AUSCERT Week in Review for 14th July 2017 As Friday 14th July comes to a close along with the monthly Microsoft Security Update, there have been numerous security related news items this week. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week: Title: Microsoft Patches 19 Critical Vulnerabilities in July Patch Tuesday UpdateDate Published: July 12 2017URL: http://www.esecurityplanet.com/endpoint/microsoft-patches-19-critical-vulnerabilities-in-july-patch-tuesday-update.htmlAuthor: Sean Michael KernerExcerpt: “Microsoft released its latest monthly Patch Tuesday update on July 11, patching a total of 54 vulnerabilities, of which 19 were rated as critical. Microsoft’s HoloLens Virtual Reality (VR) technology received its first patch this month, for a critical remote code execution vulnerability identified as CVE-2017-8584. The vulnerability could have been triggered by an attack that sent a malicious WiFi packet to the HoloLens.” —– Title: The laws of Australia will trump the laws of mathematics: TurnbullDate Published: July 14 2017 URL: http://www.zdnet.com/article/the-laws-of-australia-will-trump-the-laws-of-mathematics-turnbull/Author: Chris Duckett and Asha McLeanExcerpt: “Regardless of what the laws of mathematics state around breaking into end-to-end encryption, the Australian government is determined to bring in laws that go against them, with the Prime Minister of Australia telling ZDNet that the laws produced in Canberra are able to trump the laws of mathematics. ‘The laws of Australia prevail in Australia, I can assure you of that,’ he said on Friday. ‘The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.’ On Friday, the government unveiled plans to introduce legislation this year that would force internet companies to assist law enforcement in decrypting messages sent with end-to-end encryption.” —– Title: Let’s Encrypt Wildcard Certificates a ‘Boon’ for Cybercriminals, Expert SaysDate Published: July 12 2017URL: http://www.securityweek.com/lets-encrypt-wildcard-certificates-boon-cybercriminals-expert-saysAuthor: Ionut ArghireExcerpt: “The organization will be offering wildcard certificates free of charge via an upcoming ACME v2 API endpoint. Only base domain validation via DNS will be supported in the beginning, but the CA may explore additional validation options over time. Let’s Encrypt’s goal might be improved security and privacy for all users, but it doesn’t mean that its certificates can’t be misused. In March 2017, encryption expert Vincent Lynch revealed that, over a 12-month period, Let’s Encrypt issued over around 15,000 security certificates containing the term PayPal for phishing sites.“ —– Title: China orders complete block on VPNs to begin by February 2018Date Published: 11 July 2017URL: https://www.v3.co.uk/v3-uk/news/3013611/china-orders-complete-block-on-vpns-to-begin-by-february-2018Author: Graeme BurtonExcerpt: “The Chinese government has ordered the country’s big-three telecoms and internet service providers, China Mobile, China Telecom and China Unicom, to completely block access to virtual private networks (VPNs) by February 2018 in the latest stage of its campaign to prevent web users from circumventing the ‘great firewall of China’.” —– Here are this week’s noteworthy security bulletins: 1) ESB-2017.1714 – ALERT [Win][UNIX/Linux] Apache Struts: Execute arbitrary code/commands – Remote/unauthenticatedhttps://portal.auscert.org.au/bulletins/49726 This *new* Apache struts issue went largely unnoticed by mainstream media despite there being POCs available and vulnerable servers visible in Google search. AUSCERT advises members to inform web developers and users to check if sites are vulnerable. 2) ESB-2017.1715 – [UNIX/Linux][Debian] xorg-server: Multiple vulnerabilitieshttps://portal.auscert.org.au/bulletins/49730 This was another vulnerability that went largely unnoticed. Two security issues were discovered in the X.org X server, the worst leading to privilege escalation. Since X server in most environments runs as root this vulnerability could potentially lead to root compromise. 