//Week in review - 12 Jan 2018

AusCERT Week in Review for 12th January 2018


Another week of new updates for Meltdown and Spectre with a false start for some of the patches with Ubuntu Kernel updates bricking machines and Windows patches also putting AMD led PCs into reboot loops.
AusCERT has published 152 Bulletins in the first two weeks that’s an average of 16.8 bulletins a day! This must be a new record!
Please don’t forget to put in your paper submission for the AusCERT 2018 conference. Submissions close on the 19th which is just a week away now!

Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Ubuntu takes two on Meltdown CPU patch after first one bricked machines
Date Published: 11/1/2018
Author: Liam Tung (CSO Online)
Excerpt: “Ubuntu maker Canonical on Wednesday released a second take on its kernel fix for the Meltdown CPU bug in Ubuntu 16.04 LTS after reports of machines failing to reboot after the update.”

Title: Windows emergency Meltdown patch: Microsoft stops update for AMD PCs after crash reports
Date Published: 9/1/2018
Author: Nick Heath
Excerpt: “Microsoft has scaled back its rollout of Windows patches against the Meltdown and Spectre CPU flaws after reports the updates were crashing computers with AMD processors.”

Title: Microsoft: How the Threat Landscape Will Shift This Year
Date Published: 9/1/2018
Author: Kelly Sheridan
Excerpt: “Unlike security professionals, who have stressed over digital threats for years, most average consumers didn’t recognize the importance of security until 2017.”

Title: Where the CISO Should Sit on the Security Org Chart and Why It Matters
Date Published: 9/1/2018
Author: Christophe Veltsos
Excerpt: “In early 2016, boards were starting to take cybersecurity more seriously and, in the process, increasing their interactions with chief information security officers (CISOs). How much has changed in the past two years? To whom do CISOs report today, and why does it matter?”

Title: Healthcare breaches involving ransomware increase year-over-year
Date Published: 8/1/2018
Author: @helpnetsecurity
Excerpt:  “2017 has been a very challenging year for healthcare institutions as these organizations remain under sustained attack by cybercriminals that continue to target their networks.”

Title: New Cryptocurrency Mining Malware Has Links to North Korea
Date Published: 8/1/2018
Author: Jai Vijayan
Excerpt: “A security vendor has found another clue that North Korea may be turning to illegal cryptocurrency mining as a way to bring cash into the nation’s economy amid tightening international sanctions.
AlienVault on Monday said it had recently discovered malware that is designed to stealthily install a miner for Monero, a Bitcoin-like cryptocurrency, on end-user systems and to send any mined coins to the Kim Il Sung University (KSU) in Pyongyang.”

Here are this week’s noteworthy security bulletins:

1) ESB-2018.0112 – [Apple iOS] General Motors and Shanghai OnStar (SOS) iOS Client: Multiple vulnerabilities
Don’t jailbreak your iOS device if you own a recent General Motors vehicle and you control it with the Shanghai OnStar (SOS) iOS Client as someone may take control of your car for you!

2) ESB-2018.0121 – [UNIX/Linux][Ubuntu] irssi: Multiple vulnerabilities
Haven’t migrated to Slack yet? Still using IRC? Is your favourite IRC chat client still IRSSI? Well you probably should patch that too!

3) ESB-2018.0131.2 – UPDATED ALERT [Win][UNIX/Linux] VMware Workstation and Fusion: Execute arbitrary code/commands – Existing account
A use-after-free vulnerability and an Integer-overflow vulnerability in VMware NAT service have been fixed in the latest versions of VMware Workstation and Fusion. However you wouldn’t have been affected unless you turned IPv6 mode for VMNAT on as it is off by default.

4) ESB-2018.0129 – [Juniper] Juniper Junos OS: Multiple vulnerabilities
Juniper patched a whole array of vulnerabilities (including a few CRITICAL ones) on Junos OS and even managed to get the premium CVE numbers of CVE-2018-0001 to CVE-2018-0009.

Stay safe, stay patched and have a good weekend!