Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 13th January 2017

As Friday 13th January comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

-----

Title: Russian hackers claim to have compromising information on Trump: CNN
Date Published: 11/01/2017
URL: https://www.yahoo.com/news/russian-hackers-claim-compromising-information-trump-cnn-224612200.html
Author: Eric Beech and Warren Strobel
Excerpt: "WASHINGTON (Reuters) - Classified documents presented last week to President-elect Donald Trump included allegations that Russian operatives claim to have compromising information about him, CNN reported on Tuesday.

The allegations were in a two-page synopsis appended to a report presented by U.S. intelligence officials to Trump and President Barack Obama on Russian interference in the 2016 election, CNN said, citing multiple U.S. officials with direct knowledge of the briefings."

-----

Title: How to secure MongoDB – because it isn't by default and thousands of DBs are being hacked
Date Published: 11/01/2017
URL: http://www.theregister.co.uk/2017/01/11/mongodb_ransomware_followup/
Author:  Thomas Claburn
Excerpt: "The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized.

As of Sunday, security researcher and Microsoft developer Niall Merrigan identified more than 27,000 MongoDB databases seized by ransomware. By Tuesday afternoon Pacific Time, an online spreadsheet maintained by Merrigan and fellow security researcher Victor Gevers listed 32,643 victims.

The attacks involve hackers who copy data from insecure databases, delete the original, and ask for a ransom of a few hundred dollars worth of Bitcoin to return the stolen data back to the owner."

-----

Title: Windows 10 snooping: Microsoft will harvest less data but still awaits nod from watchdog
Date Published: 11/01/2017
URL: http://www.techrepublic.com/article/windows-10-snooping-microsoft-will-harvest-less-data-but-still-awaits-nod-from-watchdog/
Author: Nick Heath
Excerpt: " Microsoft will reduce the amount of data Windows 10 collects on users in an attempt to address concerns that the OS violates user privacy.

Yesterday, Microsoft announced that users running Windows 10 Home and Pro editions will be able to dial back data collection further than is possible today, alongside moves to make it easier to tweak privacy settings in the OS."

-----

Title: NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage
Date Published: 13/01/2017
URL: http://arstechnica.com/security/2017/01/nsa-leaking-shadow-brokers-lob-molotov-cocktail-before-exiting-world-stage/
Author: Dan Goodin
Excerpt: "Shadow Brokers, the mysterious group that gained international renown when it published hundreds of advanced hacking tools belonging to the National Security Agency, says it's going dark. But before it does, it's lobbing a Molotov cocktail that's sure to further inflame the US intelligence community.

In a farewell message posted Thursday morning, group members said they were deleting their accounts and making an exit after their offers to release their entire cache of NSA hacking tools in exchange for a whopping 10,000 bitcoins (currently valued at more than $8.2 million) were rebuffed. While they said they would still make good on the offer should the sum be transferred into their electronic wallet, they said there would be no more communications."

-----

Title: Trump's cyber-guru Giuliani runs ancient 'easily hackable website'
Date Published:13/01/2017
URL: http://www.theregister.co.uk/2017/01/13/giuliani_joomla_outdated_site/
Author: Darren Pauli
Excerpt: "US president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable.

Former New York City mayor and Donald loyalist Giuliani was today unveiled by Trump's transition team as the future president's cybersecurity adviser – meaning Giuliani will play a crucial role in the defense of America's computer infrastructure."

-----
Here are this week's noteworthy security bulletins:

1) ESB-2017.0068 - [Win] Microsoft Office 2016: Execute arbitrary code/commands - Remote with user interaction
https://www.auscert.org.au/42742
This month's patch Tuesday was a small one with only 4 Microsoft Security Bulletins being published. Nonetheless, be sure to keep your fleet of Microsoft enabled devices patched. This Office vulnerability would definitely be used by mal spammers to get Ransomware onto your user's machines!

2) ESB-2017.0069 - [Win][Linux][OSX] Adobe Flash Player: Multiple vulnerabilities
https://www.auscert.org.au/42750
It seems that flash will always keep on giving CVEs, if you still haven't migrated your applications to HTML5 and have a business reason to still have Flash on your desktops you will most likely keep having to patch Flash on them monthly!

3) ESB-2017.0087 - [Win][UNIX/Linux] BIND: Denial of service - Remote/unauthenticated
https://www.auscert.org.au/42826
The Internet Systems Consortium has fixed 4 Remote/Unauthenticated Denial of Service vulnerabilities in their Domain Name server packages.

4) ASB-2017.0004 - ALERT [Win][UNIX/Linux] Wordpress: Multiple vulnerabilities
https://www.auscert.org.au/42814
Eight security vulnerabilities have been fixed in Wordpress. This includes a fix for last week's PHPMailer Vulnerability

----

AusCERT2017 Call for Presentations and Tutorials is now open!

AusCERT2017 will be held from 23-26 May 2017 at the Surfers Paradise Marriott, Gold Coast.

The AusCERT2017 program committee welcomes original contributions for presentations and tutorials not previously published nor submitted in parallel for publication to any other conference or workshop.

Please visit our conference website for more detailed information on submitting to the Call for Presentations and Tutorials in your time zone.

Stay safe, stay patched and have a good weekend!

Ananda