//Week in review - 31 Jan 2020

AusCERT Week in Review for 31st January 2020


It is the end of another week, and another month – 2020 seems to be moving fast!

Call for Presentations and Tutorials – AusCERT Conference
Date: 2020-01-31
Author: AusCERT2020

Do YOU or someone YOU KNOW have a great story to tell? We would like to hear it! Our AusCERT2020 Call for Presentations and Tutorials close at midnight AEST and submissions can be entered here.
The AusCERT2020 Program Committee welcomes original contributions for presentations not previously published nor submitted in parallel for publication to any other conference or workshop taking place in proximity of the conference.

Citrix rolls out final patches to defend against the CVE-2019-19781 vulnerability
Date: 2020-01-27
Author: The Daily Swig

Citrix has completed the process of releasing patches for all supported versions of its technology affected by the CVE-2019-19781 vulnerability.
The now-infamous security flaw (CVE-2019-19781), which affects Citrix Application Delivery Controller (ADC) and Gateway products, first surfaced in mid-December.
Proof-of-concept exploit code dropped earlier this month. This prompted Citrix to double down on its patch release schedule – a process it completed on Friday.
Immediate patching is strongly recommended. [See AusCERT ESB-2019.4708.8 for what may be the final version of Citrix’s advisory.]

What ‘Have I been Pwned?’ taught DHS’s internal cyber chief about passwords
Date: 2020-01-28
Author: CyberScoop

A website that informs users if their email address has been swept up in a data breach isn’t just popular with vigilant business owners or private security sleuths. The man charged with protecting the Department of Homeland Security’s systems from hackers also maintains an account on the “Have I been Pwned?” website, and it regularly reminds him of the risks passwords pose.
“I get emails from this website…on a monthly or bimonthly basis,” DHS CISO Paul Beckman said Tuesday at the Zero Trust Security Summit presented by Duo and produced by FedScoop and CyberScoop. “That is how often my username and password is getting compromised.”
Beckman said he registered both his personal and DHS email addresses on the website. The good news for him is that he uses a “second factor” – something like a SMS message or an authentication app – to log into his accounts and keep hackers out of them.

United Nations Confirms ‘Serious’ Cyberattack With 42 Core Servers Compromised
Date: 2020-01-30
Author: Forbes

One week after the United Nations called for an investigation into the claims that Jeff Bezos’ smartphone was hacked by Saudi Crown Prince Mohammed bin Salman, a claim that I first reported in March 2019, another investigation has revealed that the UN itself has been hacked.
The leak of an internal UN report to investigators at The New Humanitarian shows that core infrastructure servers were compromised during a successful cyberattack last year.
Although not yet attributed, attack fingerprint suggests sophisticated APT actors. It’s further understood that the hackers used a known vulnerability (CVE-2019-0604) in an internet-facing Microsoft SharePoint server, a web-based collaborative platform integrated with Microsoft Office.
UN spokesperson confirms decision not to disclose was taken.

Legacy TLS is on the way out: Start deprecating TLSv1.0 and TLSv1.1 now
Date: 2020-01-23
Author: Scott Helme

With TLS having taken some great steps forwards in recent years, with TLSv1.2 in 2008 and TLSv1.3 in 2018, it’s time to start dropping support for the legacy versions of TLS.
It would be good to remove these legacy versions now but it’s more important we upgrade to support higher versions and we do have some encouragement beyond me telling you it’s a good idea. Chrome is now warning users about sites that they visit that are using either TLSv1.0 or TLSv1.1 for the connection.
It’s not just Chrome either, Firefox announced they are going to drop all support for both TLSv1.0 and TLSv1.1 in March 2020 and they announced this all the way back in October 2018!

Apple Patches Tens of Vulnerabilities in iOS, macOS Catalina
Date: 2020-01-29
Author: SecurityWeek

Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products.
A total of 23 vulnerabilities were addressed in iOS 13.3.1 and iPadOS 13.3.1, now rolling out for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.
The flaws impact components such as Audio, FaceTime, ImageIO, IOAcceleratorFamily, IPSec, Kernel, libxpc, Mail, Messages, Phone, Safari Login AutoFill, Screenshots, and wifivelocityd.

ESB-2020.0282 – Cisco Webex Meetings Suite and Cisco Webex Meetings Online

“A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password.”

ESB-2020.0310 – USN-4256-1: Cyrus SASL vulnerability

“Cyrus SASL could be made to crash or execute arbitrary code if it received a specially crafted LDAP packet.”

ESB-2020.0273 – git security update

Multiple git issues addressed

ESB-2020.0291 – Intel Processors Data Leakage Advisory

“Potential security vulnerabilities in some Intel Processors may allow information disclosure.”

ESB-2020.0351 – macOS: Multiple vulnerabilities

Multiple issues addressed

Stay safe, stay patched and have a good weekend!

The AusCERT team.