//Week in review - 29 Mar 2019

AusCERT Week in Review for 29th March 2019


Another eventful week in information security!  Apart from plenty of vulnerabilities disclosed and patched, we have seen much media discussion regarding the intersection of IT, foreign powers, social media companies and politics.

In case you were not aware, there is a “World Backup Day”, and it is this Sunday, the day before April fool’s day!

The site http://www.worldbackupday.com/en/ has some interesting stats regarding backups and some arguments as to why we should backup our important data. We have also published a short blog about backups here.

Finally, another reminder regarding the upcoming AusCERT conference.  There is just over 2 weeks left to register for the Early Bird prices.  For further details, please visit:  https://conference.auscert.org.au

As for news, here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title:  US Congress proposes comprehensive federal data privacy legislation—finally

Date:  March 28, 2019

Author:  David Ruiz

Excerpt: “The United States might be the only country of its size – both in economy and population – to lack a comprehensive data privacy law protecting its citizens’ online lives.

That could change this year.

Never-ending cybersecurity breaches, recently-enacted international privacy laws, public outrage, and crisis after crisis from the world’s largest social media company have pushed US Senators and Representatives into rarely-charted territory: regulation.”

Title:  Commando VM: The First of Its Kind Windows Offensive Distribution

Date:  March 28, 2019

Author:  Jacob Barteaux, Blaine Stancill, Nhan Huynh

Excerpt: “For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you’d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn’t exist. As security researchers, every one of us has probably spent hours customizing a Windows working environment at least once and we all use the same tools, utilities, and techniques during customer engagements. Therefore, maintaining a custom environment while keeping all our tool sets up-to-date can be a monotonous chore for all. Recognizing that, we have created a Windows distribution focused on supporting penetration testers and red teamers.”

Title:  Norsk Hydro ransomware incident losses reach $40 million after one week

Date:  March 26, 2019

Author:  Catalin Cimpanu

Excerpt:  “A week after suffering a crippling ransomware infection, Norwegian aluminum producer Norsk Hydro estimates that total losses from the incident have already reached $40 million. […] It now remains to be seen how much of the $40 million losses will be covered by Norsk Hydro’s cyber-insurance policy. Most cyber-insurance policies don’t necessarily cover revenue losses caused by loss of business capabilities. Instead, most cover costs directly generated by the cyber-incident, such as IT consulting, incident response costs, and replacing computers and software.”

Title: Tesla car hacked at Pwn2Own contest

Date: March 23, 2019

Author:Catalin Cimpanu

Excerpt: “A team of security researchers has hacked a Tesla Model 3 car on the last day of the Pwn2Own 2019 hacking contest that was held this week in Vancouver, Canada. 

Team Fluoroacetate –made up of Amat Cama and Richard Zhu– hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process to execute code on the car’s firmware and show a message on its entertainment system.

As per contest rules announced last fall, the duo now gets to keep the car. Besides keeping the car, they also received a $35,000 reward.”

Here are some of this week’s noteworthy security bulletins (in no particular order):

ESB-2019.1047 – [RedHat] libssh2: Execute arbitrary code/commands – Remote with user interaction

SSH client-side arbitary code execution.

ESB-2019.1026 – [Cisco] Cisco IOS: Multiple vulnerabilities

Confidential data disclosure, arbitary code execution and root compromise for Cisco IOS.

ESB-2019.0997 – [RedHat] Red Hat Ansible Tower: Multiple vulnerabilities

Significant vulnerabilities for this popular configuration management tool.

ESB-2019.0991 – [Apple iOS] iOS: Multiple vulnerabilities

A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing”

Stay safe, stay patched and have a good weekend!