//Week in review - 16 Feb 2018

AusCERT Week in Review for 16th February 2018


Hopefully you have all had a rewarding and productive week.  

As usual, there is always a deluge of new vulnerabilities and patches to consider.  
Of course Microsoft’s “Patch Tuesday” this week added significantly to that.

Please note that there is an Information Security Incident Response Planning workshop held next week in Melbourne with discounted member pricing and places still available:

Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title:  2 Billion Files Leaked in US Data Breaches in 2017
Date Published:  15 Feb 2018
Author: Tara Seals
“Nearly 2 billion files containing the personal data of US citizens were leaked last year—and that number could be significantly underreported.”


Title:  Australian govt sites hijacked by crypto miner
Date Published:  12 Feb 2018
Author: Allie Coyne
“More than 4000 Australian and global government websites have been hijacked to run the Coinhive crypto currency mining software after a popular accessibility tool was compromised by attackers.”


Title: Australian Government attribution of the ‘NotPetya’ cyber incident to Russia
Date Published: 16 Feb 2018
Author: The Hon Angus Taylor MP Minister for Law Enforcement and Cybersecurity
“The Australian Government has joined the governments of the United States and the United Kingdom in condemning Russia’s use of the ‘NotPetya’ malware to attack critical infrastructure and businesses in June 2017.”


Here are this week’s noteworthy security bulletins:

1) ASB-2018.0047 – ALERT [Win] Microsoft Windows: Multiple vulnerabilities 2018-02-14
Microsoft has released its monthly security patch update for the month of February 2018.  Most notable is an Administrator Compromise vulnerability.

2) ASB-2018.0046 – [Win] ChakraCore: Execute arbitrary code/commands – Remote with user interaction 2018-02-14
ChakraCore from Microsoft has been patched for eleven (11) vulnerabilities all being remote code execution.  

3) ASB-2018.0045 – ALERT [Win][Mac] Microsoft Office Services and Web Apps: Multiple vulnerabilities 2018-02-14
Microsoft Office and Sharepoint similarly were patched for a variety of remote code execution, privilege escalations and information disclosures.

4) ASB-2018.0044 – ALERT [Win] Microsoft Edge: Multiple vulnerabilities 2018-02-14

Microsoft Edge was remediated for a number of vulnerabilities including remote code execution, information disclosure and security feature bypass.

Stay safe, stay patched and have a good weekend!