//Week in review - 29 Nov 2019

AusCERT Week in Review for 29th November 2019


It’s been a week for embarrassing mistakes in the cyber world. Splunk and Hewlett-Packard have both announced show-stopping (but silly) bugs with how their systems keep track of time, and Australian parliamentarians have been told that they’ll undergo phishing simulations to prevent them from making the same mistakes as in the breach earlier this year.

Then again, who among us is immune to the most careful, targeted phishing attacks?

We heard tell recently of one large organisation conducting a test by sending forged emails to its developers, which told them to update their system by running $(curl | bash) – downloading a shell script from the internet and executing it immediately.

Some cautious developers tried to fetch the script with curl before piping it to bash, but the remote host could tell that it was not going straight to a shell, and returned an innocent-seeming script. Developers who executed the command as given did receive a malicious payload and a slap on the wrist.

Stay sharp, but stay forgiving.

Splunk customers should update now to dodge Y2K-style bug
Date: 2019-11-27
Author: Naked Security

If you’re a Splunk admin, the company has issued a critical warning regarding a showstopping Y2K-style date bug in one of the platform’s configuration files that needs urgent attention.

According to this week’s advisory, from 1 January 2020 unpatched instances of Splunk will be unable to extract and recognise timestamps submitted to it in a two-digit date format.

Pollies to face phishing tests after Parliament breach
Date: 2019-11-28
Author: iTnews

Parliamentarians and their staff will be subject to phishing email simulations in the wake of the state-sponsored cyber attack against Parliament House earlier this year.

The Department of Parliamentary Services will conduct the simulations as part of a new program to test the cyber security awareness of its more than 4000 parliamentary computing network users.

My Health Record: Australian healthcare scheme grades poorly on cybersecurity
Date: 2019-11-28
Author: The Daily Swig

A review of Australia’s controversial My Health Record scheme has concluded that it does, as experts have warned, present security risks to the public.
In its review of the system, published on Monday, the Australian National Audit Office (ANAO) concluded that the A$1.5 billion project is “largely effective”, although poor management of shared cybersecurity risks, including inadequate controls over access to patients’ records, remains a pressing issue.

In terms of privacy, the ANAO found, emergency access to patients’ records was widely being misused.

Meanwhile, healthcare providers are not all achieving minimum levels of cybersecurity, says the ANAO, with the Australian Digital Health Agency failing to monitor compliance effectively.

It has also failed to check whether third-party software providers to healthcare agencies are complying with the government’s cybersecurity framework.

HP Warns That Some SSD Drives Will Fail at 32,768 Hours of Use
Date: 2019-11-26
Author: BleepingComputer

HP released firmware updates for a number of its Serial-Attached SCSI solid-state drives to prevent their failure at exactly 32,768 hours of operation time.

The devices are used in multiple server and storage products for enterprise, such as HPE ProLiant, Synergy, Apollo, JBOD D3xxx, D6xxx, D8xxx, MSA, StoreVirtual 4335 and StoreVirtual 3200.

The abnormal expiration time translates to 3 years, 270 days and 8 hours, a lot less than the normal lifespan of these products. For some of them, the warranty can be extended to up to five years.

Silly Phishing Spotlight: Login to Unblock Microsoft Excel
Date: 2019-11-24
Author: BleepingComputer

As part of our ongoing series to educate users about some of the more silly phishing scams out there, we bring a new one that states Excel is blocked unless you login and verify your details. As people get more educated about phishing scams and how to spot them, we continue to see scammers create outlandish campaigns in order to bait people into entering their login credentials.

Such is the case with this new phishing email that states you won’t be able to use your Excel due to a “system delay” unless you first login.

ESB-2019.4501 – GitLab

GitLab released an update for the 12.5, 12.4 and 12.3 branches and almost immediately realised it omitted the important security fix they intended. If you only installed 12.5.1, 12.4.4 or 12.3.7 then ensure you update again to catch this.

ESB-2019.4475 – FreeRDP on SUSE: Unauthenticated memory leaks

Expect this fix to reach other distros soon.

ESB-2019.4441 – Symantec Critical System Protection: Authentication bypass

Symantec’s CSP software scored a 9.4/10 on the CVSSv3 scale for letting an attacker stroll through its controls.

ESB-2019.4460: Mailman on SUSE: Privilege escalation

The GNU mailing list manager contained a privilege escalation from the wwwrun user to root.

Stay safe, stay patched and have a good weekend!