18 Jan 2019

Week in review

AUSCERT Week in Review for 18th January 2019

Greetings,

As another week comes to a close, we see a nice collection of data breaches. One leak containing 773 million email ID’s & 21.2 million unique, plain-text passwords with a total size of 87GB.

There were numerous Oracle security vulnerabilities reported and fixes released, as always, here’s a summary of some of the more interesting stories we’ve seen this week.

 

Title: 773 million email IDs, 21 million passwords for anyone to see in massive data dump

Date Published: 17 Jan 2019

Author: Tomáš Foltýn

Excerpt: Nearly 773 million unique email addresses and more than 21.2 million unique, plain-text passwords were there for the taking recently in a massive data dump that’s been dubbed Collection #1.

The news comes from security researcher Troy Hunt, who runs the Have I Been Pwned (HIBP) site that enables people to check and also receive alerts if any of their online accounts may have been the victim of a known breach.

The stash of data was posted on file-sharing service MEGA and later also on an “unnamed popular hacking forum”, said Hunt. It comprises more than 12,000 files that weigh in at 87 gigabytes in total.

—–

Title: Employees sacked, CEO fined in SingHealth security breach

Date Published: January 14, 2019

Author: Eileen Yu

Excerpt: Two employees have been sacked and five senior management executives, including the CEO, were fined for their role in Singapore’s most serious security breach, which compromised personal data of 1.5 million SingHealth patients. Further enhancements will also be made to beef up the organisation’s cyber defence, so that it is in line with recommendations dished out by the committee following its review of the events leading up to the breach, according to Integrated Health Information Systems (IHIS).

The IT agency responsible for the local healthcare sector that includes SingHealth, IHIS, said a lead in its Citrix team and a security incident response manager were found to be negligent and in non-compliance of orders. This had security implications and contributed to the “unprecedented” scale of the SingHealth security breach, the agency said in a statement Monday. 

—–

Title: Massive Oklahoma Government Data Leak Exposes 7 Years of FBI Investigations

Date Published:

Author: Thomas Brewster

Excerpt: Another day, another huge leak of government information.

Last December, a whopping 3 terabytes of unprotected data from the Oklahoma Securities Commission was uncovered by Greg Pollock, a researcher with cybersecurity firm UpGuard. It amounted to millions of files, many on sensitive FBI investigations, all of which were left wide open on a server with no password, accessible to anyone with an internet connection, Forbes can reveal.

“It represents a compromise of the entire integrity of the Oklahoma department of securities’ network,” said Chris Vickery, head of research at UpGuard, which is revealing its technical findings on Wednesday. “It affects an entire state level agency. … It’s massively noteworthy.”

—–

Title: Hackers breach and steal data from South Korea’s Defense Ministry

Date Published: Jan 16, 2019

Author: January 16, 2019

Excerpt: Hackers have breached the computer systems of a South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces.

The hack took place in October 2018. Local press reported this week[1, 2, 3] that hackers breached 30 computers and stole internal documents from at least ten.

The breached organization is South Korea’s Defense Acquisition Program Administration (DAPA), an agency part of the Ministry of National Defense.

It is believed that the stolen documents contain information about arms procurement for the country’s next-generation fighter aircraft, according to a news outlet reporting on the cyber-attack.

—–

Title: Vulnerability Allowed Fortnite Account Takeover Without Credentials

Date Published: January 16, 2019

Author: Kevin Townsend

Excerpt:

Hacking game accounts is a popular — and enriching — pastime. The rise of in-game marketplaces that can be used for buying and selling game commodities has attracted hackers who break into gamers’ accounts, steal their game commodities (and anything else they can find from personal data to parents’ bank card details) and sell them on for cash.

The traditional route has always been to phish the gamers’ credentials — and obviously the bigger and more popular the game, the bigger the pool for phishing. Checkpoint recently discovered a vulnerability (now fixed) in the biggest game of all that allowed criminals to gain access to users’ accounts without requiring credentials.

Here are this week’s noteworthy security bulletins

—-

1) ESB-2019.0163 – [RedHat] Red Hat Enterprise Linux 6.7 EUS Final Retirement Notice

Redhat issue their final retirement notice for Red Hat Enterprise Linux 6.7 EUS (Extended Update Support).

 

2) ASB-2019.0034 – [Win] Microsoft Team Foundation Server: Multiple vulnerabilities

An information disclosure and cross-site scripting vulnerability has been found in Microsoft Team Foundation Server.

 

3) ASB-2019.0035 – [Win] Microsoft Skype for Business Server 2015 CU 8: Cross-site scripting – Remote with user interaction

A cross-site scripting vulnerability has been discovered in Skype for Business 2015 server.

 

4) ESB-2019.0160 – [Ubuntu] irssi: Execute arbitrary code/commands – Remote with user interaction

A denial of service and code execution vulnerability was discovered in Irssi due to the way Irssi incorrectly handles certain inputs.

Stay safe, stay patched and have a great weekend,

Rameez