Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 10th February 2017

AusCERT Week in Review
10 February 2017

Greetings,

As Friday 10th February comes to a close, there has been an increasing number of phish targeting MyGov.  The AusCERT Team has compiled a report that will help members identify the campaign as well as the place where victims are redirected to.
Check out the report at https://www.auscert.org.au/44026.
The universities have had a large number of phishing site that have cropped up targeting tertiary education credentials which is common at this time of the year.
Also, TicketBleed has come up this week where 31 bytes can be teased out of memory.  This was our only alert this week but worth review. See our bulletins section for details.
 
As for security related news, that has not abated and below is a summary (including excerpts) of some of the more interesting stories we've seen this week:

Title: Hacker Takes Over Thousands of Printers; Sends Alerts to Users
Date Published: February 7, 2017
Excerpt:
"A critical vulnerability in printers has led to the hacking of thousands of printing devices not at just one location or city but across the globe. Reportedly, the flaw was exploited by a hacker called Stackoverflowin, who managed to hack 150,000 printers at a global level. The hacking spree seems to be the hacker’s way to inform the world regarding the vulnerable nature of printers because as per his findings the Internet-connected printers are functioning without any firewall protection. This is the main reason why almost any hacker can exploit them, said the hacker."

-----
 
Title: Bigger, Faster, More - Q4 Threat Summary and Year-in-Review Details Evolving Threats
Date Published: February 7, 2017
Excerpt:
"The threat landscape evolved substantially in 2016. Criminals leveraged human vulnerabilities to launch more malicious email campaigns than ever before along with attacks across mobile and social media platforms. Exploit kits declined, ransomware exploded, and targeted attacks grew more sophisticated. Our latest threat report reviews 2016's top security trends, techniques, and recommendations."

-----
 
Title: Unpatched Windows Zero Day Allows DoS Attacks, Possibly Other Exploits
Date Published: February 7, 2017
Excerpt:
"Microsoft Windows users beware of an unpatched memory corruption bug which could be exploited to cause denial of service (DoS) attacks as well as other exploits. The vulnerability is in the SMB (Server Message Block) and is caused by the platform's inability to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure, according to a Feb 2 CERT advisory."

-----
 
Title: A Rash of Invisible, Fileless Malware is Infecting Banks Around the Globe
Date Published: February 8, 2017
Excerpt:
"Now, fileless malware is going mainstream, as financially motivated criminal hackers mimic their nation-sponsored counterparts. According to research Kaspersky Lab plans to publish Wednesday, networks belonging to at least 140 banks and other enterprises have been infected by malware that relies on the same in-memory design to remain nearly invisible. Because infections are so hard to spot, the actual number is likely much higher."

-----
 
Title: Mirai Gets a Windows Version to Boost Distribution Efforts
Date Published: February 8, 2017
Excerpt:
"Security researchers have stumbled upon a Windows trojan that hackers are using to help with the distribution of the infamous Mirai Linux malware, used to infect IoT devices and carry out massive DDoS attacks. The Mirai malware was initially developed in late 2015 and early 2016, and only became a massive threat in the summer and autumn of 2016, when it spread to hundreds of thousands of routers and DVRs (deployed with smart cameras and CCTV systems)."


-----

And lastly, here are this week's noteworthy security bulletins (in no particular order):


1) ESB-2017.0385 - ALERT [Appliance] F5 BIG IP products: Access privileged data - Remote/unauthenticated  
http://www.auscert.org.au/44082
A BIG-IP SSL virtual server with the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory.

2) ESB-2016.2279.2 - UPDATE [Cisco] Cisco products: Multiple vulnerabilities  
http://www.auscert.org.au/39090
February   9 2017: Updated the list of products under investigation and vulnerable products

3) ESB-2017.0353 - [Win][UNIX/Linux][RedHat] spice-server, spice: Multiple vulnerabilities
http://www.auscert.org.au/43938
Spice and Spice-server vulnerable to Remote DoS via crafted message and Buffer overflow when reading large messages

-----

Have a great weekend!

Geoffroy