23 Feb 2018

Week in review

AUSCERT Week in Review for 23rd February 2018

Greetings,

I hope you all had a good week and can enjoy the upcoming weekend.

This week, the Mandatory Data Breach Notification Scheme came into effect,
and we have an informative blog entry regarding this on the AUSCERT
website at:

https://wordpress-admin.auscert.org.au/blog/2018-02-22-mandatory-data-breach-notification-scheme

Here’s a summary (including excerpts) of some of the more interesting
stories we’ve seen this week:

Tesla Internal Servers Infected with Cryptocurrency Miner
Date Published: 20 Feb 2018
https://www.bleepingcomputer.com/news/security/tesla-internal-servers-infected-with-cryptocurrency-miner
Author: Catalin Cimpanu
Excerpt: “Hackers have breached Tesla cloud servers used by the company’s engineers and have installed malware that mines the cryptocurrency.”

——-

Null Character Bug Lets Malware Bypass Windows 10 Anti-Malware Scan Interface
Date Published: Feb 19 2018
https://www.bleepingcomputer.com/news/security/null-character-bug-lets-malware-bypass-windows-10-anti-malware-scan-interface
Author: Catalin Cimpanu
Excerpt: “Malware that embeds a null character in its code can bypass security scans performed by the Anti-Malware Scan Interface (AMSI) on Windows 10 boxes.”

——-

Internet of Babies – When baby monitors fail to be smart
Date Published: Feb 21 2018
https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html
Author: Mathias Frank / www.sec-consult.com
Excerpt: “An attacker is able to access and interact with arbitrary video baby monitors and hijack other user accounts. Based on observed user identifier values extracted from the cloud API and Google Play store data, an estimated total number over 52000 user accounts and video baby monitors are affected”

——-

Until last week, you could pwn KDE Linux desktop with a USB stick
Date Published: Feb 12 2018
https://www.theregister.co.uk/2018/02/12/kde_naming_usb_drive_vuln
Author: John Leyden
Excerpt: “A recently resolved flaw in the KDE Linux desktop environment meant that files held on a USB stick could be executed as soon as they were plugged into a vulnerable device.”

——-

Here are this week’s noteworthy security bulletins:

1) ESB-2018.0526 – [Virtual] Cisco Elastic Services Controller Service
Portal: Administrator compromise – Remote/unauthenticated
https://portal.auscert.org.au/bulletins/58722
Administrator access allowed with empty password value!

2) ESB-2018.0494 – [UNIX/Linux][Debian] plasma-workspace: Execute arbitrary
code/commands – Console/physical
https://portal.auscert.org.au/bulletins/58594
This describes the Debian 9 fix to the KDE USB vulnerability referred to
in the Register’s article above.

3) ESB-2018.0541 – [Linux] IBM Security Guardium: Access privileged data –
Existing account
https://portal.auscert.org.au/bulletins/58790
We are still seeing Spectre fixes making their way into various products.

4) ESB-2018.0486 – [Apple iOS][Android] Schneider Electric IGSS Mobile:
Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/58562
Android and iOS application design and security issues are still very
prevalent.

 

Stay safe, stay patched and have a good weekend!

Marcus.