Microsoft has published Vulnerability-related.PatchVulnerability a patch for an Outlook vulnerability first reported Vulnerability-related.DiscoverVulnerability in late 2016 , but the patch has been deemed Vulnerability-related.PatchVulnerability incomplete and additional workarounds are needed , according to the security researcher who discovered Vulnerability-related.DiscoverVulnerability it . Yesterday 's April 2018 Patch Tuesday updates train included a fix for CVE-2018-0950 , a vulnerability in Microsoft Outlook discovered Vulnerability-related.DiscoverVulnerability by Will Dormann , a vulnerability analyst at the CERT Coordination Center ( CERT/CC ) . Outlook retrieves remote OLE content without prompting According to Dormann , the main problem with CVE-2018-0950 is that Microsoft Outlook will automatically render the content of remote OLE objects embedded inside rich formatted emails without prompting the user , something that Microsoft does in other Office apps such as Word , Excel , and PowerPoint . This leads to a slew of problems that come from automatically rendering OLE objects , a common attack vector for malware authors . Microsoft patches SMB attack vector only In a CERT/CC vulnerability note , Dormann says he notified Microsoft of Outlook 's propensity for loading OLE objects without alerting users in November 2016 . After almost 18 months , the company finally issued Vulnerability-related.PatchVulnerability a patch for the reported issue , but Dormann says the patch does not address Vulnerability-related.PatchVulnerability the problem at the core of the issue . According to Microsoft , the CVE-2018-0950 patch delivered Vulnerability-related.PatchVulnerability yesterday only blocks Outlook from initiating SMB connections when previewing rich formatted emails . Dormann points out that Outlook still does not prompt user for permission to render OLE objects for email previews . Furthermore , the researcher also highlights that there are other ways of obtaining the NTLM hashes , such as embedding UNC links to SMB servers inside the email , links that Outlook will automatically make clickable . `` If a user clicks such a link , the impact will be the same as with this vulnerability , '' Dormann says . But even this incomplete patch is good news . This means that while Outlook will continue to render OLE objects inside email previews , at least these objects ca n't be used to steal NTLM hashes via SMB anymore . To avoid attackers from getting their hands on NTLM hashes via SMB altogether , the expert recommends that system administrators apply additional OS-level workarounds ,

WhatsApp has patched Vulnerability-related.PatchVulnerability a vulnerability in its smartphone code that could have been exploited Vulnerability-related.DiscoverVulnerability by miscreants to crash victims ' chat app simply by placing a call . Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported Vulnerability-related.DiscoverVulnerability the flaw , a memory heap overflow issue , directly to WhatsApp in August . Now that a fix is out Vulnerability-related.PatchVulnerability , Silvanovich can go public Vulnerability-related.DiscoverVulnerability with details on the potentially serious flaw . According to Silvanovich 's report , the bug is triggered when a user receives a malformed RTP packet , triggering the corruption error and crashing the application . In practice , the malformed packet that triggers the crash could be sent via a simple call request . `` This issue can occur when a WhatsApp user accepts a call from a malicious peer , '' Silvanovich explained . `` It affects both the Android and iPhone clients . '' While Silvanovich has not said whether further actions ( like remote code execution ) would be possible to pull off in the wild , the flaw was serious enough to draw the attention of fellow Google researcher Tavis Ormandy . Fortunately , as the bug has been patched Vulnerability-related.PatchVulnerability users will be able to get Vulnerability-related.PatchVulnerability a fix for the flaw by updating Vulnerability-related.PatchVulnerability to the latest version of WhatsApp on Android and iOS . We 're still waiting to hear from Google or Facebook on more details , such as if the desktop app is affected of if RCE is possible , but its PR team has a lot on today . The disclosure will add another to the growing list of apps that will need to be updated thanks to October security patches . Earlier today , Microsoft delivered Vulnerability-related.PatchVulnerability its Patch Tuesday security bundle , with Adobe dropping Vulnerability-related.PatchVulnerability its second major patch bundle in as many weeks and Google having posted Vulnerability-related.PatchVulnerability the Android monthly update last week .

