Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 18th November 2016

As Friday 18th  November comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

-----

Title: Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems

Date Published: November 15, 2016 , 3:28 pm

URL: https://threatpost.com/cryptsetup-vulnerability-grants-root-shell-access-on-some-linux-systems/121963/

Author: Chris Brook

Excerpt: A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data.

-----

Title: Meet PoisonTap, the $5 tool that ransacks password-protected computers

Date Published: 11/16/2016, 10:00 PM

URL: http://arstechnica.com/security/2016/11/meet-poisontap-the-5-tool-that-ransacks-password-protected-computers/

Author: DAN GOODIN

Excerpt: The perils of leaving computers unattended just got worse, thanks to a newly released exploit tool that takes only 30 seconds to install a privacy-invading backdoor, even when the machine is locked with a strong password.

-----

Title: Strategic Principles for Securing the Internet of Things

Date Published: November 15, 2016

URL: https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf

Author: Homeland Security

Excerpt: The growth of network-connected devices, systems, and services comprising the Internet of Things (IoT)1 creates immense opportunities and benefits for our society. IoT security, however, has not kept up with the rapid pace of innovation and deployment, creating substantial safety and economic risks. This document explains these risks and provides a set of non-binding principles and suggested best practices to build toward a responsible level of security for the devices and systems businesses design, manufacture, own, and operate.

-----

Title: New Ransomware Extorts Victim’s Reputation

Date Published:

URL: http://www.batblue.com/new-ransomware-extorts-victims-reputation/

Author: Watch Desk

Excerpt: Cyber criminals are allegedly deploying ransomware aimed at extorting the victim’s reputation rather than his or her wallet.

Researchers recently discovered a new ransomware campaign that launches a ransom message screen once it finds indecent material on a victim’s device, according to reports. The new malware strain, dubbed “Ransoc” by the researchers, allegedly locks the user’s desktop when the ransomware discovers files containing child pornography or media files downloaded via Torrents.

-----

Title: 8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours

Date Published: 17 NOVEMBER 2016

URL: https://www.troyhunt.com/8-million-github-profiles-were-leaked-from-geekedins-mongodb-heres-how-to-see-yours/

Author: Troy Hunt

Excerpt: On Saturday, a character in the data trading scene popped up and sent me a 594MB file called geekedin.net_mirror_20160815.7z. It was allegedly a MongoDB backup from August belonging to a site I'd not heard of before, one called GeekedIn and they apparently do this:

Here are this week's noteworthy security bulletins:

1)  ESB-2016.2739 - ALERT [Win][UNIX/Linux] jenkins: Execute arbitrary code/commands - Remote/unauthenticated

https://www.auscert.org.au/40990

An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms.

2) ESB-2016.2737 - [Win][UNIX/Linux][Virtual] vRealize Operations: Denial of service - Remote/unauthenticated 

https://www.auscert.org.au/40982

vRealize Operations contains a deserialization vulnerability in its REST API implementation. This issue may result in a Denial of Service as it allows for writing of files with arbitrary content and moving existing files into certain folders. The name format of the destination files is predefined and their names cannot be chosen. Overwriting files is not feasible. 

3) ESB-2016.2691 - [RedHat] kernel: Root compromise - Existing account

https://www.auscert.org.au/40782

It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

4) ESB-2016.2735 - [Win][UNIX/Linux][Debian] moin: Cross-site scripting - Remote with user interaction

https://www.auscert.org.au/40974

Several cross-site scripting vulnerabilities were discovered in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editor's attachment dialogue (CVE-2016-7146), the AttachFile view (CVE-2016-7148) and the GUI editor's link dialogue (CVE-2016-9119).

Signing off for the week

Peter Newman