Week in review
AUSCERT Week in Review for 27th September 2017
AUSCERT Week in Review for 27th September 2017
AUSCERT Week in Review29th September 2017
Greetings,
As Friday 29th of September comes to a close, the big news is
AUSCERT is hiring https://www.seek.com.au/job/34448215
Here is our summary (including excerpts) of some of the more interesting stories we’ve seen this week:
Title: Dark Web Drug Suspect Cuffed On Way to Beard ContestURL: https://www.infosecurity-magazine.com/news/dark-web-drug-suspect-cuffed-beard/Date: 28 September 2017 Author: Phil MuncasterExcerpt: “A suspected dark web drug kingpin has been arrested in the US on the way to a beard-growing contest, it has emerged.
Gal Vallerius, 38, was cuffed in Atlanta International Airport at the end of August en route from his home in France to the competition in Austin, Texas.
Searching his laptop, border officials apparently found hundreds of thousands of dollars in Bitcoin, a Tor browser, and PGP keys linked to an “OxyMonster”.
That name is used by an administrator and senior moderator on Dream Market: a typical darknet drugs marketplace.”
——-
Title: Mac High Sierra hijinks continue: Nasty apps can pull your passwordsURL: http://www.theregister.co.uk/2017/09/28/high_sierra_hijinks_continue_nasty_apps_can_pull_your_passwords/Date: 28 September 2017 Author: Shaun NicholsExcerpt: “Apple still hasn’t been able to seal up keychain access hole for unsigned applications.A security shortcoming in earlier versions of OS X has made its way into macOS High Sierra despite an expert’s best efforts to highlight the flaw.
Patrick Wardle, of infosec biz Synack, found that unsigned, and therefore untrustworthy, applications running on High Sierra, aka macOS 10.13, were able to quietly access sensitive information – including stored passwords and keys – without any notification to the user. Normally, apps, even signed trusted ones, trigger a prompt to appear on screen when touching the operating system’s Keychain database of saved passphrases and other secrets.”
——-
Title: Android unlock patterns are too easy to guess, stop using themURL: https://nakedsecurity.sophos.com/2017/09/28/android-unlock-patterns-are-too-easy-to-guess-stop-using-them/Date: 28 September 2017 Author: Lisa VaasExcerpt: “Let’s start with some things we knew already: people are really bad at creating and remembering secure passwords and PINs.
We’re also bad at choosing and answering password recovery questions. Most of us can’t even cook up an unlock pattern for our Androids that’s not crazy easy to predict, be it by shoulder-surfing or the tell-tale streaks we leave with our greasy fingers.
Now, a new report (PDF) from security researchers at the US Naval Academy and the University of Maryland Baltimore County has quantified just how absurdly easy it is to do an over-the-shoulder glance that accurately susses out an Android unlock pattern.”
——-
Title: Deloitte Hit by Cyber-Attack Revealing Clients’ Secret EmailsURL: https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emailsDate: 25 September 2017 Author: Nick HopkinsExcerpt: “Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months. Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.”
——-
Title: US Plans to Collect Social Media Info From Permanent Residents, Naturalized CitizensURL: https://www.bleepingcomputer.com/news/government/us-plans-to-collect-social-media-info-from-permanent-residents-naturalized-citizens/Date: 26 September 2017Author: Catalin CimpanuExcerpt:“The US Department of Homeland Security (DHS) published documents on Monday that detail a plan for collecting extra information on all US immigrants, including not only permanent residents but also previously naturalized citizens. According to a notice of modification to the 1974 Privacy Act System of Records, the DHS wants to collect extra information such as “social media handles, aliases, associated identifiable information, and search results.” The data will be used to expand the DHS’ database on US immigrants with new information that would allow for easier tracking of immigrants, but also Americans who obtained official citizenship years or decades before.”
——-
And lastly, here are this week’s noteworthy security bulletins (in no particular order):
1. ESB-2017.2425 – [OSX] macOS: Multiple vulnerabilities
It’s time to patch your Mac! The most severe vulnerability addressed could allow a malicious application to execute arbitrary code withsystem privileges.
2. ESB-2017.2436 – ALERT [Linux][RedHat] kernel: Root compromise – Existing account
This Linux PIE/stack corruption (CVE-2017-1000253) was an existing two-year-old bug in the Linux kernel. Qualys published a detailed analysis including demonstration of a proof-of-concept to exploit the vulnerability – https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
3. ESB-2017.2444 – ALERT [Cisco] Cisco IOS and IOS XE: Multiple vulnerabilities
Make plans to patch your Cisco network appliances. Many subsystems of IOS are impacted, of particular note is CVE-2017-12240.
4. ASB-2017.0155 – [Win][UNIX/Linux] Mozilla Firefox: Multiple vulnerabilities
Mozilla has rated the security vulnerabilities fixed in Firefox 56 as critical.
Wishing you the best from AUSCERT and stay safe,
Danny
Learn more