//Week in review - 22 Mar 2019

AusCERT Week in Review for 22nd March 2019

AusCERT Week in Review
22 March 2019

Have you registered for the AusCERT conference? There’s only 3 weeks until our Early Bird closing date – registrations and program details can be found on: https://conference.auscert.org.au

Speaking of events, just yesterday we jointly hosted a public lecture from Major General Marcus Thompson AM, Deputy Chief Information Warfare Division (IWD) with the Australian Defence Force.  There were over 200 attendees, and the presentation was followed by a panel which attracted a lot of audience participation with a range of perspectives. https://www.auscert.org.au/events/2019-03-21-cyber-warfare-hear-major-general-marcus-thompson

Did you catch us at BSides Canberra last weekend?  If not, you have another opportunity – our very own Mike Holm and Anthony Vaccaro will be presenting at BrisSEC next Friday.  Be sure to come up and say ‘hello’ to them afterwards!
Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:
Christchurch tragedy-related scams and attacks
Date Published: 18 March 2019
URL: https://www.cert.govt.nz/businesses-and-individuals/recent-threats/christchurch-tragedy-related-scams-and-attacks/
Author: CERT NZ

“CERT NZ has received reports of different opportunistic online scams and attacks in the wake of the tragic events in Christchurch last week. This includes online donation fraud, malicious video files, defacement of NZ websites, and website disruption.”
Spam Warns about Boeing 737 Max Crashes While Pushing Malware
Date Published: 16 March 2019
URL: https://www.bleepingcomputer.com/news/security/spam-warns-about-boeing-737-max-crashes-while-pushing-malware/
Author: Lawrence Abrams

“A new malspam campaign is underway that is trying to utilize the tragic Boeing 737 Max crashes as a way to spread malware on a recipient’s computer. These spam emails pretend to be leaked documents about imminent crashes that the sender states should be reviewed and shared with loved ones to warn them.”
The Government wants to free up your bank data. Here’s what that means for you
Date Published: 20 March 2019
URL: https://www.abc.net.au/news/science/2019-03-20/consumer-data-right-bank-transactions-privacy/10898060
Author: Ariel Bogle

“The Consumer Data Right (CDR), which begins to come online mid-year, aims to give Australians more agency to access and control parts of their personal information.
The government calls it a “game changer”, but critics fear that without careful consideration, it could have serious privacy implications, among other concerns.”
Fake CIA emails requesting Bitcoin payment or arrest
Date Published: 20 March 2019
URL: https://www.staysmartonline.gov.au/alert-service/fake-cia-emails-requesting-bitcoin-payment-or-arrest
Author: Stay Smart Online

“The Australian Cyber Security Centre (ACSC) is aware of malicious emails claiming to be from the Central Intelligence Agency (CIA) being received by Australians.
The emails state that the recipient’s personal details, addresses, contact information and information relating to their relatives are contained in a case file about the distribution and storage of pornographic electronic materials involving underage children.
The emails advise that arrests are scheduled and that a payment of $10,000 USD in Bitcoin will prevent further action or contact.”
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
Date Published: 21 March 2019
URL: https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/
Author: Brian Krebs

“Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. “
Here are this week’s noteworthy security bulletins:

ESB-2019.0880 – ESB-2019.0885 [Win][UNIX/Linux] Moodle: Multiple vulnerabilities
Multiple serious vulnerabilities have been patched in Moodle, so we recommend upgrading as soon as convienient.

ASB-2019.0082 – [Win][UNIX/Linux] Mozilla Firefox: Multiple vulnerabilities
Several vulnerabilities have been identified in Mozilla Firefox prior to version 66.0 [1], and Firefox ESR prior to version 60.6. Updates are available through most package managers.

ESB-2019.0920 – [Win][UNIX/Linux] Drupal modules: Execute arbitrary code/commands – Remote/unauthenticated
Three Drupal modules have been patched for remote code execution and cross site scripting.

ESB-2019.0915 – [Appliance] Cisco IP Phone 7800 and 8800 Series: Multiple vulnerabilities
Vulnerabilities in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.

ESB-2019.0950 – Medtronic Conexus telemetry: Multiple vulnerabilities
Successful exploitation of these vulnerabilities may allow an attacker with adjacent short-range access to one of the affected products to interfere with, generate, modify, or intercept the radio frequency (RF) communication of the Medtronic proprietary Conexus telemetry system, potentially impacting product functionality and/or allowing access to transmitted sensitive data.
Stay safe, stay patched and have a good weekend!