03-04

Weekly Awareness Report (WAR)

March 4, 2019

The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: last 10 Malware* Troj/Stealer-KC* Troj/Fareit-GZW* Troj/Agent-BAUY* Troj/Agent-BATC* Troj/Phish-EQB* Troj/Dharma-D* Troj/SpyEye-HS* Troj/MSILInj-YB* Troj/VB-KCR* Troj/Ticanoti-A

Last 10 PUAs* PC Hunter* MacBooster* Adposhel* Mughthesec* SurfBuyer* StartPage* AdvancedMacCleaner* MNTZ AdInject* Bitcoin Miner* KMS Activator

Interesting News

* Threats to users of adult websites in 2018We examined malware disguised as pornographic content, and malware that hunts for credentials to access pornographywebsites. We looked at the threats that are attacking users across the internet in order to find out which popular websitesmight be dangerous to visit. Additionally, we checked our phishing and spam database to see if there is a lot ofpornographic content on file and how is it used in the wild.

* * If you are interested, we have an active FaceBook Group and YouTube Channel. As always, if you have anysuggestions, feel free to let us know. Subscribe if you would like to receive the CIR updates: CIR@informationwarfarecenter.com

Index of Sections

Article

Current News

* Packet Storm Security

* Dark Reading

* Krebs on Security

* The Hacker News

* McAfee

* Threat Post

* Naked Security

* Quick Heal - Security Simplified

Critical Infrastructure

* Security Magazine's Latest Published

Hacker Corner: Tools, Hacked Defacements, and Exploits

* Packet Storm Security Latest Published Tools

* Zone-H Latest Published Website Defacements

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* Secunia Chart of Vulnerabilities Identified

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

ArticleWhat is the DoDD 8140 (DoDD 8570) and why is it important?By Jeremy Martin

The Department of Defense (DoD) pushed a training and certification standard in 2005. By the end of FY 2010,all personnel performing IA functions described in the DoD 8570.01-M had to be certified. The list ofcertifications has gone through many revisions since.

The DoD CIO replaced the DoD Directive (DoDD) 8570 with DoDD 8140; DoDD 8570 is now a part of a largerinitiative that falls under the guidelines of DoDD 8140. It is based on National Institute of Standard andTechnology (NIST) National Initiative for Cybersecurity Education (NICE) standard. DoDD 8140 providesguidance and procedures for the training, certification, and management of all government employees whoconduct Information Assurance functions in assigned duty positions. These individuals are required to carry anapproved certification for their particular job classification.

If you work in the DoD, this is a requirement for many jobs disciplines within the information security sphere.Without meeting the requirement, you don't have a job. If a Government puts so much weight on certaincredentials, the industry tends to follow suite.

There are 3 new certifications added to the last revision.

* CertNexus CyberSec First Responder (CFR)* EC-Council Certified Chief Information Security Officer (CCISO)* EC-Council Computer Hacking Forensics Investigator (CHFI)

This is a big win for EC-Council and those that already have the Certified Ethical Hacker (CEH) since it nowadds more weight to the certifications in both the DoD and the industry.

If you need some Continuing Education Credits for what ever certification you do currently have, there are a tonof free resources out there. You just need to document and justify that they are related to your certification andthe time you spend and submit that to the certification authority. Here is a list of free opportunities:

* edX - Free College Courses Online* OEDB - Links college courses worldwide (free and paid)* Harvard Open Learning Online (free and paid)* Cybrary* DefCon Conference YouTube Channel* Hak5 YouTube Channel

The main thing to keep in mind is that life is a continuous classroom. To improve personally and in yourprofession, keep learning new things or more about what you already know. It doesn't have to directly tie in withthe work you do. If you keep moving forward, you will continue to grow.

