AusCERT Week in Review for 20th September 2019

AusCERT Week in Review for 20th September 2019

Greetings,

This week’s big headline is the findings of the AFP and ASIC’s investigation into a cybercrime syndicate targeting Australian superannuation accounts.

Also, Reuters (normally a relatively credible source) have published a story attributing the Australian parliament hack, albeit without official sources.

More after the jump.

China blamed for Australian parliament hack
Date: 16 September
Author: iTnews

Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters.
The Australian Signals Directorate concluded in March that China’s Ministry of State Security was responsible for the attack, the five people said.

Cyber fraud hits superannuation, share accounts
Date: 17 September
Author: iTnews

Millions of dollars have allegedly been stolen from personal superannuation and share trading accounts using hijacked identity credentials that were obtained on the dark net.
The Australian Federal Police and on Tuesday revealed the “multi-layered cybercrime activity” after a 12-month investigation into a major fraud and identity theft syndicate with the Australian Securities and Investment Commission.

400 Million Medical Radiological Images Exposed on the Internet
Date: 18 September
Author: Bleeping Computer

An analysis of medical image storage systems exposed to the public web reveals that almost 600 servers in 52 countries are completely unprotected against unauthorized access.
Audited systems were unpatched against thousands of vulnerabilities, more than 500 of them having the highest severity score.

A Guide on 5 Common LinkedIn Scams
Date: 19 September
Author: Tripwire

The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity.
Fortunately, users can stay alert of such activity by familiarizing themselves with the most common types of LinkedIn scams. Here are five ruses, in particular, that should be on their radar.

Here are some noteworthy bulletins from the week:

1. ESB-2019.3511 – Norton Password Manager information disclosure
Unspecified information disclosure vulnerability in Symantec’s password manager for Android.

2. ESB-2019.3519 – IBus access control vulnerability
Unintentional keylogger for different users on the same machine.

3. ESB-2019.3541 – Werkzeug cross-container access
The debugger security PIN was not unique per Docker container.

4. ASB-2019.0268 – Mozilla Thunderbird web view fixes
Thunderbird’s email view disables scripting, but if the program is used “in browser or browser-like contexts”, it could be abused.

Stay safe, stay patched, and have a good weekend!
David