AusCERT Week in Review for 7th June 2019

AusCERT Week in Review for 7th June 2019

Greetings,

Another fun week has been and gone. Great to see many of you last week at the conference, and we hope you’ve settled back in to your daily roles.

Notable news this week includes a critical vulnerability in the Exim mail transfer agent and the disclosure of a second major hack of the Australian National University.

It’s an unconventional story: the bug in Exim was patched entirely by accident back in February, and so the release notes at the time did not include a security notice. Researchers from Qualys have since disclosed the vulnerability. If you run Exim (which roughly half of mail servers on the internet do), we advise updating to Exim 4.92. The fix will also be backported to minor versions down to 4.87 and made available by your OS providers in time.

Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

AusCERT2019: that’s a wrap!
https://www.auscert.org.au/blog/2019-06-07-auscert2019-s-wrap
Date published: 07/06/2019
Author: Bek of AusCERT
“The annual AusCERT Cyber Security Conference has wrapped up for another year. This industry-leading event was held across 4 days. More than 700 delegates heard from 50 speakers and attended an array of interactive workshops. They networked with industry professionals, learnt the latest and best practices in the cyber and information security industry, and some even got their hands on awesome prizes.

Here’s a summary of conference highlights for those who couldn’t attend.”

New RCE vulnerability impacts nearly half of the internet’s email servers
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/
Date published: 05/06/2019
Author: Catalin Cimpanu of ZDNet
“A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers, security researchers from Qualys have revealed today.

The vulnerability was patched with the release of Exim 4.92, on February 10, 2019, but at the time the Exim team released v4.92, they didn’t know they fixed a major security hole.”

ANU suffers second ‘significant’ hack in a year
https://www.itnews.com.au/news/anu-suffers-second-significant-hack-in-a-year-526123
Date published: 04/06/2019
Author: iTnews
“The Australian National University has suffered a massive data breach with about 19 years of data accessed by an unknown attacker.

It’s the second major attack against the ANU, which was also hit in mid-July last year. The university at the time blamed an advanced persistent threat but said the “significant” damage from that incident had been contained.”

United States visa applicants now required to hand over social media usernames
https://www.abc.net.au/news/2019-06-03/us-visa-applicants-to-hand-over-social-media-usernames/11172086
Date published: 03/06/2019
Author: ABC News
“The State Department is now requiring nearly all applicants for US visas to submit their social media usernames, previous email addresses and phone numbers.

It’s a vast expansion of the Trump administration’s enhanced screening of potential immigrants and visitors. The department says it has updated its immigrant and non-immigrant visa forms to request the additional information, including “social media identifiers”.”

Google Cloud goes down, taking YouTube, Gmail, Snapchat and others with it
https://www.zdnet.com/google-amp/article/google-cloud-goes-down-taking-youtube-gmail-snapchat-and-others-with-it/
Date published: 03/06/2019
Author: ZDNet
Excerpt: “A mysterious outage has hit Google Cloud, one of the biggest cloud service providers on the internet, and thousands of sites have gone down as a result, including both Google and non-Google services. Affected companies include some of the biggest names around, such as Snapchat, Vimeo, Shopify, Discord, Pokemon GO; but also most of Google’s own services, like YouTube, Gmail, Google Search, G Suite, Hangouts, Google Drive, Google Docs, Google Nest, and others.

In an extreme case of irony, according to a Google employee, the outage was so severe that it also took down internal tools Google engineers were using to communicate among each other about the outage, making recovery efforts even more difficult.”

Noteworthy bulletins of the week:

1) ESB-2019.2018.2 – exim: Execute arbitrary commands – Remote/unauthenticated.
https://www.auscert.org.au/bulletins/ESB-2019.2018.2/

The above-mentioned exim vulnerability.

2) ESB-2019.2033 – IBM WebSphere Application Server: Multiple vulnerabilities.
https://www.auscert.org.au/bulletins/ESB-2019.2033/

IBM Java SDK is in many of their products, and so is WebSphere. Expect a steady trickle of other IBM products updating their internal WebSphere version.

3) ESB-2019.2017 – Python Django: Cross-site scripting.
https://www.auscert.org.au/bulletins/ESB-2019.2017/

We love Django and are glad to see it’s kept up to date from pesky human errors.

4) ASB-2019.0153 – Android: Multiple vulnerabilities.
https://www.auscert.org.au/bulletins/ASB-2019.0153/

You can expect Android patch level 2019-06-05 to reach your phone, tablet or ICS controller in two to infinity months.

Stay safe, stay patched and have a good weekend!

David