Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 14th October 2016

As Friday 14th October comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

-----
Title: Hacker Steals 58M Records from Modern Business Solutions
Date Published: 12/10/16
URL: http://www.batblue.com/hacker-steals-58m-records-modern-business-solutions/
Author: Watch Desk
Excerpt: "A hacker has stolen around 58 million user records from a misconfigured database on the servers of Modern Business Solutions, a data storage and hosting provider.

The hacker, who uses the handle 0x2Taylor, published the stolen data online, according to reports. Modern Business Solutions (MBS) has not confirmed or denied the data breach at this time."

-----
Title: Systemd vulnerability crashes Linux systems
Date Published: 9/10/16
URL: http://betanews.com/2016/10/07/systemd-vulnerability-linux-crash/
Author: Anthony Spadafora
Excerpt: "A new vulnerability has been discovered that could shut down most Linux systems using a command short enough to fit in a tweet.

Linux administrator and founder of the security certificate company SSLMate Andrew Ayer discovered the bug, which has the potential to kill a number of critical commands while making others unstable just by entering the short command: NOTIFY_SOCKET=/run/systemd/notify systemd-notify."

-----
Title: Odinaff malware campaign resembles Carbanak; attacks financial targets including SWIFT users
Date Published: 12/10/16
URL: http://www.scmagazine.com/odinaff-malware-campaign-resembles-carbanak-attacks-financial-targets-including-swift-users/article/547018/
Author: Bradley Barth, Senior Reporter
Excerpt: "A series of related malware campaigns whose m.o. resembles that of the notorious Carbanak gang has been quietly infecting financial targets since January, including users of the SWIFT bank messaging system that has already been under siege by another bad actor, according to Symantec Corporation in a blog post Tuesday."

-----
Title:  ACSC Report – Australian Bureau of Meteorology hacked by foreign spies
Date Published: 12/10/16
URL: http://securityaffairs.co/wordpress/52179/intelligence/australian-bureau-of-meteorology-hack.html
Author: Pierluigi Paganini
Excerpt: "A report published by the Australian Cyber Security Centre confirmed the Australian Bureau of Meteorology hack was powered by foreign cyber spies."

-----
Title:  NSA could put undetectable “trapdoors” in millions of crypto keys
Date Published: 11/10/16
URL: http://arstechnica.com/security/2016/10/how-the-nsa-could-put-undetectable-trapdoors-in-millions-of-crypto-keys/
Author: Dan Goodin
Excerpt: "Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners."

---

This week was patch Microsoft patch week and with it came 10 Microsoft bulletins covering 45 vulnerabilities. Five of these were Zero-day vulnerabilities!

http://www.scmagazine.com/patch-tuesday-microsoft-patches-five-zero-day-vulnerabilities/article/546980/

1/ ESB-2016.2385 - ALERT [Win] Internet Explorer: Multiple vulnerabilities
https://www.auscert.org.au/39526

2/ ESB-2016.2386 - ALERT [Win] Microsoft Edge: Multiple vulnerabilities
https://www.auscert.org.au/39530

3/ ESB-2016.2387 - ALERT [Win] Microsoft Windows, Office, Skype, Lync, .NET Framework, and Silverlight: Multiple vulnerabilities
https://www.auscert.org.au/39534

4/ ESB-2016.2388 - ALERT [Win][OSX] Microsoft Office: Execute arbitrary code/commands - Remote with user interaction
https://www.auscert.org.au/39538

5/ ESB-2016.2393 - [Win] Microsoft Windows: Access confidential data - Remote with user interaction
https://www.auscert.org.au/39558

Stay safe, stay patched and have a good weekend!

Ananda