News

Packet Storm Security

* Container Escape Hack Targets Vulnerable Linux Kernel* Facebook Faces Backlash Over Users' Safety Phone Numbers* Comcat Set Mobile PINs To 0000, Helping Attackers Steal Phone Numbers* Huawei Preparing To Sue US Government Over Ban* Researchers Discover 300+ Applications Backdoored On GitHub* Open Source Breaches Surge In The Past 12 Months* Coinhive Closes Its Doors* Revealed: Facebook's Global Lobbying Against Data Privacy Laws* Retail Industry Endures New Point-Of-Sale Cybercrime Spree* Cryptocurrency Creator Collared, Hit With $6 Million Fraud Rap* How One Teenager Is Making Millions By Hacking Legally* Shifty New Variant Of Qbot Banking Trojan Spreads* Palisades Park Receives $200,000 Advance After Cyberattack* Huawei Units Plead Not Guilty To U.S. Trade Secret Theft* Vulnerability Exposes Location Of Thousands Of Malware C&C Servers* The Military Wants To Build Lethal Tanks With AI* Dow Jones List Of 2.4 Million Risky Banking Clients Exposed Online* Cisco Fixes Critical Flaw In Wireless VPN, Firewall Routers* Ring Doorbell Flaw Opens Door To Spying* Fin6 Using FrameworkPOS Scraping Malware In POS Attacks* TikTok Receives Record Fine For Video Sharing App Over Children's Data* Operator Of Eight DDoS For Hire Services Pleads Guilty* Video: Wikileaks Rears Its Head In Cohen Testimony Against Trump* California AG Expanding Consumer Privacy Protections* The Dark Sides Of Modern Cars: Hacking And Data Collection

Dark Reading

* Here's What Happened When a SOC Embraced Automation* Security Experts, Not Users, Are the Weakest Link* Security Pros Agree: Cloud Adoption Outpaces Security* Encryption Offers Safe Haven for Criminals and Malware* Turkish Group Using Phishing Emails to Hijack Popular Instagram Profiles * Solving Security: Repetition or Redundancy? * Data Leak Exposes Dow Jones Watchlist Database* Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service* Bots Plague Ticketing Industry* In 2019, Cryptomining Just Might Have an Even Better Year* Find your New Favorite Security Tool in the Black Hat Asia Arsenal* IoT, APIs, and Criminal Bots Pose Evolving Dangers* More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes* Intel Focuses on Data Center, Firmware Security Ahead of RSAC* Persistent Attackers Rarely Use Bespoke Malware* Booter Owner Pleads Guilty in Federal Court* Security Firm to Offer Free Hacking Toolkit* Former Albany College Student Charged with Computer Damage* Stay Ahead of the Curve by Using AI in Compliance

News

Krebs on Security

* Booter Boss Interviewed in 2014 Pleads Guilty* Crypto Mining Service Coinhive to Call it Quits* Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison* Payroll Provider Gives Extortionists a Payday* New Breed of Fuel Pump Skimmer? Not Really* A Deep Dive on the Recent Widespread DNS Hijacking Attacks* Bomb Threat Hoaxer Exposed by Hacked Gaming Site* Patch Tuesday, February 2019 Edition* Email Provider VFEmail Suffers 'Catastrophic' Hack* Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

The Hacker News

* Researchers Link 'Sharpshooter' Cyber Attacks to North Korean Hackers* Google Discloses Unpatched 'High-Severity' Flaw in Apple macOS Kernel* Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down* Learn Ethical Hacking with 180 Hours of Training — 2019 Course Bundle* Severe Flaws in SHAREit Android App Let Hackers Steal Your Files* New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers* Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers* Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week* Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins* New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers

Security Week

* Microsoft Rolls Out Spectre Variant 2 Mitigations for Windows 10* Tripwire Launches Industrial Cybersecurity Assessment Service* KnowBe4 Announces New Funding Round at $800 Million Valuation* Eyeing Russia, EU Girds for Cyberthreats to Parliament Vote* Better Security Not Sole Factor for Improved Breach Detection Times: FireEye* Cisco Publishes Annual CISO Benchmark Study* Data Breach Cost Marriott $28 Million So Far* DDoS-for-Hire Service Admin Pleads Guilty* Adobe Patches ColdFusion Vulnerability Exploited in the Wild* Two White Hats Earn Over $1 Million via Bug Bounty Programs* Cobalt Strike Bug Exposes Attacker Servers* Cisco Patches Critical Vulnerability in Wireless Routers* Wireshark 3.0.0 Released* PoS Clients Targeted with Cobalt Strike, Card Scraping Malware* Magecart Hackers Change Tactics Following Public Exposure* U.S. Government Says Thales Must Divest HSM Business Before Acquiring Gemalto* China's APT27 Hackers Use Array of Tools in Recent Attacks* How to Shop Like a Pro at RSA Conference * Ireland's Data Protection Commission Reports Multiple GDPR Investigations on Tech Giants* UN Aviation Agency Concealed Serious Hack: Media

