//Week in review - 20 Apr 2018

AusCERT Week in Review for 20th April 2018

Right off the back of Microsoft’s patch Tuesday and Red Hat’s RHEL 7.5 updates, this week we have Oracle’s quarterly Critical Patch Updates and a slew of Cisco Advisories and Alerts – phew!
Bonus: A short video from CrikeyCon 2018 (a community-run information security conference in Brisbane) https://www.youtube.com/watch?v=VeOM-FxXOzY

Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
Date Published: Mon, 16th April 2018
Author: US-CERT
Excerpt: “Since 2015, the U.S. Government received information from multiple sources—including private and public sector cybersecurity research organizations and allies—that cyber actors are exploiting large numbers of enterprise-class and SOHO/residential routers and switches worldwide. The U.S. Government assesses that cyber actors supported by the Russian government carried out this worldwide campaign. These operations enable espionage and intellectual property theft that supports the Russian Federation’s national security and economic goals.”

Title: Why is the kernel community replacing iptables with BPF?
Date Published: Tue, 17th April 2018
Author: Thomas Graf
Excerpt: “Facebook has presented exciting work on BPF/XDP based load-balancing to replace IPVS that also includes DDoS mitigation logic. While IPVS is a tempting next step compared to iptables, Facebook is already migrating away from IPVS to BPF after seeing roughly a 10x improvement in performance.”

Title: FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms
Date Published: Thur, 19th April 2018
Author: Catalin Cimpanu
Excerpt: “An FDA document released this week reveals several of the FDA’s plans, including the desire to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches.”

“In addition, the FDA also plans to force device makers to create a document called “Software Bill of Materials” that will be provided for each medical device and will include software-related details for each product.”
Title: Microsoft Debuts Azure Sphere for IoT Security From Chip to Cloud
Date Published: Mon, 16th April 2018
Author: Rob Marvin
Excerpt: “Smith said Microsoft is making the Azure Sphere Security Service compatible not only with Azure, but with other cloud infrastructure providers such as Amazon Web Services (AWS), Google Cloud, IBM, Oracle, and others. The company is doing this for the same reason it’s releasing a Linux-based OS: making sure billions of IoT devices are secure.”
Here are this week’s noteworthy security bulletins:
1) ESB-2018.1182 – [Appliance] Abbott Laboratories Defibrillator: Multiple vulnerabilities

Abbott has produced firmware updates to help mitigate identified vulnerabilities in their eligible ICDs and CRT-Ds that utilize radio frequency (RF) communications. A third-party security research firm has verified the new firmware updates mitigate the identified vulnerabilities.
2) ESB-2018.1232 – [Win][UNIX/Linux] Drupal core: Cross-site scripting – Remote with user interaction
CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability.

3) ESB-2018.1229 – [SUSE] Linux kernel: Multiple vulnerabilities

The SUSE Linux Enterprise 12 SP3 Realtime kernel was updated to 4.4.120 to receive various security and bugfixes.
4) ASB-2018.0077 – [Win][UNIX/Linux] Oracle Database Server: Multiple vulnerabilities

Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM.  While the vulnerability is in Java VM, attacks may significantly impact additional products.

5) ESB-2018.1142 – [Win][UNIX/Linux][BSD][Debian] perl: Execute arbitrary code/commands – Remote with user interaction

GwanYeong Kim reported that ‘pack()’ could cause a heap buffer write overflow with a large item count.

Stay safe, stay patched and have a good weekend!