27 Jul 2018

Week in review

AUSCERT Week in Review for 27th July 2018

AUSCERT Week in Review
27 July 2018

Good afternoon, and welcome to the end of another week in Infosec.

This week saw a brief respite from the cold, harsh Queensland winter.
In the AUSCERT office we’re definitely looking forward to the warmer months!

Thanks to our members who were able to attend our Melbourne Member meet-up
earlier this week, and anyone who stopped by our booth at the 2018 Security
Exhibition & Conference. We appreciate all the feedback we’ve gotten!

Here are some of the significant news stories from this week:

—–

New Spectre attack enables secrets to be leaked over a network
Author: Peter Bright
Date: 27 July 2018
https://arstechnica.com/gadgets/2018/07/new-spectre-attack-enables-secrets-to-be-leaked-over-a-network/

“Researchers from Graz University of Technology, including one of the
original Meltdown discoverers, Daniel Gruss, have described NetSpectre:
a fully remote attack based on Spectre. With NetSpectre, an attacker can
remotely read the memory of a victim system without running any code on
that system.”

Google Chrome Now Labels HTTP Sites as ‘Not Secure’
Author: Brian Barrett
Date: 24 July 2018
https://www.wired.com/story/google-chrome-https-not-secure-label

“Nearly two years ago, Google made a pledge: It would name and shame
websites with unencrypted connections, a strategy designed to spur web
developers to embrace HTTPS encryption. On Tuesday, it finally is following
through. With the launch of Chrome 68, Google now will call out sites with
unencrypted connections as “Not Secure” in the URL bar.”

Google: Security Keys Neutralized Employee Phishing
Author: Brian Krebs
Date: 23 July 2018
https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/

“Google has not had any of its 85,000+ employees successfully phished on
their work-related accounts since early 2017, when it began requiring all
employees to use physical Security Keys in place of passwords and one-time
codes, the company told KrebsOnSecurity.”

Singapore govt health database hacked
Author: Staff Writer
Date: 20 Jul 2018
https://www.itnews.com.au/news/singapore-govt-health-database-hacked-498782

“A major cyberattack on Singapore’s government health database resulted
in the personal information of about 1.5 million people – including Prime
Minister Lee Hsien Loong – being stolen.

The “deliberate, targeted and well-planned,” attack aimed at patients who
visited clinics between May 2015 and July 4 this year, the health ministry
said in a statement.”

Here are this week’s noteworthy security bulletins (in no particular order):

1. ESB-2018.2133 – Bluetooth devices: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/65666

Several Bluetooth implementations, including Apple, Broadcom and Intel,
are vulnerable to Man In The Middle attacks, as a result of a missing step
in validating elliptic curve parameters.

2. ESB-2018.2153 – ClamAV: Denial of service – Remote with user interaction
https://portal.auscert.org.au/bulletins/65750

Vulnerabilities in ClamAV could cause a hang when scanning specially
crafted PDF or HWP files.

3. ESB-2018.2129 – python-cryptography: Access confidential data –
Remote/unauthenticated
https://portal.auscert.org.au/bulletins/65650

A vulnerability in a popular cryptography library could expose sensitive
data.

——-

Stay safe, stay patched, and have a good weekend!

Anthony and the team at AUSCERT