Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 16th September 2016


As another Friday comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen:


Title: Top infosec vendors, cops, liberate thousands from ransomware

Author: Darren Pauli

Date: 14/09/2016

Excerpt: Warriors from industry and law enforcement collective No More Ransom have cleansed more than 2500 machines of ransomware by distributing free decryption keys and other tools to eradicate infections.

No More Ransom is an alliance of cops and anti-malware experts including McAfee and soon-to-be-former parent company Intel, Kaspersky Labs, Europol's EC3 cybercrime division, and Dutch police.

The group has uploaded thousands of decryption keys and tools to help users avoid paying ransom to net scum who use malware to encrypt precious files demanding cash to revert the damage.

The alliance formalises what had been a scattered and silo-ed, but furious effort by legendary malware researchers to lay waste to scores of ransomware variants, leaving a scant few including the latest Cryptxxx and Cryptowall unbroken.


Title: The Feds Will Soon Be Able to Legally Hack Almost Anyone

Author: Senator Ron Wyden, Matt Blaze and Susan Landau

Date: 14/09/2016

Excerpt: Digital devices and software programs are complicated. Behind the pointing and clicking on screen are thousands of processes and routines that make everything work. So when malicious software—malware—invades a system, even seemingly small changes to the system can have unpredictable impacts.
That’s why it’s so concerning that the Justice Department is planning a vast expansion of government hacking. Under a new set of rules, the FBI would have the authority to secretly use malware to hack into thousands or hundreds of thousands of computers that belong to innocent third parties and even crime victims. The unintended consequences could be staggering.


Title: Telstra signals analytics boost for security ops centre

Author: Ry Crozier

Date: 16/09/2016

Excerpt: Telstra is planning to expand the analytics capabilities of its security operations centre through the design and deployment of a “modular, reusable” data platform.

The carrier is in the process of appointing a project lead to “deliver a modular, reusable platform based on commodity hardware and modular software”.

A Telstra spokesperson confirmed the existence of the project but declined to comment further.

Telstra opened its security operations centre (SOC) at an undisclosed location in Canberra back in 2009, and maintains a disaster recovery site in Sydney.

The SOC acts as a managed security services hub for Telstra’s enterprise and government customers, and also plays a role in monitoring Telstra’s core network.


Title: Teenager uncovers route to free Web surfing on T-Mobile network

Author: Sean Gallagher

Date: 16/09/2016

Excerpt: Jacob Ajit, a 17-year-old student at the Thomas Jefferson High School for Science and Technology in Fairfax, Virginia, was bored and screwing around with a smartphone that had service and a SIM for T-Mobile's prepaid phone service. He soon discovered it was possible to still gain access to the Internet without paying for an account; all he had to do was route everything through a proxy application running on a server with "/speedtest" in its Web address.

The T-Mobile prepaid SIM makes it possible to pay for new service from the phone itself. This requires the phone to be able to connect to T-Mobile's network to do so, essentially blocking access to the rest of the Internet through a capture portal until the account is activated. But Ajit found that the Speedtest mobile app worked even when the phone's data plan hadn't been activated—likely as a marketing tool to demonstrate the speed of T-Mobile's 4G network.


Finally, here are some of this week's more interesting security bulletins (sorted by oldest to newest):

1) Microsoft Patch Tuesday

ESB-2016.2138 - ALERT [Win] Microsoft Internet Explorer: Multiple vulnerabilities

ESB-2016.2139 - ALERT [Win] Microsoft Edge: Multiple vulnerabilities

ESB-2016.2140 - ALERT [Win] Microsoft Windows: Multiple vulnerabilities

ESB-2016.2141 - ALERT [Win][OSX] Microsoft Office: Multiple vulnerabilities

ESB-2016.2142 - ALERT [Win] Microsoft Exchange Server: Multiple vulnerabilities

ESB-2016.2150 - ALERT [Win] Microsoft Windows: Execute arbitrary code/commands - Remote with user interaction

This month Microsoft released 14 security bulletins, half of which are rated as critical. The critical vulnerabilities allow remote code execution but require the end user to interact with a malicious file or website.

2) ESB-2016.2161 - ALERT [Win][UNIX/Linux][Ubuntu] MySQL: Root compromise - Existing account

Proof of concept code is publicly available for a local root compromise vulnerability in MySQL. So far we have seen updates for Ubuntu and Debian, with updates for other operating systems expected soon.

Have a happy, bug free, weekend!