News

McAfee

* McAfee Protects Against Suspicious Email Attachments* Alleged 'Momo Challenge' Reminds Parents to Monitor Online Content* JAVA-VBS Joint Exercise Delivers RAT* What MWC 2019 Shows Us About the Future of Connectivity* Mobile Threat Report Commentary: Mobile Malware is Not Going Away* McAfee Partners With Telefónica To Help Secure Consumers Worldwide* In 2019 the Threat is "Everywhere Malware”, Not just Mobile Malware* Open Backdoors and Voice Assistant Attacks: Key Takeaways from the 2019 Mobile Threat Report* Your Smart Coffee Maker is Brewing Up Trouble* What's in the Box?

Threat Post

* Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data* Project Zero Discloses High-Severity Apple macOS Flaw* RSAC 2019: 58% of Orgs Have Unfilled Cyber Positions* RSAC 2019: Container Escape Hack Targets Vulnerable Linux Kernel* RSAC 2019: An Antidote for Tech Gone Wrong* Visitor Kiosk Access Systems Riddled with Bugs* RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope* How the Dark Web Data Bazaar Fuels Enterprise Attacks* Adobe Patches Critical ColdFusion Vulnerability With Active Exploit* Podcast: RSA Conference 2019 Preview

Naked Security

* TikTok to pay record fine for collecting children's data* Is a Facebookcoin in the works?* YouTube disables comments on millions of videos of children* Anomaly in pen-test tool made malware servers visible* Monday review - the hot 21 stories of the week* The Momo Challenge urban legend - what on earth is going on?* Data-tracking Chrome flaw triggered by viewing PDFs* For sale: iPhone hacking tool, one previous (not very careful) owner* Disgruntled dev blames crypto-wallet for losing cryptocoins* Dow Jones Watchlist of risky businesses exposed on public server

Quick Heal - Security Simplified

* Quick Heal Threat Report - Cryptojacking rising but Ransomware still #1 threat for consumers* GandCrab Riding Emotet's Bus!* This Valentine fall for true love not for fake online dating apps* 28 Fake Apps removed from Google Play Store post Quick Heal Security Lab reports* 3 essential ways to strengthen your business data security* Anatova, A modular ransomware* Mongolock Ransomware deletes files and targets databases* GandCrab Ransomware along with Monero Miner and Spammer* Malspam email - Jack of all malware, master of none.

Critical Infrastructure* Natural Disasters Cost the U.S. $91 Billion in 2018* Study on Electric Grid Resiliency Finds Urgent Need for Cybersecurity Investments * IATA Releases 2018 Airline Safety Performance* White House Releases Strategy to Strengthen Aviation Security * Beazley, Marsh Launch Cyber Insurance for Manufacturers* NSTB Releases Most Wanted List of Safety Improvements

Tools* SQLMAP - Automatic SQL Injection Tool 1.3.3* Wireshark Analyzer 3.0.0* Wireshark Analyzer 2.6.7* OpenSSL Toolkit 1.1.1b* Faraday 3.6.0* TOR Virtual Network Tunneling Tool 0.3.5.8* TestSSL 3.0rc4* IPSet List 3.7.2* GNU Privacy Guard 2.2.13* IPSet List 3.7.1* Acunetix Web Application Vulnerability Report 2019* Amazon Releases New C++ Friendly Features

Zone-H Website DefacementsUnfortunately, at the time of this report, the resource was not availible.You can access this resourse here:http://www.zone-h.org/rss/specialdefacements

Proof of Concept (PoC) & Exploits

Packet Storm Security

* XenForo 1.5.x Open Redirection* XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection* vBulletin 4.x.x vB Optimise 2.6.3 Pro Open Redirection* vBulletin 4.2.5 Advanced User Tagging 3.1.3 Open Redirection* SMF 2.0.15 SMF4Mobile 1.1.5 / 1.2 Open Redirection* XNU Copy-On-Write Behavior Bypass* FileZilla 3.40.0 Denial Of Service* OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection* CMSsite 1.0 Cross Site Request Forgery* PRTG Network Monitor 7.1.3.3378 Cross Site Scripting* vBulletin 4.2.3 vBSecurity 2.2.2 Pro Open Redirection* vBulletin 3.8.x vBadvanced CMPS 3.2.3 Open Redirection* vBulletin 3.8.4 Zoints SEO 2.3.2 Open Redirection* Packet Storm New Exploits For February, 2019* Joomla J2Store SQL Injection* Cisco WebEx Meetings Privilege Escalation* Joomla Content 3.x SQL Injection* FTP Server 1.32 Denial Of Service* Feng Office 3.7.0.5 Remote Command Execution* WordPress Cerber 8.0 Bypass* vBulletin 4.2.5 vBSEO 3.6.1 Open Redirection* vBulletin 4.x.x DragonByte SEO 2.0.31 Open Redirection

