//Week in review - 4 May 2018

AusCERT Week in Review for 4th May 2018

AusCERT Week in Review
04 May 2018


Happy Friday all.
Plenty of patches and some interesting security stories again this week.

Here’s a summary (including excerpts) of some of the more interesting
stories we’ve seen this week:

Title: Twitter to All Users: Change Your Password Now!
Date Published: 03-05-2018
URL: https://krebsonsecurity.com/2018/05/twitter-to-all-users-change-your-password-now/
Author: Brian Krebs
“Twitter just asked all 300+ million users to reset their passwords, citing
the exposure of user passwords via a bug that stored passwords in plain text”


Title: Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package
Date Published: 03-05-2018
URL: https://www.bleepingcomputer.com/news/security/somebody-tried-to-hide-a-backdoor-in-a-popular-javascript-npm-package/
Author: Catalin Cimpanu
“The Node Package Manager (npm) team avoided a disaster today when it
discovered and blocked the distribution of a cleverly hidden backdoor


Title: Australia’s Biggest Bank Loses 20 Million Customer Records
Date Published: 03-05-2018
URL: https://www.securityweek.com/australias-biggest-bank-loses-20-million-customer-records
Author: AFP
“Australia’s troubled Commonwealth Bank admitted Thursday it had lost
financial records for almost 20 million customers in a major security
blunder — but insisted there was no need to worry.”


Title: DDoS Attacks Go Down 60% Across Europe Following WebStresser’s Takedown
Date Published: 02-05-2018
URL: https://www.bleepingcomputer.com/news/security/ddos-attacks-go-down-60-percent-across-europe-following-webstressers-takedown/
Author: Catalin Cimpanu
“Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across
Europe following the takedown of WebStresser, the largest DDoS-for-hire
portal on the market.”


Title: Fancy Bear abuses LoJack security software in targeted attacks
Date Published: 03-05-2018
URL: https://securityaffairs.co/wordpress/72072/apt/fancy-bear-abuses-lojack.html
Author: Pierluigi Paganini
“Recently, several LoJack agents were found to be connecting to servers
that are believed to be controlled by the notorious Russia-linked Fancy
Bear APT group”


Here are this week’s noteworthy security bulletins:

1) ESB-2018.1312 – ALERT [RedHat] Red Hat: Root compromise – Existing account


Red Hat released updates for Openshift Container Platforms versions 3.1,
3.2 … 3.9 which had root compromise vulnerabilities.


2) ESB-2018.1381 – [Win] Philips Brilliance Computed Tomography (CT)
System: Multiple vulnerabilities


From the ICS-CERT’s advisory: “Successful exploitation of these
vulnerabilities may allow an attacker to attain elevated privileges
and access unauthorized system resources, including access to execute
software or to view/update files including patient health information
(PHI), directories, or system configuration.”


3) ESB-2018.1294 – [Mac] Safari: Execute arbitrary code/commands – Remote
with user interaction


Vulnerabilities in Webkit affected Safari in various Apple products.


4) ESB-2018.1363 – [Win][UNIX/Linux][Debian] jackson-databind: Execute
arbitrary code/commands – Remote/unauthenticated


Jackson-databind is a widely used Java library for parsing JSON and othe
data formats, so this issue could have ramifications on many products and
operating systems.


5) ESB-2018.1337 – [Linux] IBM QRadar SIEM: Multiple vulnerabilities


One of many IBM bulletins relating to Java vulnerabilities.


Stay safe, stay patched and have a good weekend!