Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 19th August 2016


As another Friday comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen:


Title: The World Series of Hacking—without humans

Author: Sean Gallagher

Date: 15/08/2016

Excerpt: LAS VEGAS—On a raised floor in a ballroom at the Paris Hotel, seven competitors stood silently. These combatants had fought since 9:00am, and nearly $4 million in prize money loomed over all the proceedings. Now some 10 hours later, their final rounds were being accompanied by all the play-by-play and color commentary you'd expect from an episode of American Ninja Warrior. Yet, no one in the competition showed signs of nerves.

To observers, this all likely came across as odd—especially because the competitors weren't hackers, they were identical racks of high-performance computing and network gear. The finale of the Defense Advanced Research Projects Agency's Cyber Grand Challenge, a DEFCON game of "Capture the Flag," is all about the "Cyber Reasoning Systems"(CRSs). And these collections of artificial intelligence software armed with code and network analysis tools were ready to do battle.


Title: Voting Machines Are a Mess—But the Feds Have a (Kinda) Plan

Author: Brian Barrett

Date: 18/08/2016

Excerpt: America’s voting machines are a patchwork of systems spread across thousands of districts, with widely varying degrees of accountability. It’s a mess. One that the Department of Homeland Security has finally committed to helping clean up.

This week, DHS chief Jeh Johnson held a call with state election officials to outline, very roughly, the kind of assistance that DHS will provide to help prevent cyber attacks in this fall’s elections. For now, details are vague, and whatever DHS plans to do will need to happen quickly; election day may be November 8, but in some states, early voting starts in just six weeks. That’s not enough time to solve all of America’s voting machine issues.

Fortunately, there’s still plenty DHS can accomplish—assuming the districts that need the most help realize it.

Unfit Machines

The problems with America’s electronic voting machines are extensive, but also easily summarized: Many of them are old computers, and old computers are more vulnerable to disruptions both purposeful (malware) and benign (bugs).


Title: Australia's borders to be reinforced by data science

Author: Ry Crozier

Date: 18/08/2016

Excerpt: The Immigration department is building a team of data scientists and technologists to transform its capacity to assess threats to Australia’s borders.

The department this week opened a number of positions for intelligence directors and analysts, “intelligence technologists”, and data scientists to work on the transformation of its intelligence capability.

“Our intelligence division is in the midst of a transformation that is set to deliver an intelligence capability equal to the growing array of threats to Australia’s border,” the department said.

“Intelligence professionals in the division will form a hub of consolidated expertise, with some staff out-posted into business areas to provide direct support to operational decision-makers.”


Title: Cisco, Fortinet issue patches against NSA malware

Author: Tim Greene

Date: 18/08/2016

Excerpt: Customers of certain Cisco and Fortinet security gear need to  patch exploits made public this week after a purported hack of NSA malware.

Both companies have issued fixes to address exploits that were posted online and after they found the exploits represent real threats to some of their products, including versions of Cisco’s popular PIX and ASA firewalls and versions of Fortinet’s signature Fortigate firewalls.

Other exploits may affect Watchguard and TOPSEC products, but those companies did not immediately respond to inquiries. When they do this story will be updated.

The exploits were posted as proof that a group called Shadow Brokers actually had in its possession malware that it claimed it hacked from the NSA.


Finally, here are some of this week's more interesting security bulletins (sorted by oldest to newest):

1) ESB-2016.1982.2 - UPDATED ALERT [Cisco] Cisco ASA Software: Execute arbitrary code/commands - Existing account


ESB-2016.1995 - ALERT [Appliance] FortiGate: Administrator compromise - Remote/unauthenticated 

Following the reported hack of the NSA this week, exploits for multiple products were publicly disclosed by the Shadow Broker group. Updates are available for the affected FortiGate firewalls, however Cisco has not yet released updates for its ASA software. As a temporary workaround Cisco has suggested a number of options including restricting SNMP access to trusted users, the use of complex SNMP community strings, or disabling SNMP completely.

Have a happy, bug free, weekend!