3) ESB-2017.1721 – [Win][Linux][OSX] Adobe Flash Player: Multiple vulnerabilitieshttps://portal.auscert.org.au/bulletins/49754 Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. AUSCERT advises members to remove Adobe Flash if possible otherwise to keep Adobe products upgraded. 4) ASB-2017.0100 – [Win] Microsoft Windows: Multiple vulnerabilitieshttps://portal.auscert.org.au/bulletins/49782 Our hundredth ASB for 2017 is fittingly for Microsoft Windows and includes an unusual vulnerability – a critical remote code execution vulnerability in Microsoft’s HoloLens Virtual Reality (VR) technology. Refer to our first interesting article of the week for more details. —- Stay safe, stay patched and have a good weekend! Danny

AUSCERT Week in Review for 7th July 2017 As Friday 7th July comes to a close, there have been numerous security related news items this week. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week: Title: Westpac joins Swift blockchain testDate Published: 06/07/2017URL: https://www.itnews.com.au/news/westpac-joins-swift-blockchain-test-467746Author: Staff Writers Excerpt: “Second Aussie bank after ANZ to take part.Westpac has become the second Australian bank to join a proof-of-concept by payment messaging service Swift that aims to test blockchain for facilitating cross-border payments.It is one of 22 global banks to join the PoC today, adding to the six foundational banking participants, one of which is ANZ Bank.” —–Title: Microsoft to cut ‘thousands’ of jobsDate Published: 07/07/2016URL: http://www.bbc.com/news/business-40523172Author: BBCExcerpt: “Microsoft is to cut “thousands” of jobs worldwide as it attempts to beef up its presence in the cloud computing sector.The technology giant wants to strengthen its cloud computing division but is facing intense competition from rivals such as Amazon and Google.” —–Title: Australia stuck with higher cost of deploying FttP: NBN CoDate Published: 06/07/2017URL: https://www.itwire.com/telecoms-and-nbn/78880-australia-stuck-with-higher-cost-of-deploying-fttp-nbn-co.htmlAuthor: Peter DinhamExcerpt: “NBN Co, the builder of the national broadband network, has moved to defend the higher costs of deploying fibre-to-the-premises in Australia and “set the record straight” on recent media claims about the local cost of FttP compared to other operators around the world.” —–Title: Ukrainian police seize computers that spread global NotPetya attackDate Published: 05/07/2017URL: http://www.itworld.com/article/3205810/malware/ukrainian-police-seize-computers-that-spread-global-notpetya-attack.htmlAuthor: Peter Sayer Excerpt: “Ukraine’s Cyber Police have intervened to prevent further cyberattacks in the wake of last week’s global attack, initially considered to be ransomware and called by various names including NotPetya.” —–Title: Govt blames Medicare card breach on ‘traditional’ crimsDate Published: 04/07/2017URL: https://www.itnews.com.au/news/govt-blames-medicare-card-breach-on-traditional-crims-467502Author: Allie Coyne Excerpt: “Not wide-scale, and no IT breach, says minister. The federal government says there has been no breach of the Department of Human Services’ IT systems and the Medicare card data currently on sale likely affects only a small number of people.” Here are this week’s noteworthy security bulletins: 1) ESB-2017.1655 – [SUSE] Xen: Multiple vulnerabilities 2017-06-30https://portal.auscert.org.au/bulletins/49486Quite a few Xen Vulnerabilities, if you are running Xen it is time to check for updates. 2) ESB-2017.1659 – [Debian] libgcrypt20: Unauthorised access – Existing account 2017-07-03https://portal.auscert.org.au/bulletins/49510Side channel attacks are getting rather popular. 3) ESB-2017.1676 – [SUSE] sudo: Root compromise – Existing account 2017-07-05https://portal.auscert.org.au/bulletins/49570Regression fix for CVE-2017-1000368, this has been repeated in a few products. 4) ESB-2017.1682 – [Win][UNIX/Linux] samba: Denial of service – Remote/unauthenticated 2017-07-06https://portal.auscert.org.au/bulletins/49594Remote Samba denial of service, that has to be able to affect a lot of people. —- Stay safe, stay patched and have a good weekend! Peter

