Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 11th November 2016

As Friday 11th November comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:
-----

Title: City of El Paso Loses $3.3 Million in Phishing Scam
Date Published: 03/11/16
URL: http://www.batblue.com/texas-city-loses-3-3-million-phishing-scam/
Author: Watch Desk @ batblue
Excerpt: "Officials with the City of El Paso in Texas announced the local government lost more than $3 million in a phishing scam.

City officials told reporters on November 2, 2016 that hackers pretended to be a vendor involved in El Paso’s ongoing streetcar project. The scammers allegedly submitted quotes for the streetcar project to city officials."
-----

Title:  Clever Gmail Hack Let Attackers Take Over Accounts
Date Published: 07/11/16
URL: https://threatpost.com/clever-gmail-hack-let-attackers-take-over-accounts/121818/
Author: Tom Spring
Excerpt: "Google patched a hole in its Gmail verification system last week that allowed an attacker to hijack a targeted Google Gmail account.

The discovery was made by Ahmed Mehtab, a security researcher and founder of Security Fuse. The hack is simple to execute and requires less than dozen steps to pull off."
-----

Title: Shadow Brokers Leaks Dilemma – History of Events Explained
Date Published: 09/11/16
URL: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/shadow-brokers-leaks-dilemma-history-events-explained/
Author: Shiraz Hashmi
Excerpt: "In February of 2015, researchers at Kaspersky Lab disclosed the existence of a sophisticated cyber-attack group that’s been in operation since early 2001, and targeted almost every industry and foreign countries with its zero-day malware.

Kaspersky called this threat actor the Equation Group because of its love for encryption algorithms and the sophisticated methods used in its operations. The Equation Group employs advanced hacking tools that required significant effort to develop."
-----

Title: SEO Spam Campaign Targets WordPress Sites
Date Published: 10/11/16
URL: http://www.batblue.com/seo-spam-campaign-targets-wordpress-sites/
Author: Watch Desk @ batblue
Excerpt: "Researchers discovered a search engine spam operation that exploits the XML-RPC infrastructure often used by WordPress administrators.

The “XM1RPC” SEO spam campaign injects malicious files into the root directories of WordPress websites, according to the researchers. The code injection attack allegedly sets up a backdoor script on the website. "
-----

Here are this week's noteworthy security bulletins:

1) ESB-2016.2688 - ALERT [Appliance] DLink routers: Root compromise - Remote/unauthenticated
https://www.auscert.org.au/40774
US CERT has released an advisory about DLink routers with HNAP service containing a stack-based buffer overflow that allows for remote code execution with root privileges. DLink has not provided any patches. US-CERT recommends restricting access to the affected devices to trusted devices.

2) ESB-2016.2667 - ALERT [Win] Microsoft Edge: Multiple vulnerabilities
https://www.auscert.org.au/40686
Microsoft published 14 Security bulletins this month, 6 of these are deemed critical. Microsoft has also patched the CVE that was publicly disclosed on the 31st of October by Google.

3) ASB-2016.0103 - [Android] Google Nexus devices: Multiple vulnerabilities
https://www.auscert.org.au/40766
The Android Open Source Project (AOSP) has released updates for Google devices with its "November 2016 Security patch level". This patch resolves many remote code execution and elevation of privilege vulnerabilities. Unfortunately Nexus 5 devices will not receive these any more as they are no longer supported.

Stay safe, stay patched and have a good weekend!

Ananda