Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 3rd February 2017

As Friday 3rd February comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

Title: Ugly Password Gaffe Plagues Cryptkeeper Encryption App
Date: 31/01/2017
URL: https://threatpost.com/ugly-password-gaffe-plagues-cryptkeeper-encryption-app/123485/
Author: Michael Mimoso

Excerpt:
"A longtime Debian developer has recommended that the Cryptkeeper Linux encryption app be removed from the distribution. The advice came after the disclosure of a bug where the app sets the universal password “p” to decrypt any directory created with the program.
Simon McVittie, a programmer at Collabora, confirmed the findings of researcher Kirill Tkhai, who disclosed the bug Jan. 26. McVittie said he was able to reproduce the bug in the Stretch version (Debian 9, in testing), but not in the Jessie version (Debian 8)."

-----

Title: HPE acquires Niara to enhance Aruba’s network security portfolio
Date: 02/02/2017
URL: http://www.cbronline.com/news/cybersecurity/business/hpe-acquires-niara-to-enhance-arubas-network-security-portfolio/
Author: Byomakesh Biswal

Excerpt:
"Hewlett Packard Enterprise (HPE) has acquired California-based Niara, in an acquisition designed to strengthen its security portfolio.
Niara, a provider in the User and Entity Behaviour Analytics (UEBA) security market segment, will operate within HPE Aruba and work to enhance its Clear Pass network security portfolio for wired and wireless network infrastructure.
According to HPE, UEBA is a new class of security technology, designed to identify security threats that have penetrated traditional firewalls and protection systems.
Niara has developed a behaviour analytics software that automates the detection of attacks and risky behaviour inside an organisation, reducing the time and resources needed to neutralise such security threats."

-----

Title: Remember Malware Campaign Targeting Chrome Users? Now Encrypts Victim Data with Ransomware
Date: 02/02/2017
URL: http://wccftech.com/ransomware-target-google-chrome-users/
Author: Rafia Shaikh

Excerpt:
"Only a few weeks ago, we shared with our readers a malware campaign that was targeting Chrome users on Windows computers. First spotted in December 2016, the campaign uses the infamous EITest chain that has been used in multiple exploit kits leading to identity theft, ransomware and other kinds of attacks. While earlier, it was only targeting Chrome users with malware, latest research has spotted the same campaign now dropping ransomware, holding user data hostage for ransom."

-----

Title: WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update
Date: 02/02/2017
URL: https://threatpost.com/wordpress-silently-fixed-privilege-escalation-vulnerability-in-4-72-update/123533/
Author:  Chris Brook

Excerpt:
"WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week.
Sucuri, the firm that found the vulnerability, disclosed it Wednesday and said that if exploited, it could have let an attacker modify the content of any WordPress post or page."

-----

And lastly, here are this week's noteworthy security bulletins (in no particular order):

1) ESB-2017.0329 - ALERT [Win] Microsoft Windows SMB: Execute arbitrary
https://www.auscert.org.au/43838
By causing a Windows system to connect to a malicious SMB share, a remote attacker may be able to cause a denial of service or potentially execute arbitrary code with Windows kernel privileges.

2) ESB-2017.0274 - [Debian] chromium-browser: Multiple vulnerabilities
http://www.auscert.org.au/43614
Several vulnerabilities have been discovered in the chromium web browser.

3) ESB-2017.0222.3 - UPDATE [Win] Cisco WebEx Browser Extension: Execute arbitrary code/commands - Remote with user interaction
http://www.auscert.org.au/43390
A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system.

-----

Have a great weekend!

Geoffroy