AUSCERT Week in Review for 30th June 2017 Hope you all have had a chance to investigate the new website. Please email us at auscert@auscert.org.au or call 07 3365 4417 with any questions or concerns about the new website. As Friday 30th June comes to a close, there have been numerous security related news items this week. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week: Title: The Petya ransomware is starting to look like a cyberattack in disguiseDate Published: 28/06/2017 URL: https://www.theverge.com/2017/6/28/15888632/petya-goldeneye-ransomware-cyberattack-ukraine-russiaAuthor: Russell Brandom Excerpt: “The haze of yesterdays massive ransomware attack is clearing, and Ukraine has already emerged as the epicenter of the damage. Kaspersky Labs reports that as many as 60 percent of the systems infected by the Petya ransomware were located within Ukraine, far more than anywhere else. The hacks reach touched some of the countrys most crucial infrastructure including its central bank, airport, metro transport, and even the Chernobyl power plant, which was forced to move radiation-sensing systems to manual.” —– Title: Google Slapped With Record $3.6 Billion Fine In Europe For Manipulating Shopping Results Date Published: 28/06/2017URL:  https://www.gizmodo.com.au/2017/06/google-slapped-with-record-3-6-billion-fine-in-europe-for-manipulating-shopping-results/Author: Matt Novak Excerpt: “Yesterday, government regulators in Europe hit Google with a record 2.42 billion fine, roughly the equivalent of $3.5 billion. The search engine company was found to be manipulating search results to favour its own shopping service, a violation of antitrust laws. And if it doesn’t fix the problem within 90 days it faces an additional 12.5 million ($18.7 million) fine per day.” —– Title: Defence launches ‘Information Warfare Division’ Date Published: 30/06/2017 URL: https://www.computerworld.com.au/article/621324/defence-launches-information-warfare-division/Author: George Nott Excerpt: “The Australian Defence Force is launching a new Information Warfare Division responsible for electronic warfare, the government announced today.” —– Title: Turnbull government continues push against online encryption ahead of Five Eyes meeting Date Published: 26/06/2017 URL: http://www.news.com.au/technology/online/security/turnbull-government-continues-push-against-online-encryption-ahead-of-five-eyes-meeting/news-story/cae2303d24bcfe90cf3d490083c208e9Author: Nick Whigham and AAP Excerpt: “AUSTRALIA will be leading the discussion on an encrypted technology crack down when ministers meet with FiveEyes nations to talk terror prevention. Leaders from Australia, the United States, United Kingdom, Canada and New Zealand, will meet in the Canadian city of Ottawa where they will discuss tactics to combat terrorism and the spread of extremism.” —– Title: Qld ex-cop charged with 44 counts of database snooping Date Published: 28/06/2017 URL: https://www.itnews.com.au/news/qld-ex-cop-charged-with-44-counts-of-database-snooping-466817Author: Allie Coyne Excerpt: “The Queensland Crime and Corruption Commission has charged a former police officer with accessing information in the force’score crimes database 44 times over six years without authorisation.” Here are this week’s noteworthy security bulletins: 1) ESB-2017.1639 – [Ubuntu] Kernel: Multiple vulnerabilitieshttps://portal.auscert.org.au/bulletins/49422 USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. That is a lot of regressions 🙁 2) ESB-2017.1643 – [Win] OpenSource Apache Struts: Multiple vulnerabilities https://portal.auscert.org.au/bulletins/49438 Struts is in all sorts of products. 3) ESB-2017.1644 – [Appliance] Cisco IOS and IOS XE Software: Multiple vulnerabilities https://portal.auscert.org.au/bulletins/49442 Root compromise that is significant. 4) ESB-2017.1602 – [Win][Linux][AIX] IBM Java SDK: Multiple vulnerabilities https://portal.auscert.org.au/bulletins/49270 Oh no not Java vulnerabilities —- Stay safe, stay patched and have a good weekend! Peter