//Week in review - 4 Jun 2018

AusCERT Week in Review for 1st June 2018


This slightly belated Week in Review comes on the heels of a big week in the form of the AusCERT2018 conference! It was that time once again for us to all come together and put names to faces, see some great talks, and hopefully learn some new skills. Big thank-you to everyone who was able to come and join us, but worry not for those who couldn’t, because planning for AusCERT2019 has already begun!

Just remember not to connect to any unsecured WiFi.

Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

AusCERT and the Award for Information Security Excellence
Date Published: 01 June 2018
Author: Troy Hunt
Excerpt: “Yes, that guy is wearing a cape, it was a Star Wars thing.”


AusCERT 2018 – Awards
Date Published: 01 June 2018
Author: Anthony Caruana
Excerpt: “AusCERT’s annual awards, sponsored by the SANS Institute, night kicked off in spectacular fashion with fire-breathing commedian/musician Brian Brushwood carrying out his own version of a penetration test when he hammered a nail into his head through is nasal cavity.”


Python May Let Security Tools See What Operations the Runtime Is Performing
Date Published: 28 May 2018
Author: Catalin Cimpanu
Excerpt: “A new feature proposal for the Python programming language wants to add “transparency” to the runtime and let security and auditing tools view when Python may be running potentially dangerous operations.”


Ghostery Tries to Comply With GDPR, but Ends Up Violating GDPR in the Process
Date Published: 28 May 2018
Author: Catalin Cimpanu
Excerpt: “The company behind Ghostery, a privacy-focused browser and an ad-blocking browser extension, has apologized for a technical error that occurred last Friday when its staff was sending out GDPR-themed notification emails.”


Here are this week’s noteworthy security bulletins:

1) ASB-2018.0123 – ASB-2018.0123 – [Win][Linux][Mac] Google Chrome: Multiple vulnerabilities

Another release of Chrome patches the usual culprits – RCE, XSS, DoS.

2) ESB-2018.1647 – [Linux][RedHat] xmlrpc3: Execute arbitrary code/commands – Remote/unauthenticated

Deserialisation leading to RCE.

3) ESB-2018.1626 – [Ubuntu] apport: Root compromise – Existing account

Ubuntu’s crash reporting utility could lead to privilege escalation if expected
files were missing from /proc

Code poorly and you might end up as root!

4) ESB-2018.1625 – [RedHat] Red Hat Enterprise Linux 7.3

RHEL 7.3 Extended Update Support is rapidly approaching end of life, and support
will cease November 30, 2018.

5) ESB-2018.1619 – [Linux] VMware Horizon Client: Root compromise – Existing account

SUID strikes again, in the form of a root compromise for Linux hosts with the
VMWare Horizon Client installed.

Stay safe, stay patched and have a good weekend!