//Week in review - 26 Apr 2019

AusCERT Week in Review for 26th April 2019


For a 3-day week, this week has still been quite busy for anyone in InfoSec. We hope that you all have layers of mitigations in place for the Oracle WebLogic zero-day otherwise; you may come back with even more work on Monday!

Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: New Oracle WebLogic zero-day discovered in the wild
Date Published: 25/4/2019
Author: ZDNet
Excerpt: “Security researchers have spotted a new zero-day vulnerability impacting the Oracle WebLogic server that is currently being targeted in the wild.

Oracle has been notified of the zero-day, but the software maker just released its quarterly security patches four days before this zero-day’s discovery.”


Title: Marcus Hutchins, slayer of WannaCry worm, pleads guilty to malware charges
Date Published: 19/4/2019
Author: Ars Technica
Excerpt: “Marcus Hutchins, the security researcher who helped neutralize the virulent WannaCry ransomware worm, has pleaded guilty to federal charges of creating and distributing malware used to break into online bank accounts.

“I regret these actions and accept full responsibility for my mistakes,” Hutchins wrote in a short post. “Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.””

Title: Another dark web marketplace bites the dust — Wall Street Market
Date Published: 23/4/2019
Author: ZDNet
Excerpt: “Less than a month after the oldest and biggest dark web marketplace announced plans to shut down, another dark web market has “exit scammed” after the site’s admins ran away with over $14.2 million in user funds.

Some of the market’s customer support staff are now blackmailing WSM customers. Staffers are asking for 0.05 Bitcoin (~$280) from vendors and customers who shared their Bitcoin address in support requests, threatening to share the address with law enforcement unless users pay the requested fee.

And just as we were writing this article, the same moderator who was extorting WSM users took things to another level by sharing their mod account credentials online, allowing anyone – including law enforcement – to access the WSM backend, which may contain details about buyers and sellers’ real identities.”

Title: Windows 7 Now Showing End of Support Warnings
Date Published: 22/4/2019
Author: BleepingComputer
Excerpt: “Microsoft has started to display alerts in Windows 7 stating that the operating system will reach end of support on January 14, 2020. This alert links to a page that then recommends users upgrade to Windows 10.

On January 14th, 2020, Windows 7 will officially reach end of support and Microsoft will no longer offer free security updates and technical support for the operating system.”

Title: Another European manufacturer crippled by ransomware
Date Published: 25/4/2019
Author: HelpNet Security
Excerpt: ““Due to an IT system failure, the Aebi Schmidt Group can temporarily neither receive nor send emails,” the company announced on Thursday. “The IT system failure is due to an attempt by third parties to infiltrate malware into our systems. More and more companies worldwide are being affected by such attacks.””

Here are this week’s noteworthy security bulletins:

1) ESB-2019.1408 – [Win][UNIX/Linux] BIND: Denial of service – Remote/unauthenticated

Multiple Denial of Service vulnerabilities have been patched in BIND.

2) ESB-2019.1412 – [Win][UNIX/Linux] Atlassian Confluence Server and Data Center: Multiple vulnerabilities

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource.

Stay safe, stay patched and have a great weekend,