Exploit Database

* [local] Cisco WebEx Meetings * [dos] macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image* [dos] Linux * [dos] tcpdump * [dos] Google Chrome * [dos] Google Chrome * [dos] Google Chrome * [dos] Google Chrome * [webapps] Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)* [dos] TransMac 12.3 - Denial of Service (PoC)* [webapps] Usermin 1.750 - Remote Command Execution (Metasploit)* [webapps] Joomla! Component J2Store * [papers] Crypto Wallet Local Storage Attack* [dos] WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service* [dos] FTP Server 1.32 - Denial of Service* [webapps] Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)* [webapps] Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)* [webapps] Simple Online Hotel Reservation System - SQL Injection* [papers] WordPress 5.0 - Remote Code Execution* [webapps] Drupal * [dos] Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)

AdvisoriesUS-Cert Alerts & bulletins

* AA19-024A: DNS Infrastructure Hijacking Campaign* AA18-337A: SamSam Ransomware* SB19-063: Vulnerability Summary for the Week of February 25, 2019* SB19-056: Vulnerability Summary for the Week of February 18, 2019

Symantec - Latest List

* WinRAR Multiple Security Vulnerabilities* Microsoft Windows Kernel CVE-2019-0663 Local Information Disclosure Vulnerability* Microsoft .NET Framework and Visual Studio CVE-2019-0657 Spoofing Vulnerability* Microsoft Windows Device Guard CVE-2019-0632 Local Security Bypass Vulnerability* Microsoft Windows Device Guard CVE-2019-0631 Local Security Bypass Vulnerability* Microsoft Windows Device Guard CVE-2019-0627 Local Security Bypass Vulnerability* Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability* Microsoft Office CVE-2018-0802 Memory Corruption Vulnerability* Microsoft Office CVE-2017-11882 Memory Corruption Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0655 Remote Memory Corruption Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0642 Remote Memory Corruption Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0640 Remote Memory Corruption Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0610 Remote Memory Corruption Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0607 Remote Memory Corruption Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0605 Remote Memory Corruption Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0652 Remote Memory Corruption Vulnerability* Microsoft Visual Studio CVE-2019-0728 Remote Code Execution Vulnerability* Microsoft Windows Human Interface Devices CVE-2019-0600 Local Information Disclosure Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0651 Remote Memory Corruption Vulnerability* Microsoft Office CVE-2019-0540 Security Bypass Vulnerability* Microsoft Edge CVE-2019-0650 Remote Memory Corruption Vulnerability* Microsoft Edge CVE-2019-0634 Remote Memory Corruption Vulnerability* Microsoft Windows GDI Component CVE-2019-0602 Information Disclosure Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0644 Remote Memory Corruption Vulnerability* Microsoft Windows CVE-2019-0636 Local Information Disclosure Vulnerability* Microsoft Internet Explorer CVE-2019-0676 Information Disclosure Vulnerability

