Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 23rd December 2016

AusCERT Week in Review
23 December 2016

Greetings,

As Friday 23rd December comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

Title:
Vodafone to build infosec centre with DiData and FireEye
Date: December 19, 2016
URL: http://www.itnews.com.au/news/vodafone-to-build-infosec-centre-with-didata-and-fireeye-445112
Author: Juha Saarinen

Excerpt: Inks five-year deal. Vodafone has partnered with Dimension Data and FireEye to set up its new cyber defence and response centre. The two companies beat out six other unnamed vendors to set up Vodafone's CDRC, which will assist Vodafone's enterprise division and customers by providing round-the-clock event monitoring, threat protection, and security intelligence.

-----

Title: VMware Patches VDP, ESXi Vulnerabilities

Date Published: December 21, 2016
URL: http://www.securityweek.com/vmware-patches-vdp-esxi-vulnerabilities
Author: Eduard Kovacs

Excerpt: VMware has released patches that address important and critical vulnerabilities affecting the company’s vSphere Data Protection (VDP) and ESXi products.

-----

Title: Cyber-criminals Offer Christmas Ransomware Discount
Date Published: December 22, 2016
URL: http://www.infosecurity-magazine.com/news/cybercriminals-offer-christmas/
Author: Phil Muncaster

Excerpt: Cyber-criminals appear to be getting into the Christmas spirit, with one group offering ransomware victims who intend to pay a festive discount of more than half the original cost.
Security vendor Forcepoint spotted the seasonal campaign from the black hats behind the CryptXXX ransomware variant.


And lastly, here are this week's noteworthy security bulletins (in no particular order):

1.    ESB-2016.3070 - [Cisco] Cisco CloudCenter Orchestrator: Root compromise - Remote/unauthenticated  
https://www.auscert.org.au/42370

The vulnerability is due to a misconfiguration that causes the DockerEngine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain root privileges on the affected CloudCenter Orchestrator.

2.    ESB-2016.3076 - [UNIX/Linux][Virtual] VMware vSphere Data Protection (VDP): Root compromise - Remote/unauthenticated
https://www.auscert.org.au/42394

VDP contains a private SSH key with a known password that is configured to allow key-based authentication.
Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges.

3.    ESB-2016.3061 - [Linux] IBM Security Guardium: Root compromise - Existing account
https://www.auscert.org.au/42334

Linux Kernel could allow a local attacker to gain elevated privileges on the
system, caused by a race condition when handling the copy-on-write (COW)
breakage of private read-only memory mappings by the memory subsystem. IBM
Security Guardium has provided a fix for this vulnerability.



Seasons Greetings from AusCERT,
Geoffroy