Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 9th December 2016

Greetings,

As Friday 9th December comes to a close, there have been numerous security
related news items this week. Here's a summary (including excerpts) of
some of the more interesting stories we've seen this week:

-----
Title: Hacker Holiday Havoc
Date Published: December 08, 2016
URL: http://www.securityweek.com/hacker-holiday-havoc
Author: Alastair Paterson
Excerpt: Its that time of year again...when consumers, retailers and manufacturers need to understand and be alert to the latest cyber attacks that threaten to dampen the spirit and excitement of the holidays.

-----
Title: Solar Power Firm Patches Meters Vulnerable to Command Injection Attacks
Date Published: December 8, 2016
URL: https://threatpost.com/solar-power-firm-patches-meters-vulnerable-to-command-injection-attacks/122324/
Author: Tom Spring
Excerpt: Solar software and analytics firm Locus Energy has pushed out a patch to its residential and commercial power meters to address a vulnerability that could allow hackers to access equipment and remotely execute code.

-----
Title: Floki Bot Improves on Zeus Banking Code to Grab PoS Info
Date Published: December 8, 2016
URL: http://www.infosecurity-magazine.com/news/floki-bot-improves-on-zeus-banking/
Author: Tara Seals
Excerpt: Floki Bot, a new financial malware variant, has been uncovered offered for sale on various darknet markets.
According to Cisco Talos and Flashpoint research, Floki Bot is based on the same codebase that was used by the infamous Zeus trojan, the source code of which was leaked in 2011. But rather than simply copying the features that were present within the Zeus trojan "as-is, Floki Bot claims to feature several new capabilities making it an even more attractive tool for criminals.

-----
Title: US Presidential Commission Outlines Key Cybersecurity Actions For Future Administrations
Date Published: December 6, 2016
URL: http://www.darkreading.com/threat-intelligence/us-presidential-commission-outlines-key-cybersecurity-actions-for-future-administrations/d/d-id/1327643?
Author: Kelly Sheridan
Excerpt: Report outlines ways to lock down critical infrastructure as well as IoT - and the urgent need to expand the security workforce by 2020 with 100,000 new jobs.

-----
Title: Millions of Dailymotion accounts exposed in hack
Date Published: December 7, 2016
URL: https://www.cnet.com/au/news/dailymotion-accounts-hacked/
Author: Patrick Holland
Excerpt: Throughout 2016, many popular sites admitted to notable security hacks. French website Dailymotion is the latest member of this group.

Dailymotion, one of the largest video-sharing platforms in the world, said Tuesday that some user accounts had been hacked but didn't provide any specifics.

The hack reportedly exposed more than 85 million accounts.

-----

Here are this week's noteworthy security bulletins:
1) ESB-2016.2872 - ALERT [Appliance] Tesla Gateway: Execute arbitrary code/commands - Remote with user interaction - (07/12/2016)
https://auscert.org.au/41570
Nice car, shame about your lack of control.

2) ESB-2016.2864 - [FreeBSD] telnetd: Root compromise - Existing account - (07/12/2016)
https://auscert.org.au/41538
Are you still running telnetd instead of SSH?

3) ESB-2016.2850 - [SUSE] qemu: Multiple vulnerabilities - (05/12/2016)
https://auscert.org.au/41474
Saw a few flavors of this come through check your systems.

4) ESB-2016.2873 - [RedHat] chromium-browser: Multiple vulnerabilities - (08/12/2016)
https://auscert.org.au/41574
Who doesnt use chrome?

5) ESB-2016.2848 - [Appliance][Virtual] F5 products: Provide misleading information - Remote/unauthenticated - (02/12/2016)
https://auscert.org.au/41462
Are you vulnerable with no patch, the question is what are you going to do?

Stay safe, stay patched and have a good weekend!