//Week in review - 8 Sep 2017

AusCERT Week in Review for 8th September 2017

AusCERT Week in Review
8th September 2017


As Friday 8th of September comes to a close, we are looking forward to having as many people answering the 2017 Cyber Security Survey – Time is running out to submit!

Public awareness of cyber-crime has never been higher, but is that translating to business readiness? For the second consecutive year, AusCERT and BDO are delivering the Cyber Security Survey.
By taking part you will gain direct access to our survey report in November. This contains valuable data allowing you to compare your business’ current cyber security efforts with trends in your industry sector.
Time is running out! Complete the survey and go in the draw to win one of three Apple Watches.* The survey closes at midnight on Friday, 15 September 2017.

The survey is anonymous and takes 15 minutes to complete.

* Refer to the website for competition terms and conditions.

This is all topped off with numerous security related news items this week. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Breach at Equifax May Impact 143M Americans
URL: https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/
Date: 7th September 2017
Author: Brian Krebs

“Equifax, one of the “big-three” U.S. credit bureaus, said today a data breach at the company may have affected 143 million Americans, jeopardizing consumer Social Security numbers, birth dates, addresses and some driver’s license numbers.”


Title: Patch Released for Critical Apache Struts Bug
URL: https://threatpost.com/patch-released-for-critical-apache-struts-bug/127809/
Date: 5tht September 2017
Author: Tom Spring

“This particular vulnerability allows a remote attacker to execute arbitrary code on any server running an application built using the Struts framework and the popular REST communication plugin. The weakness is caused by the way Struts deserializes untrusted data,”


Title: Australian SMEs consider antivirus software sufficient defence: MYOB
URL: http://www.zdnet.com/article/australian-smes-consider-antivirus-software-sufficient-defence-myob/
Date: 6th September 2017
Author: Asha McLean

“A study by accounting software firm MYOB has found that 87 percent of small and medium-sized enterprises (SMEs) in Australia consider their business to be safe from cyber attacks, mainly because they use antivirus software.”

Title: Xero users targeted by info stealer malware
URL: https://www.itnews.com.au/news/xero-users-targeted-by-info-stealer-malware-472853
Date: 8th September 2017
Author:Juha Saarinen

“..a sophisticated phishing email campaign in August that purported to be from Xero.
The messages were similar to Xero monthly billing notifications, and asked users to review their invoices by clicking on a link in the email.
If the targeted users clicked on the link, a ZIP archive containing obfuscated Javascript was downloaded to their computers..”

Title: Australians turning a blind eye to data backup & security
URL:  https://securitybrief.com.au/story/australians-turning-blind-eye-data-backup-security/
Date: 6th September 2017
Author: Sara Barker

“Some Australians are turning a blind eye to their computer safety – even despite highly publicised cyber attacks, according to a survey from Acronis.The global poll was conducted on the general internet population from Australia, Japan, Germany, the US, U.K, Germany, France and Spain in August.
The survey found that 46.5% of respondents do not back up their computers – possibly because 67.8% have never lost important photos or files from a computer or mobile device.”

Title: CSIRO’s Data61 builds innovative security platform for defence sector
URL: https://securitybrief.com.au/story/csiros-data61-builds-innovative-security-platform-defence-sector/
Date: 7th September 2017
Author: Sara Barker

“The technology, dubbed ‘Cross-Domain Desktop Compositor’ (CDDC), provides a single interface for staff, which works well in areas with limited physical workspace such as ships, Data61 says.
The CDDC also provides a seamless and fully integrated secure system, as well as additional functionality such as controlled data transfer and copy-paste.
According to Data61, solutions in the market often trade off security and usability against each other. Buyers who favour usability are more vulnerable to attacks and data leakage between secret networks.”


And lastly, here are this week’s noteworthy security bulletins (in no particular order):

1.    ESB-2017.2220 – [RedHat] kernel-rt : Root compromise – Existing account

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges

2.    ASB-2017.0141 – [Android] Google Nexus devices: Multiple vulnerabilities

Multiple vulnerabilities have been identified in Android prior to security patch level strings 2017-09-01 and 2017-09-05.

3.    ESB-2017.2261 – [BlackBerry] BlackBerry: Multiple vulnerabilities

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones.

4.    ESB-2017.2271 – [Win][UNIX/Linux] IBM Db2: Multiple vulnerabilities

A series of vulnerabilities in IBM Db2 that include Administrator Compromise.

Wishing you the best from AusCERT and stay safe,