Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 2nd September 2016

Greetings!

As another Friday comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen:

---

Title: Forget Software - Now Hackers Are Exploiting Physics

Author: Andy Greenberg

Date: 31/08/2016

Excerpt: Practically every word we use to describe a computer is a metaphor. “File,” “window,” even “memory” all stand in for collections of ones and zeros that are themselves representations of an impossibly complex maze of wires, transistors and the electrons moving through them. But when hackers go beyond those abstractions of computer systems and attack their actual underlying physics, the metaphors break.

Over the last year and a half, security researchers have been doing exactly that: honing hacking techniques that break through the metaphor to the actual machine, exploiting the unexpected behavior not of operating systems or applications, but of computing hardware itself—in some cases targeting the actual electricity that comprises bits of data in computer memory. And at the Usenix security conference earlier this month, two teams of researchers presented attacks they developed that bring that new kind of hack closer to becoming a practical threat.

---

Title: This Is How Easy It Is to Hack a Passport or a Credit Card

Author: Motherboard

Date: 31/08/2016

Excerpt: Anything with a chip in it is vulnerable to attack. Your contactless credit card, your office key card, your passport—as more of our most valuable possessions get an electronic component, more opportunities open up to hackers.

In the third episode of Can I Hack It?, made possible by Mr Robot on Amazon Prime, we visit Adam Laurie, better known by his hacker name Major Malfunction.

Laurie specialises in hacking devices that use RFID, or radio frequency identification. He’s a white hat researcher who finds ways to hack into products in order to test their security, and he also runs the London chapter of the Defcon hacking community.

Laurie’s home isn’t exactly what you’d expect a hacker’s digs to look like: it’s a huge old house in the middle of the British countryside. Through a maze of corridors we reach his office, where he tinkers with everything from TV sets to new internet-of-things devices (when he’s not indulging his other hobby: guns).

---

Title: Transmission hijacked to broadcast Mac malware

Author: John Leyden

Date: 01/09/2016

Excerpt: Developers of the Transmission BitTorrent client have admitted that hackers replaced downloads of its file-sharing software with trojanised code.

The hack, detected within hours, was designed to spread a Mac OS X backdoor, Keydnap, which steals user credentials. It’s unclear how many people were affected. The dodgy file was not made available through an auto-update.

In an FAQ, Transmission’s developers explained that the poisoned file was removed from the server immediately upon its discovery, and less than 24 hours after its was first uploaded.

It appears that on or about August 28, 2016, unauthorised access was gained to our website server. The official Mac version of Transmission 2.92 was replaced with an unauthorised version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day.

---

Title: AFP, Australia Post targeted by crypto-ransomware

Author: Byron Connolly

Date: 02/09/2016

Excerpt: The Australian Federal Police and Australia Post are among several organisations across 22 countries that have been targeted by TorrentLocker, a crypo-ransomware that spreads via spam messages.

ESET researchers on Friday said they have examined samples of this malware – first analysed in 2014 – in the past months and discovered it is still active due to how it chooses potential victims with targeted spam and avoids attention.

TorrentLocker impersonates local postal service, energy or telecom companies and displays a page claiming that a “document” (purportedly a bill of tracking code) should be downloaded. If a malicious document is downloaded and opened by the user, TorrentLocker is executed.

The download, ransom and payment pages are highly localised, using the user’s own language and currency.

---

Finally, here are some of this week's more interesting security bulletins (sorted by oldest to newest):

1) ASB-2016.0084 - [Win][Linux][OSX] Google Chrome: Multiple vulnerabilities

Multiple vulnerabilities have been fixed in the latest release of Google Chrome. The vulnerabilities include remote code execution, denial of service, cross-site scripting, and address bar spoofing.

Have a happy, bug free, weekend!
Olivia