//Week in review - 8 Sep 2017

AusCERT Week in Review for 1st September 2017

AusCERT Week in Review 01 September 2017


2017 Cyber Security Survey – Time is running out to submit!

Public awareness of cyber-crime has never been higher, but is that translating to business readiness? For the second consecutive year, AusCERT and BDO are delivering the Cyber Security Survey.

By taking part you will gain direct access to our survey report in November. This contains valuable data allowing you to compare your business’ current cyber security efforts with trends in your industry sector.

Time is running out! Complete the survey and go in the draw to win one of three Apple Watches*. The survey closes at midnight on Friday, 15 September 2017.

The survey is anonymous and takes 15 minutes to complete.


* Refer to the website for competition terms and conditions

As Friday 1st of September comes to a close, we have seen another busy week of security updates. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:


Title: 700 Million-Plus Email Addresses Leaked by Spam Operation
Date Published: 31 Aug 2017
URL: https://www.bankinfosecurity.com/700-million-plus-email-addresses-leaked-by-spam-operation-a-10246
Author: Jeremy Kirk
Excerpt: “A sloppy spamming operation has exposed on a server in the Netherlands gigabytes of files that include 711 million email addressees and some associated account passwords.”


Title: China Creates Secure Communications Network
Date Published: 1 Sep 2017
URL: http://www.securitymagazine.com/articles/88280-china-creates-secure-communications-network
Author: Kylie Bull
Excerpt: “China is to use quantum cryptography to create an unhackable communications network. Using the network, some 200 users from the military, government, finance and electricity sectors will be able to send messages without the concern that others may be able to read them.”

Title: Session hijacking bug exposed GITLab users private tokens
Date Published: 31 Aug 2017
URL: https://threatpost.com/session-hijacking-bug-exposed-gitlab-users-private-tokens/127747/
Author: Chris Brook
Excerpt: “GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have opened its users up to session hijacking attacks.”


Title: Prevention is no Longer the Best Medicine – Recovery is Key
Date Published: 29 Aug 2017
URL: https://www.infosecurity-magazine.com/opinions/prevention-medicine-recovery-key/
Author: Rick Orloff
Excerpt: “In an ideal world, every company could trust each of its employees not to make any mistakes or slip up in regards to the handling of sensitive corporate data. In this utopia, each employee would also have an impregnable security solutionrendering themselves invulnerable to attack or breach.”

Title: Cyber-squatters Target Luxury Brands from Fendi to Prada
Date Published: 31 Aug 2017
URL: https://www.infosecurity-magazine.com/news/cybersquatters-target-luxury-brands/
Author: Tara Seals
Excerpt: “Fan of Fendi? Lover of Louboutin? Gaga for Gucci? Be careful, as there are more than 500 websites out here that are actively tricking web usersinto thinking they’re legitimate luxury fashion websites.”


Here are this week’s noteworthy security bulletins:

1) ASB-2017.0137 – [Win][UNIX/Linux] RubyGems: Multiple vulnerabilities


This one is a gem.

2) ESB-2017.2157 – [Appliance] Abbott Laboratories Accent/Anthem, Accent MRI, Assurity/Allure and Assurity MRI: Multiple vulnerabilities


Is your patching keeping pace?

3) ESB-2017.2165 – [Win][UNIX/Linux] Wireshark: Denial of service – Remote with user interaction



A reminder to keep your tools up to date also.

Stay safe and have a great weekend.