between users without relying on a central system." The goal is PeerTube to officially launch by October. Quariety reports: PeerTube relies on a decentralized and federative system. In other words, there is no higher authority that manages, broadcasts and moderates the content offered, as is the case with YouTube, but a network of "instances." Created by one or more administrators, these communities are governed according to principles specific to each of them. Anyone can freely watch the videos without registering, but to upload a video, you must choose from the list of existing instances, or create your own if you have the necessary technical knowledge. At the moment, 141 instances are proposed. Most do not have specifics, but one can find communities centered on a theme or open to a particular region of the world. In all, more than 4,000 people are currently registered on PeerTube, for a total of 338,000 views for 11,000 videos. The project does not display ads, unlike YouTube. "In terms of monetization, we wanted to make a neutral tool," says Pouhiou, communication officer for Framasoft, the origin of PeerTube. The site will rely on a "support" button at the start, but "people will be able to code their own monetization system" in the future.

Read more of this story at Slashdot.

Chinese Cyber Warfare: China’s Cyber Incursions, Strategic Method, Information Warfare Threat – Mandiant Report, Unit 61398, Henry Kissinger, Quantum Computing

tobem.com - China's Cyber Incursions: A Theoretical Look at What They See and Why They Do It Based on a Different Strategic Method of Thought – This 2013 paper discusses the strategy behind China's cyber activit…


Tweeted by @CyberToolsBooks https://twitter.com/CyberToolsBooks/status/1020446223491354630

Waymo’s Autonomous Vehicles Are Driving 25,000 Miles Every Day

With Nevada Governor Brian Sandoval at the National Governors Association, Waymo CEO John Krafcik announced a huge milestone: Waymo's fleet of self-driving vehicles are now logging 25,000 miles every day on public roads. The company reportedly has 600 self-driving Chrysler Pacifica Hybrid minivans on the road in 25 cities. Waymo has also driven 8 million miles on public roads using its autonomous vehicles, "meaning the comopany has been able to double the number of autonomous miles driven on public roads in just eight months," reports TechCrunch. From the report: The company also relies on simulation as it works to build an AI-based self-driving system that performs better than a human. In the past nine years, Waymo has "driven" more than 5 billion miles in its simulation, according to the company. That's the equivalent to 25,000 virtual cars driving all day, everyday, the company says. This newly shared goal signals Waymo is getting closer to launching a commercial driverless transportation service later this year. More than 400 residents in Phoenix have been trialing Waymo's technology by using an app to hail self-driving Chrysler Pacifica Hybrid minivans. The company says it plans to launch its service later this year.

Read more of this story at Slashdot.

ICO Analysis: BridgeX Network

As it stands, the fiat currency and cryptocurrency worlds are two very separate realms with interoperability, or the ability of the two realms to interact with each other, severely limited. For instance, although cryptocurrencies have emerged as an exciting new asset class in recent years, it’s still difficult to use crypto in the fiat currency […]

The post ICO Analysis: BridgeX Network appeared first on Hacked: Hacking Finance.

Intelligence Sec

intelligence-sec.com - Cyber Security is still a major concern for many European governments. Cybercrime is at an all time high and with many leading European cities becoming “Smart Cities” this is creating new opportuniti…


Tweeted by @conciseonline https://twitter.com/conciseonline/status/1020428412282974208

Uber Drivers ‘Employees’ For Unemployment Purposes, New York Labor Board Says

An anonymous reader quotes a report from Ars Technica: New York City's largest taxi driver advocacy group is hailing a legal decision by the New York State Unemployment Insurance Appeal Board, which ruled last Friday that three out-of-work Uber drivers can be considered employees for the purpose of unemployment benefits. The decision was first reported Thursday by Politico. In other words, three men -- and possibly other "similarly situated" Uber drivers who had quit over low pay or who were deactivated from the Uber platform -- can get paid. "The decision means that New York Uber drivers can file for unemployment insurance and likely receive it," Veena Dubal, a labor law professor at the University of California Hastings College of the Law in San Francisco, emailed Ars. "Uber may appeal the decision to state court, but for now, it's good law."

Read more of this story at Slashdot.

Trump Is Right to Meet Putin

politico.com - President Donald Trump and Russian President Vladimir Putin are seen at an earlier meeting in 2017. | Steffen Kugler/BPA via Getty Images America needs fewer enemies. What’s wrong with reducing tensi…


Tweeted by @Waxperson https://twitter.com/Waxperson/status/1020423161291116544

TA18-201A: Emotet Malware

Original release date: July 20, 2018

Systems Affected

Network Systems

Overview

Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.

This joint Technical Alert (TA) is the result of Multi-State Information Sharing & Analysis Center (MS-ISAC) analytic efforts, in coordination with the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC).

