AusCERT Week in Review for 25th August 2017

AusCERT Week in Review for 25th August 2017

Greetings,

2017 Cyber Security Survey – Time is running out to submit!

Public awareness of cyber-crime has never been higher, but is that translating to business readiness? For the second consecutive year, AusCERT and BDO are delivering the Cyber Security Survey.

By taking part you will gain direct access to our survey report in November. This contains valuable data allowing you to compare your business’ current
cyber security efforts with trends in your industry sector.

Time is running out! Complete the survey and go in the draw to win one of three Apple Watches. The survey closes at midnight on Friday, 15 September 2017. The survey is anonymous and takes 15 minutes to complete.
https://www.bdo.com.au/en-au/insights/cyber-security/surveys/2017-cyber-security-survey?utm_medium=Email&utm_source=AusCERT

—–
As Friday 25th August comes to a close, we have seen another busy week of security updates. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Malware rains on Googles Android Oreo parade
Date Published: 24 Aug 2017
URL: https://nakedsecurity.sophos.com/2017/08/24/malware-rains-on-googles-android-oreo-parade/
Author: Bill Brenner
Excerpt: “Google has had an exciting summer, for good and bad reasons. The good news: Google just officially launched the eighth version of its operating system, Android Oreo, with enhancements for battery life and security. Last month, it also began rolling out a new feature called Google Play Protect, designed to scan apps that could cause harm to your Android device and data. The bad news: at least five different types of malware were found in Google Play in August alone, including spyware, banking bots and aggressive adware. Thousands of apps contain these malicious payloads and have infected millions of users.”
—–

Title: Ropemaker exploit allows for changing of email post-delivery
Date Published: 23 Aug 2017
URL: https://threatpost.com/ropemaker-exploit-allows-for-changing-of-email-post-delivery/127600/
Author: Chris Brook
Excerpt: “Researchers say a new exploitable attack vector for email, one that could enable the changing of email content content post-delivery, could let attackers bypass security controls and trick victims into clicking through to a malicious site.”
—–

Title: OAIC investigating Flight Centre customer data leak
Date Published: 21 Aug 2017
URL: https://www.itnews.com.au/news/oaic-investigating-flight-centre-customer-data-leak-471346
Author: Allie Coyne
Excerpt: “Firm is ‘co-operating’ with inquiries. Travel agency Flight Centre is under investigation by the country’s privacy regulator after accidentally
releasing personal information of an undisclosed number of its customers to third-party suppliers.”
—–

Title: Turnbull’s counter-terrorism plan goes beyond whether our cities need bollards
Date Published: 23 Aug 2017
URL: https://www.theguardian.com/commentisfree/2017/aug/23/turnbulls-counter-terrorism-plan-goes-beyond-whether-our-cities-needs-bollards-or-not
Author: Patrick Walsh
Excerpt: “Its yet unclear how much help small business owners in public places can expect in order to become resilient to terrorist attacks. But the strategy serves a more important point”
—–

Here are this week’s noteworthy security bulletins:

1) ESB-2017.2135 – ALERT [Appliance] Westermo MRD: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/51570
10 for the CVE score need I say more!

2) ESB-2017.2128 – [Appliance] HPE Integrated Lights-out 4: Execute arbitrary code/commands – Remote/unauthenticated
https://www.auscert.org.au/bulletins/51542
Lights out cards for priviliged remote access.

3) ESB-2017.2110 – [Debian] smb4k: Root compromise – Existing account
https://www.auscert.org.au/bulletins/51470
Samba we are blocking it at the edge right? Where is the edge today?

—

Stay safe and have a great weekend.

Peter