Packet Storm Security - Latest List

RSA Archer GRC Platform Information ExposureRSA Archer versions prior to 6.5 P1 and 6.5 P2 suffer from multiple information exposure vulnerabilities.Apache UNO API Remote Code ExecutionWhen Apache OpenOffice and LibreOffice are spawn as an office server, they bind an Apache UNO API thatallows for remote code execution.Debian Security Advisory 4401-1Debian Linux Security Advisory 4401-1 - Several vulnerabilities were discovered in Wordpress, a web bloggingtool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks,delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service byapplication crash.Debian Security Advisory 4398-1Debian Linux Security Advisory 4398-1 - Multiple security issues were found in PHP, a widely-used opensource accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record() function.Debian Security Advisory 4400-1Debian Linux Security Advisory 4400-1 - Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered apadding oracle attack in OpenSSL.Debian Security Advisory 4399-1Debian Linux Security Advisory 4399-1 - Joey Hess discovered that the aggregate plugin of the Ikiwiki wikicompiler was susceptible to server-side request forgery, resulting in information disclosure or denial of service.Debian Security Advisory 4397-1Debian Linux Security Advisory 4397-1 - Garming Sam reported an out-of-bounds read in theldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service.Asterisk Project Security Advisory - AST-2019-001Asterisk Project Security Advisory - When Asterisk makes an outgoing call, a very specific SDP protocolviolation by the remote party can cause Asterisk to crash.Ubuntu Security Notice USN-3900-1Ubuntu Security Notice 3900-1 - It was discovered that GD incorrectly handled memory when processingcertain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash,resulting in a denial of service, or possibly execute arbitrary code.Red Hat Security Advisory 2019-0436-01Red Hat Security Advisory 2019-0436-01 - The java-11-openjdk packages provide the OpenJDK 11 JavaRuntime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include amemory disclosure vulnerability.Red Hat Security Advisory 2019-0435-01Red Hat Security Advisory 2019-0435-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 JavaRuntime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include amemory disclosure vulnerability.Red Hat Security Advisory 2019-0431-01Red Hat Security Advisory 2019-0431-01 - Ansible is a simple model-driven configuration management,multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require anysoftware or daemons to be installed on remote nodes. Extension modules can be written in any language andare transferred to managed machines automatically. Issues addressed include a traversal vulnerability.Red Hat Security Advisory 2019-0430-01Red Hat Security Advisory 2019-0430-01 - Ansible is a simple model-driven configuration management,multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require anysoftware or daemons to be installed on remote nodes. Extension modules can be written in any language andare transferred to managed machines automatically. Issues addressed include a traversal vulnerability.Red Hat Security Advisory 2019-0432-01

Red Hat Security Advisory 2019-0432-01 - Ansible is a simple model-driven configuration management,multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require anysoftware or daemons to be installed on remote nodes. Extension modules can be written in any language andare transferred to managed machines automatically. Issues addressed include a traversal vulnerability.Red Hat Security Advisory 2019-0433-01Red Hat Security Advisory 2019-0433-01 - Ansible is a simple model-driven configuration management,multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require anysoftware or daemons to be installed on remote nodes. Extension modules can be written in any language andare transferred to managed machines automatically. Issues addressed include a traversal vulnerability.Debian Security Advisory 4395-2Debian Linux Security Advisory 4395-2 - A regression was introduced in the previous chromium securityupdate. The browser would always crash when launched in headless mode. This update fixes this problem.Red Hat Security Advisory 2019-0416-01Red Hat Security Advisory 2019-0416-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 JavaRuntime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include amemory disclosure vulnerability.Ubuntu Security Notice USN-3898-2Ubuntu Security Notice 3898-2 - USN-3898-1 fixed a vulnerability in NSS. This update provides thecorresponding update for Ubuntu 12.04 ESM. Hanno BAPck and Damian Poddebniak discovered that NSSincorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS tocrash, resulting in a denial of service. Various other issues were also addressed.Slackware Security Advisory - openssl UpdatesSlackware Security Advisory - New openssl packages are available for Slackware 14.2 to fix a security issue. Ubuntu Security Notice USN-3898-1Ubuntu Security Notice 3898-1 - Hanno BAPck and Damian Poddebniak discovered that NSS incorrectlyhandled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash,resulting in a denial of service.Ubuntu Security Notice USN-3899-1Ubuntu Security Notice 3899-1 - Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certainapplications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attackercould possibly use this issue to decrypt data.Ubuntu Security Notice USN-3895-1Ubuntu Security Notice 3895-1 - It was discovered that LDB incorrectly handled certain search expressions. Aremote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denialof service.Ubuntu Security Notice USN-3896-1Ubuntu Security Notice 3896-1 - Multiple security issues were discovered in Firefox. If a user were tricked in toopening a specially crafted website, an attacker could potentially exploit these to cause a denial of service,bypass same origin protections, or execute arbitrary code.Ubuntu Security Notice USN-3897-1.t.xtUbuntu Security Notice 3897-1 - A use-after-free was discovered in libical. If a user were tricked in to opening aspecially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. Multiplesecurity issues were discovered in Thunderbird. If a user were tricked in to opening a specially craftedmessage, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code.Various other issues were also addressed.

https://www.informationwarfarecenter.com