Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 6th January 2017

As Friday 6th January comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

-----

Title: Libpng library gets fix for truly ancient bug
Date Published: 3/01/2017
URL: http://www.theregister.co.uk/2017/01/03/libpng_library_gets_fix_for_truly_ancient_bug/
Author: Richard Chirgwin
Excerpt: "Slackware has raced out of the blocks in 2017, issuing one patch for the libpng image library on New Year's Day, and two Mozilla patches."

-----
Title: This Crazy Ransomware Restores Your Files If You Read About Ransomware
Date Published: 4/01/2017
URL: http://www.forbes.com/sites/leemathews/2017/01/04/this-crazy-ransomware-restores-your-files-if-you-read-about-ransomware/#4c4f5683db84
Author: Lee Mathews
Excerpt: "We've seen some pretty dastardly ransomware pop up over the past couple of years. Popcorn Time decrypts your files for free if you pass the infection on to your friends. Jigsaw deletes some of your files every hour until you pay up."

-----
Title: MongoDB Databases Actively Hijacked for Extortion
Date Published: 4/01/2017
URL: http://www.securityweek.com/mongodb-databases-actively-hijacked-extortion
Author: Ionut Arghire
Excerpt: "A hacker is attempting to monetize on MongoDB databases exposed to the Internet by hijacking them and demanding a ransom for the data, security researcher Victor Gevers has discovered."

-----
Title: US intelligence: 30 countries building cyber attack capabilities
Date Published: 5/01/2017
URL: http://www.zdnet.com/article/us-intelligence-30-countries-building-cyber-attack-capabilities/
Author: Steve Ranger
Excerpt: "More than 30 countries are developing offensive cyber attack capabilities, according to US intelligence chiefs.

They warn that cyber attacks against critical infrastructure and information networks will give attackers a means of bypassing traditional defence measures."

-----
Title: Windows PC spy nasty dormant for three years, mutates and resurfaces
Date Published: 5/01/2017
URL: http://www.theregister.co.uk/2017/01/05/backdoor_returns/
Author: John Leyden
Excerpt: "Two new variants of some Windows spyware first discovered in 2013 have surfaced in targeted attacks, security firm Forcepoint warns.

The new nasties – BigBoss and SillyGoose – are based on the three-year-old MM Core backdoor. MM Core spawned a spin-off named "StrangeLove" shortly after its discovery before mysteriously becoming dormant for years."

-----

Here are this week's noteworthy security bulletins:

1) ESB-2017.0010.2 - UPDATE [UNIX/Linux][Debian] libphp-phpmailer: Execute arbitrary code/commands - Remote/unauthenticated
https://www.auscert.org.au/42506

Dawid Golunski from legalhackers.com has found a critical unauthenticated remote code execution vulnerability in PHPMailer. The full disclosure write-up can be found at http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

2) ASB-2017.0002 - [Android] Google Nexus Devices: Multiple vulnerabilities
https://www.auscert.org.au/42622

The AOSP has released this month's batch of updates for Android but as usual they'll only be automatically pushed to your device if you have a supported Nexus or Pixel Device.

3) ESB-2017.0051 - [Win][OSX] Prenotification Security Advisory for Adobe Acrobat and Reader
https://www.auscert.org.au/42678

Get ready to patch Acrobat and Reader next week, Adobe issued this pre-notification for upcoming Security Updates on Tuesday!

----

AusCERT2017 Call for Presentations and Tutorials is now open!

AusCERT2017 will be held from 23-26 May 2017 at the Surfers Paradise Marriott, Gold Coast.

The AusCERT2017 program committee welcomes original contributions for presentations and tutorials not previously published nor submitted in parallel for publication to any other conference or workshop.

Please visit our conference website (https://conference.auscert.org.au) for more detailed information on submitting to the Call for Presentations and Tutorials in your time zone.

Stay safe, stay patched and have a good weekend!

Ananda