Weekly IT Security News Bulletin, 2018-W31 30 July – 5 August 2018

Headlines

Spam tops the menu for online criminals

Spam has been one of the major ways of malware infection for decades. A recent research report of an anti-malware vendor stated that email spam is the most popular choice for attackers in sending out malware. From spam samples collected by the vendor in Q2 2018, dating scams are the most common malicious content (46%), followed by links to malicious websites (31%), and malicious attachments (23%).

The vendor explained that spam is popular because it is more effective than other attack tactics. It reported that the success click rate for infection has increased from 13.4% in the second half of 2017 to 14.2% in the first half of 2018. Some tactics such as spam seemingly coming from known senders, with error-free subject line, and implicit indication of urgency for actions could noticeably help to increase the click rate.

With the de-support of Adobe Flash as plugins on websites, cases of drive-by downloads exploiting vulnerabilities of Adobe Flash would decrease. This drives the attackers to rely more on email spam. The report also showed that 85% malicious attachments of spam were of five file types including ZIP, DOC, XLS, PDF and 7Z.

Advice Organisations should provide anti-spam awareness training to staff for their proper handling of email spam.

Email recipients should think twice before opening attachments and clicking links from any emails and verify with the known senders if in doubt.

Email or system administrators may block unnecessary file types of attachments and disable macro scripts in Office files by default.

Sources F-Secure ZDNet

GovCERT.HK Weekly IT Security News Bulletin 2018-W31 1

Magniber Ransomware targeting Asian countries

Magniber is a ransomware debuted in October 2017. In the first nine months, it only targeted South Korean users. Afterwards, it started spreading to Hong Kong, Taiwan and a few other Asian countries.

Magniber is distributed by the Magnitude exploit kit, which spreads malware via country-specific malvertising chains. The ransomware is also intelligent enough to decide whether to install or remove itself by referencing the country code of the infected computer.

The recent Magniber attacks were made by exploiting a remote code execution vulnerability in the Internet Explorer kernel (CVE-2018-8174) disclosed in April 2018. The exploit could be executed on a vulnerable Windows system when the user is enticed to visit the attacker’s website or open an Office document embedded with the attacker’s OLE autolink objects. Microsoft released the fix at its security bulletin in May 2018.

Advice Patch your Windows systems once Microsoft security updates are available.

Back up your data frequently to minimise impacts in case of ransomware infection.

Do not open office document from unknown sources.

Do not visit websites from suspicious domains.

Sources Malwarebytes Labs Bleeping Computer

GovCERT.HK Weekly IT Security News Bulletin 2018-W31 2

Product Vulnerability Notes & Security Updates

1. AVEVA Wonderware License Server

https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05

2. Cisco Products

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801- fampmac https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp- dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-rxss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm- xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-wsa-xss

3. Davolink DVW-3200N

https://ics-cert.us-cert.gov/advisories/ICSA-18-212-01

4. Debian

https://www.debian.org/security/2018/dsa-4256 https://www.debian.org/security/2018/dsa-4257 https://www.debian.org/security/2018/dsa-4258 https://www.debian.org/security/2018/dsa-4259 https://www.debian.org/security/2018/dsa-4260

5. Drupal

https://www.drupal.org/SA-CORE-2018-005

6. F5 Products

https://support.f5.com/csp/article/K23024812 https://support.f5.com/csp/article/K46394694 https://support.f5.com/csp/article/K58935003

7. Gentoo Linux

https://security.gentoo.org/glsa/201807-03 https://security.gentoo.org/glsa/201807-04

8. IBM InfoSphere Information Server

https://www-01.ibm.com/support/docview.wss?uid=ibm10716941

GovCERT.HK Weekly IT Security News Bulletin 2018-W31 3

9. openSUSE

https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00033.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00034.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00035.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00036.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00037.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00038.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00039.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00040.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00041.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00042.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00043.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00044.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00045.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00046.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00047.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00048.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00049.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00050.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00052.html https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00000.html https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00001.html

10. Oracle Linux

https://linux.oracle.com/errata/ELSA-2018-2283.html https://linux.oracle.com/errata/ELSA-2018-2284.html https://linux.oracle.com/errata/ELSA-2018-2285.html https://linux.oracle.com/errata/ELSA-2018-2286.html https://linux.oracle.com/errata/ELSA-2018-2308.html

11. Red Hat

https://access.redhat.com/errata/RHSA-2018:2282 https://access.redhat.com/errata/RHSA-2018:2283 https://access.redhat.com/errata/RHSA-2018:2284 https://access.redhat.com/errata/RHSA-2018:2285 https://access.redhat.com/errata/RHSA-2018:2286 https://access.redhat.com/errata/RHSA-2018:2289 https://access.redhat.com/errata/RHSA-2018:2290 https://access.redhat.com/errata/RHSA-2018:2308 https://access.redhat.com/errata/RHSA-2018:2309 https://access.redhat.com/errata/RHSA-2018:2317 https://access.redhat.com/errata/RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2328

GovCERT.HK Weekly IT Security News Bulletin 2018-W31 4

12. Slackware

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware- security.361064 https://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware- security.410903 https://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware- security.440833 https://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware- security.562481 https://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware- security.721251

13. SUSE

https://www.suse.com/security/cve/CVE-2018-3665/ https://www.suse.com/support/update/announcement/2018/suse-su-20182081-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182082-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182083-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182084-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182085-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182089-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182092-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182141-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182142-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182143-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182144-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182145-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182150-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182158-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182162-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182163-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182165-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182171-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182172-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182176-1/ https://www.suse.com/support/update/announcement/2018/suse-su-20182177-1/

14. Ubuntu

https://usn.ubuntu.com/3725-1/ https://usn.ubuntu.com/3725-2/ https://usn.ubuntu.com/3726-1/ https://usn.ubuntu.com/3727-1/ https://usn.ubuntu.com/3728-1/ https://usn.ubuntu.com/3728-2/ https://usn.ubuntu.com/3728-3/

15. WECON LeviStudioU

https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03

GovCERT.HK Weekly IT Security News Bulletin 2018-W31 5

Sources of product vulnerability information: Cisco Debian Drupal F5 Gentoo Linux IBM ICS-CERT openSUSE Oracle Linux Red Hat Slackware SUSE Ubuntu

Contact: [email protected]

GovCERT.HK Weekly IT Security News Bulletin 2018-W31 6