Netskope Threat Research Labs has observed phishing attacks Attack.Phishing using decoy PDF files , URL redirection , and Cloud Storage services to infect users and propagate malware . Because many organizations have default “ allow ” security policies for popular Cloud Storage services and PDF readers to let users take advantage of these useful services , these attacks pass through the corporate network to end users ’ machines undetected . Moreover , as users collaborate and share through cloud services , these malicious files posing as Attack.Phishing PDFs “ fan out ” to shared users , creating a secondary propagation vector . We are calling this the “ CloudPhishing Fan-out Effect Attack.Phishing ” . In this blog , we will detail the insidious nature of CloudPhishing Attack.Phishing and the secondary fan-out using two recently detected cases . We will also illustrate how an attack – even if unsuccessful – may leave the target vulnerable to future attacks . Additionally , we will outline the Netskope protection stance , and general best practices to handle this attack . The CloudPhishing fan-out effect Attack.Phishing occurs when a victim inadvertently shares the phishing document with colleagues , whether internal or external , via a cloud service . This is particularly insidious in the cloud , as shared users lose the context of the document ’ s external origin and may trust the internally shared document as if it were created internally . Other than having the file shared in OneDrive , the SaaS application is unrelated to the attack . This threat , seen in one of our customer environments , is detected by Netskope Active Threat Protection as Backdoor.Phishing.FW . The decoy PDF is usually delivered Attack.Phishing as an email attachment named , “ invoice ” in an attempt to lure Attack.Phishing the victim into executing the file . This , in effect , weakens the security posture of the endpoint against future attacks . The decoy PDF connects to the TinyURL link , http : //TinyURL [ . The attacker used the TinyURL link as an evasive tactic to hide the original link . At the time of analysis , the web page was down and not serving any content . This might be because the web page was removed or renamed . Our analysis showed that the Adobe Acrobat Reader prompts a security warning to the user when the document connects to a link . This feature allows any URL related to the domain that is on the allowed list . Based on the behavior seen in the latest version of the Adobe Acrobat Reader , we recommend users un-check the “ Remember this action… ” option while allowing the PDF to connect to an external link . We also advise users to hover their mouse over the hyperlink to confirm the link and also regularly monitor managed Internet access settings in the PDF reader ’ s Trust Manager . The phishing PDF decoys showcase the use of URL redirectors and cloud services , and also a secondary propagation vector within the shared users leading to the CloudPhishing fan-out Attack.Phishing . By taking advantage of the “ default allow ” action in popular PDF readers , the attacker can easily deploy multiple attacks without getting the security warning after the first alert . This makes the attacker effectively a host for phishing pages or malicious payloads using URL redirection services and Cloud Storage services

A pair of iOS bugs identified Vulnerability-related.DiscoverVulnerability as resolved Vulnerability-related.PatchVulnerability by Apple in its latest iOS 12.1.4 release were successfully exploited Vulnerability-related.DiscoverVulnerability by hackers , according to a Google researcher who shared details Vulnerability-related.DiscoverVulnerability of the zero-day vulnerabilities on Thursday . Apple 's latest iOS 12.1.4 release , issued Vulnerability-related.PatchVulnerability earlier today , contains fixes for Foundation and IOKit flaws that , according to security researcher Ben Hawkes , were used to hack devices in the wild . As noted by ZDNet , Hawkes , leader of Google 's Project Zero security team , shared the revelation Vulnerability-related.DiscoverVulnerability on Twitter late Thursday , saying Vulnerability-related.DiscoverVulnerability the iOS bugs were leveraged as zero-day vulnerabilities . How , exactly , the vulnerabilities were exploited Vulnerability-related.DiscoverVulnerability and by whom is unknown . Both bugs were detailed Vulnerability-related.DiscoverVulnerability in Apple documentation detailing security changes delivered Vulnerability-related.PatchVulnerability with the iOS 12.1.4 package . Logged with the identifier Vulnerability-related.DiscoverVulnerability CVE-2019-7286 , the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . An anonymous researcher , Clement Lecigne of Google Threat Analysis Group , Ian Beer of Google Project Zero and Samuel Grob of Google Project Zero were credited with finding Vulnerability-related.DiscoverVulnerability the flaw . The second bug , identified Vulnerability-related.DiscoverVulnerability as CVE-2019-7287 , also involves a memory corruption , but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . The same researchers were credited with the find Vulnerability-related.DiscoverVulnerability . Apple released Vulnerability-related.PatchVulnerability iOS 12.1.4 alongside a supplemental update to macOS Mojave to address Vulnerability-related.PatchVulnerability the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls . The update also patched Vulnerability-related.PatchVulnerability a Live Photos in FaceTime bug that was discovered Vulnerability-related.DiscoverVulnerability after Apple conducted a `` thorough security audit '' of the service . Details of the Live Photos vulnerability have yet to be made public Vulnerability-related.DiscoverVulnerability .