//Week in review - 16 Mar 2018

AusCERT Week in Review for 16th March 2018

AusCERT Week in Review
16 March 2018


Another week is coming to a close and this week brought us many new vulnerabilities to remediate and patch.

Samba released fixes for two vulnerabilities, one of which is terrifying if you run Samba as your AD as unprivileged authenticated users are able to change any other users’ passwords, including admin users, over LDAP.

Microsoft fixed 74 security vulnerabilities, Mozilla fixed 18 vulnerabilities with their update to Firefox 59, and Adobe also fixed vulnerabilities in Flash player (as usual), Connect and Dreamweaver CC.

The first public disclosure under the new Australian Mandatory Data Breach Notification scheme has been made public, shipping company Svizter Australia, revealed that details of its employees were leaked by email.

According to OAIC it has received 31 notifications in the first three weeks of the scheme being in operation.

To make this post a bit less grimm: The AusCERT2018 Cyber Security Conference program is now live!!

Be sure to register as soon as possible in order to secure your spots for the Tutorials! Many of them sell out extremely quickly. The Hak5 workshop is extremely popular, Darren and Sebastian always do an amazing job.


Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: First data breach publicised under Australian notice scheme

Date: 16/03/2018

Author: Staff Writers @ itnews

Excerpt: “Svizter reveals email leak. Shipping company Svizter Australia has revealed a data breach that saw the personal information of half of its employees leaked outside the company. Yesterday it revealed that up to 60,000 emails from three accounts in finance, payroll and operations were secretly auto-forwarded to two external accounts between May 27 2017 and March 1 this year.”


Title: Chinese Intelligence Agencies Are Doctoring the Country’s Vulnerability Database

Date: 10/03/2018

Author: Catalin Cimpanu

Excerpt: “Chinese intelligence agencies are doctoring the Chinese National Vulnerabilities Database (CNNVD) to hide security flaws that government hackers might have an interest in, according to a report released on Friday by US threat intelligence firm Recorded Future. The US company says it noticed in recent months mass edits to the CNNVD website. Recorded Future says CNNVD operators have been backdating the publication dates for hundreds of vulnerabilities.”


Title: Necurs and Gamut Botnets Account for 97% of the Internet’s Spam Emails

Date:  Catalin Cimpanu

Author: 12/03/2018

Excerpt: “Just two botnets accounted for 97% of all spam emails in the last three months of 2017, according to a McAfee report released earlier today.

For most of these months, Necurs has spent its time churning out “lonely girl” spam lures for adult websites, pump-and-dump schemes [1, 2], and delivering ransomware payloads. Overall, nearly two out of three spam emails sent in the last quarter of 2017 were sent from the infrastructure of this mammoth botnet.”


Title: One in Five Healthcare Employees Would Be Willing to Sell Sensitive Data, Reveals Survey

Date: 09/03/2018

Author: David Bisson

Excerpt: “A new survey reveals that nearly one in five healthcare employees would be willing to sell confidential data to an unauthorized party.

According to Accenture’s 2018 Healthcare Workforce Survey on Cybersecurity, 18 percent of employees that work at healthcare providers and payers would be willing to sell sensitive data to unauthorized individuals. Respondents from providers were more open to the idea of a sale than payers at 21 percent and 12 percent, respectively. Those willing to sell would generally expect to receive between $500 and $1,000 in the process.

The threat of an unauthorized data sale is not theoretical in nature, either. Almost a quarter (24 percent) of respondents know of someone in their organization who has already sold off confidential information.”


Title: On AMD Flaws from CTS Labs

Date: 13/03/2018

Author: Kevin Beaumont

Excerpt: “On AMD Flaws from CTS Labs

You may have seen media reports about flaws in AMD chipsets. AMD are currently reviewing the report, as they were given less than a day notice of vulnerabilities that CTS Labs claim put lives at risk (via their website, AMDflaws.com). This is a highly unusual and reckless disclosure of security flaws.”


And lastly, here are this week’s noteworthy security bulletins (in no particular order):

ESB-2018.0731 – ALERT [Win][UNIX/Linux] samba: Multiple vulnerabilities

On a Samba 4 AD DC any authenticated user can change other users’ passwords over LDAP, including the passwords of administrative users and service accounts.

ESB-2018.0742 – [Win][Linux][Mac] Flash Player: Execute arbitrary code/commands – Remote with user interaction

Two remote code execution vulnerabilities have been identified in Adobe Flash Player.

ESB-2018.0746 – [Appliance] GE medical devices: Unauthorised access – Remote/unauthenticated

Default and hard coded credentials for GE Medical Devices have been discovered.

ASB-2018.0057.2 – UPDATE [Win][Linux][Android][Mac] Firefox: Multiple vulnerabilities

16 vulnerabilities have been fixed in Firefox’s latest version.

ASB-2018.0059 – [Win][UNIX/Linux] Joomla!: Execute arbitrary code/commands – Existing account

An SQL Injection vulnerability has been patched in Joomla!

Stay safe, stay patched and have a good weekend!