Description

Emotet continues to be among the most costly and destructive malware affecting SLTT governments. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.

Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Additionally, Emotet is a polymorphic banking Trojan that can evade typical signature-based detection. It has several methods for maintaining persistence, including auto-start registry keys and services. It uses modular Dynamic Link Libraries (DLLs) to continuously evolve and update its capabilities. Furthermore, Emotet is Virtual Machine-aware and can generate false indicators if run in a virtual environment.

Emotet is disseminated through malspam (emails containing malicious attachments or links) that uses branding familiar to the recipient; it has even been spread using the MS-ISAC name. As of July 2018, the most recent campaigns imitate PayPal receipts, shipping notifications, or “past-due” invoices purportedly from MS-ISAC. Initial infection occurs when a user opens or clicks the malicious download link, PDF, or macro-enabled Microsoft Word document included in the malspam. Once downloaded, Emotet establishes persistence and attempts to propagate the local networks through incorporated spreader modules.

Figure 1: Malicious email distributing Emotet

Currently, Emotet uses five known spreader modules: NetPass.exe, WebBrowserPassView, Mail PassView, Outlook scraper, and a credential enumerator.

  1. NetPass.exe is a legitimate utility developed by NirSoft that recovers all network passwords stored on a system for the current logged-on user. This tool can also recover passwords stored in the credentials file of external drives.
  2. Outlook scraper is a tool that scrapes names and email addresses from the victim’s Outlook accounts and uses that information to send out additional phishing emails from the compromised accounts.
  3. WebBrowserPassView is a password recovery tool that captures passwords stored by Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera and passes them to the credential enumerator module.
  4. Mail PassView is a password recovery tool that reveals passwords and account details for various email clients such as Microsoft Outlook, Windows Mail, Mozilla Thunderbird, Hotmail, Yahoo! Mail, and Gmail and passes them to the credential enumerator module.
  5. Credential enumerator is a self-extracting RAR file containing two components: a bypass component and a service component. The bypass component is used for the enumeration of network resources and either finds writable share drives using Server Message Block (SMB) or tries to brute force user accounts, including the administrator account. Once an available system is found, Emotet writes the service component on the system, which writes Emotet onto the disk. Emotet’s access to SMB can result in the infection of entire domains (servers and clients).
Figure 2: Emotet infection process

To maintain persistence, Emotet injects code into explorer.exe and other running processes. It can also collect sensitive information, including system name, location, and operating system version, and connects to a remote command and control server (C2), usually through a generated 16-letter domain name that ends in “.eu.” Once Emotet establishes a connection with the C2, it reports a new infection, receives configuration data, downloads and runs files, receives instructions, and uploads data to the C2 server.

Emotet artifacts are typically found in arbitrary paths located off of the AppData\Local and AppData\Roaming directories. The artifacts usually mimic the names of known executables. Persistence is typically maintained through Scheduled Tasks or via registry keys. Additionally, Emotet creates randomly-named files in the system root directories that are run as Windows services. When executed, these services attempt to propagate the malware to adjacent systems via accessible administrative shares.

Note: it is essential that privileged accounts are not used to log in to compromised systems during remediation as this may accelerate the spread of the malware.

Example Filenames and Paths:

C:\Users\<username>\AppData \Local\Microsoft\Windows\shedaudio.exe

C:\Users\<username>\AppData\Roaming\Macromedia\Flash Player\macromedia\bin\flashplayer.exe

Typical Registry Keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

System Root Directories:

C:\Windows\11987416.exe

C:\Windows\System32\46615275.exe

C:\Windows\System32\shedaudio.exe

C:\Windows\SysWOW64\f9jwqSbS.exe

Impact

Negative consequences of Emotet infection include

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Solution

NCCIC and MS-ISAC recommend that organizations adhere to the following general best practices to limit the effect of Emotet and similar malspam:

  • Use Group Policy Object to set a Windows Firewall rule to restrict inbound SMB communication between client systems. If using an alternative host-based intrusion prevention system (HIPS), consider implementing custom modifications for the control of client-to-client SMB communication. At a minimum, create a Group Policy Object that restricts inbound SMB connections to clients originating from clients.
  • Use antivirus programs, with automatic updates of signatures and software, on clients and servers.
  • Apply appropriate patches and updates immediately (after appropriate testing).
  • Implement filters at the email gateway to filter out emails with known malspam indicators, such as known malicious subject lines, and block suspicious IP addresses at the firewall.
  • If your organization does not have a policy regarding suspicious emails, consider creating one and specifying that all suspicious emails should be reported to the security or IT department.
  • Mark external emails with a banner denoting it is from an external source. This will assist users in detecting spoofed emails.
  • Provide employees training on social engineering and phishing. Urge employees not to open suspicious emails, click links contained in such emails, or post sensitive information online, and to never provide usernames, passwords, or personal information in answer to any unsolicited request. Educate users to hover over a link with their mouse to verify the destination prior to clicking on the link.
  • Consider blocking file attachments that are commonly associated with malware, such as .dll and .exe, and attachments that cannot be scanned by antivirus software, such as .zip files.
  • Adhere to the principal of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. Limit administrative credentials to designated administrators.
  • Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC), a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.

