//Week in review - 17 Sep 2017

AusCERT Week in Review for 15th September 2017

AusCERT Week in Review
15th September 2017


As Friday 15th of September comes to a close, we are looking forward to having as many people answering the 2017 Cyber Security Survey – Last chance to submit!

Public awareness of cyber-crime has never been higher, but is that translating to business readiness? For the second consecutive year, AusCERT and BDO are delivering the Cyber Security Survey. By taking part you will gain direct access to our survey report in November. This contains valuable data allowing you to compare your business’ current cyber security efforts with trends in your industry sector. Time is running out! Complete the survey and go in the draw to win one of three Apple Watches.* The survey closes at midnight on Friday, 15 September 2017. The survey is anonymous and takes 15 minutes to complete.


* Refer to the website for competition terms and conditions.

This is all topped off with numerous security related news items this week. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: US govt bans Kaspersky products
URL: https://www.itnews.com.au/news/us-govt-bans-kaspersky-products-473254
Date: 14 Sep 2017
Author: Dustin Volz

Excerpt: ” Orders purge amid concern about Kremlin influence.

The Trump administration has told United States government agencies to remove Kaspersky Lab products from their IT systems, saying it was concerned the Moscow-based cyber security firm is vulnerable to Kremlin influence.”

Title: BlueBorne: Bluetooth bug could expose billions of devices to attack,
cyber experts warn
URL: http://www.abc.net.au/news/2017-09-13/bluetooth-bug-could-expose-billions-of-devices-to-attack/8942378
Date: 14 Sep 2017
Author: George Roberts

Excerpt: “Internet security experts are urging people to update their software to protect against a serious vulnerability, which if exploited could spread uncontrollably via the common wireless technology bluetooth.”

Title: Microsoft patches zero-day used to install police spyware
URL: https://www.itnews.com.au/news/microsoft-patches-zero-day-used-to-install-police-spyware-473176
Date: 13 Sep 2017
Author: Juha Saarinen

Excerpt: “.NET framework flaw exploited.

Microsoft’s regular Patch Wednesday round of security updates for Windows has closed a bug that left computers open to malware installed by law enforcement agencies.”

Title: Zerodium offering $1M for TOR browser zero Days
URL: https://threatpost.com/zerodium-offering-1m-for-tor-browser-zero-days/127959/
Date: 13 Sep 2017
Author: Chris Brook

Excerpt:”The exploit acquisition vendor Zerodium is doubling down again.

Weeks after the company said it would pay $500,000 for zero days in private messaging apps such as Signal and WhatsApp, Zerodium said Wednesday it will pay twice that for a zero day in Tor Browser.”

Title: Equifax’s Mega-Breach Was Made Possible by a Website Flaw It
Could Have Fixed
URL: http://fortune.com/2017/09/14/equifax-data-breach-security-apache-struts/
Date: 14 Sep 2017
Author: David Meyer

Excerpt:”Good website security is tough, but the consequences of bad website security can be far tougher. That appears to be one of the big lessons coming out the debacle surrounding Equifax’s mega-breach, which has “humbled” the credit-reporting giant.”

Title: Edward Snowden offers mixed review on Apple’s Face ID
URL: https://www.cnet.com/news/edward-snowden-offers-mixed-review-on-apples-face-id/
Date: 12 Sep 2017
Author: Steven Musil

Excerpt:”The new facial recognition system sports a “robust” design but may normalize technology that is ripe for abuse, the NSA leaker tweets.”


And lastly, here are this week’s noteworthy security bulletins (in no particular order):

1. ESB-2017.2298 – [Linux][RedHat] kernel: Execute arbitrary code/commands – Remote/unauthenticated
Bluetooth not designed with security in mind.

2. ASB-2017.0148 – [Win] Microsoft .NET Framework: Execute arbitrary code/commands – Remote with user interaction
Was this the vulnerability that was allegedly used by law enforcement?

3. ESB-2017.2296 – [RedHat] chromium-browser: Multiple vulnerability
The browser, a window to a world.

4. ESB-2017.2331 – [Ubuntu] tcpdump: Multiple vulnerabilities
A reminder to keep your tools up to date as well as OS.

Wishing you the best from AusCERT and stay safe,