//Week in review - 17 Nov 2017
AusCERT Week in Review for 17th November 2017
AusCERT Week in Review
17 November 2017
As for more news, here’s a summary of some of the more interesting stories we’ve seen this week:
Title: Microsoft November Patch Tuesday Fixes 53 Security Issues
Date: 14 November 2017
Author: Catalin Cimpanu
“No zero-days this month
Details about four vulnerabilities were published online before today’s
patches, but fortunately, none were exploited in real-world attacks.”
Title: APCERT 2017 AGM and Conference: A Window into the CERT community
Date: 17 November 2017
Author: Anthony Vaccaro (of AusCERT!)
“Additionally, some external speakers were invited to give talks at the conference. Some highlights included a talk by Akamai representative Amol Mathur on attacks that target API services directly, bypassing many of the protections that are built into front-end applications, and an overview on using machine learning to analyse malware samples by Rajesh Nikam of Quick Heal. As malware campaigns grow in both size and number, we need to move away from manual analysis in order to process as many samples as possible, making use of technologies such as machine learning to automate the process.”
Title: 2,500+ Websites Are Now “Cryptojacking” To Use Your CPU Power And Mine Cryptocurrency
Date: 10 November 2017
Author: Adarsh Verma
Title: Researchers Fool iPhone X’s Face ID with $150 3D Printed Face
Date: 14 November 2017
Author: Liam Tung
“The company hasn’t revealed exactly how it tricked Face ID but says it was possible because they understood how Apple’s Face ID artificial intelligence worked. Face ID requires the user look directly at the camera by directing the direction of the user’s gaze, and then uses neural networks for matching and anti-spoofing.”
And lastly, here are this week’s noteworthy security bulletins (in no
1. ESB-2017.2953 – [Win][UNIX/Linux] OpenSAML2 metadata filter bypass
CVE-2017-16853: A filtering engine omits to run checks, leading to metadata exposure in a major SAML library. Expect to hear more on this.
2. ESB-2017.2931 – [Cisco] Known Root Credentials Enabled After Some Upgrades
The vulnerability occurs when a refresh upgrade or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. Subsequent upgrades disable this flag.
3. ESB-2017.2913 – [Debian] mediawiki: Multiple vulnerabilities
Cross-site scripting, revealing account existence and a set of HTML mangling attacks.
4. ASB-2017.0194 – [Win] Microsoft Edge: Multiple vulnerabilities
In seeking to speed up its Edge browser, Microsoft is producing and flattening RCEs.
Wishing you the best from AusCERT and hope to see you next week,