If a user or organization believes they may be infected, NCCIC and MS-ISAC recommend running an antivirus scan on the system and taking action to isolate the infected workstation based on the results. If multiple workstations are infected, the following actions are recommended:

  • Identify, shutdown, and take the infected machines off the network;
  • Consider temporarily taking the network offline to perform identification, prevent reinfections, and stop the spread of the malware;
  • Do not log in to infected systems using domain or shared local administrator accounts;
  • Reimage the infected machine(s);
  • After reviewing systems for Emotet indicators, move clean systems to a containment virtual local area network that is segregated from the infected network;
  • Issue password resets for both domain and local credentials;
  • Because Emotet scrapes additional credentials, consider password resets for other applications that may have had stored credentials on the compromised machine(s);
  • Identify the infection source (patient zero); and
  • Review the log files and the Outlook mailbox rules associated with the infected user account to ensure further compromises have not occurred. It is possible that the Outlook account may now have rules to auto-forward all emails to an external email address, which could result in a data breach.

Reporting

MS-ISAC is the focal point for cyber threat prevention, protection, response, and recovery for the nation’s SLTT governments. More information about this topic, as well as 24/7 cybersecurity assistance for SLTT governments, is available by phone at 866-787-4722, by email at SOC@cisecurity.org, or on MS-ISAC’s website at https://msisac.cisecurity.org/.

To report an intrusion and request resources for incident response or technical assistance, contact NCCIC by email at NCCICCustomerService@hq.dhs.gov or by phone at 888-282-0870.

References

Revision History

  • July, 20 2018: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


Containers or Virtual Machines: Which is More Secure?

Are virtual machines (VM) more secure than containers? You may think you know the answer, but IBM Research has found containers can be as secure, or more secure, than VMs. From a report: James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, writes: "One of the biggest problems with the current debate about Container vs Hypervisor security is that no-one has actually developed a way of measuring security, so the debate is all in qualitative terms (hypervisors 'feel' more secure than containers because of the interface breadth) but no-one actually has done a quantitative comparison." To meet this need, Bottomley created Horizontal Attack Profile (HAP), designed to describe system security in a way that it can be objectively measured. Bottomley has discovered that "a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor."

Read more of this story at Slashdot.

Who Owns the Moon? A Space Lawyer Answers

An anonymous reader shares a report: While the legal status of the Moon as a "global commons" accessible to all countries on peaceful missions did not meet any substantial resistance or challenge, the Outer Space Treaty left further details unsettled. Contrary to the very optimistic assumptions made at the time, so far humankind has not returned to the moon since 1972, making lunar land rights largely theoretical. That is, until a few years ago when several new plans were hatched to go back to the moon. In addition at least two U.S. companies, Planetary Resources and Deep Space Industries, which have serious financial backing, have started targeting asteroids for the purpose of mining their mineral resources. Geek note: Under the aforementioned Outer Space Treaty, the moon and other celestial bodies such as asteroids, legally speaking, belong in the same basket. None of them can become the "territory" of one sovereign state or another. The very fundamental prohibition under the Outer Space Treaty to acquire new state territory, by planting a flag or by any other means, failed to address the commercial exploitation of natural resources on the moon and other celestial bodies. This is a major debate currently raging in the international community, with no unequivocally accepted solution in sight yet. Roughly, there are two general interpretations possible. Countries such as the United States and Luxembourg (as the gateway to the European Union) agree that the moon and asteroids are "global commons," which means that each country allows its private entrepreneurs, as long as duly licensed and in compliance with other relevant rules of space law, to go out there and extract what they can, to try and make money with it. [...] On the other hand, countries such as Russia and somewhat less explicitly Brazil and Belgium hold that the moon and asteroids belong to humanity as a whole.

Read more of this story at Slashdot.

Market Update: U.S. Stocks Edge Lower in Tepid Trading; Earnings Up 21% So Far

U.S. stocks finished mixed-to-lower Friday as trade uncertainty outweighed robust corporate earnings from Microsoft, one of the tech industry’s most closely-watched blue-chips. Stocks Struggle for Direction All of Wall Street’s major indexes hovered around break-even in afternoon trade, with the S&P 500 Index and Nasdaq eventually settling lower. The large-cap S&P 500 edged down 0.1% […]

The post Market Update: U.S. Stocks Edge Lower in Tepid Trading; Earnings Up 21% So Far appeared first on Hacked: Hacking Finance.

Droppers Is How Android Malware Keeps Sneaking Into the Play Store

Catalin Cimpanu, writing for BleepingComputer: For the past year, Android malware authors have been increasingly relying on a solid trick for bypassing Google's security scans and sneaking malicious apps into the official Play Store. The trick relies on the use of a technique that's quite common in desktop-based malware, but which in the last year is also becoming popular on the Android market. The technique involves the usage of "droppers," a term denoting a dual or multiple-stage infection process in which the first stage malware is often a simplistic threat with limited capabilities, and its main role is to gain a foothold on a device in order to download more potent threats. But while on desktop environments droppers aren't particularly efficient, as the widespread use of antivirus software detects them and their second-stage payloads, the technique is quite effective on the mobile scene.

Read more of this story at Slashdot.

DataBreachToday.com RSS Syndication: LabCorp Still Recovering From Ransomware Attack

SamSam, Other Ransomware Still Menacing Healthcare Sector
Medical testing laboratory firm LabCorp is still working to fully recover systems functionality nearly a week after a cyberattack that the company now claims involved "a new variant" of ransomware. What can other organizations do to avoid becoming the next victim?

DataBreachToday.com RSS Syndication

March-April 2018 test results: More insights into industry AV tests

In a previous post, in the spirit of our commitment to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions, we shared insights and context into the results of AV-TESTs January-February 2018 test cycle. We released a transparency report to help our customers and the broader security community to stay informed and understand independent test results better.

In the continued spirit of these principles, wed like to share Windows Defender AVs scores in the March-April 2018 test. In this new iteration of the transparency report, we continue to investigate the relationship of independent test results and the real-world protection of antivirus solutions. We hope that you find the report insightful.

Download the complete transparency report on March-April 2018 AV-TEST results

 

Below is a summary of the transparency report:

Protection: Windows Defender AV achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate). With the latest results, Windows Defender AV has achieved 100% on 9 of the 12 most recent tests (combined “Real World” and “Prevalent malware”).
Usability (false positives):Windows Defender AV maintained its previous score of 5.5/6.0. Based on telemetry, most samples that Windows Defender AV incorrectly classified as malware (false positive) had very low prevalence and are not commonly used in business context. This means that it is unlikely for these false positives to affect enterprise customers.
Performance: Windows Defender AV maintained its previous score of 5.5/6.0 and continued to outperform the industry in most areas. These results reflect the investments we made in optimizing Windows Defender AV performance for high-frequency actions.

 

The report aims to help customers evaluate the extent to which test results are reflective of the quality of protection in the real world. At the same time, insights from the report continue to drive further improvements in the intelligent security services that Microsoft provides for customers.

Windows Defender AV and the rest of the built-in security technologies in Windows Defender Advanced Threat Protection (Windows Defender ATP) work together to create a unified endpoint security platform. In real customer environments, this unified security platform provides intelligent protection, detection, investigation, and response capabilities that are not currently reflected in independent tests. We tested the two malware samples that Windows Defender AV missed in the March-April 2018 test and proved that for both missed samples, at least three other components of Windows Defender ATP would detect or block the malware in a true attack scenario. You can find these details and more in the transparency report.

Download the complete transparency report on March-April 2018 AV-TEST results

 

The Windows Defender ATP security platform incorporates attack surface reduction, next-generation protection, endpoint detection and response, and advanced hunting capabilities. To see these capabilities for yourself, sign up for a 90-day trial of Windows Defender ATP, or enable Preview features on existing tenants.

 

 

 

Zaid Arafeh

Senior Program Manager, Windows Defender Research team

 

 


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.

CVE-2018-5067

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5066

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5065

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5070

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5069

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5068

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5054

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5053

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5056

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5042

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5058

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5055

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5060

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5059

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5062

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5052

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5064

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5051

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5050

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5063

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5043

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5045

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5044

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5049

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5046

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5048

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5057

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5047

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5061

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5036

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5030

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5038

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5029

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5040

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5028

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5034

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5027

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5032

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5026

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5035

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5024

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5039

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5023

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5033

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5022

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5037

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5021

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5031

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5020

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5041

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5025

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5011

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5014

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12812

Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5016

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12815

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5018

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12803

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12802

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation.

CVE-2018-5012

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5017

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12798

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5007

Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5015

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12797

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5010

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12796

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5019

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5009

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12782

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12781

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12780

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12795

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12783

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12794

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12774

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12776

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12779

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12784

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12773

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12785

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12786

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12787

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12788

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12792

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12789

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12790

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12791

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12777

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12793

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12755

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12767

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12757

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12764

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12763

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12762

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12761

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12765

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12768

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12770

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12771

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12766

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12756

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12760

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12772

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12754

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12758

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.