//Week in review - 21 Feb 2020

AusCERT Week in Review for 21st February 2020


On Monday 2 March the AusCERT External Security Bulletins (ESB) and AusCERT Security Bulletins (ASB) are going to be sent from bulletins@auscert.org.au.

You will still receive the bulletin service as usual but the source email address will be changed to bulletins@auscert.org.au.

This change is being executed to allow for easier filtering of one of our largest volumes of email correspondence.

However, if you are currently automating the bulletins you receive from auscert@auscert.org.au, make sure you tweak your scripts / update your mail rules to match on Monday 2 March.

Please see below for a selection of this week’s interesting news articles and security advisories.

China seeks help of national tech giants to track coronavirus with QR codes
Date: 2020-02-18
Author: iTnews

China’s government is enlisting the help of Alibaba Group Holding Ltd and Tencent Holdings Ltd to expand colour-based systems for tracking individuals affected with the coronavirus nationwide.
On Wednesday, Alipay, the payment app operated by Alibaba’s financial division Ant Financial, released a feature in collaboration with the government that assigns a coloured QR code representing the health of residents in Hangzhou.

APIs are becoming a major target for credential stuffing attacks
Date: 2020-02-19
Author: CSO Online

New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.

South Korea sees rise in smishing with coronavirus misinformation
Date: 2020-02-17
Author: ZDNet

The South Korean government has warned the public of a sharp rise in smishing attempts — scam text messages — that use misinformation about the novel coronavirus outbreak.

Firmware Weaknesses Can Turn Computer Subsystems
Date: 2020-02-19
Author: Dark Reading

Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants.

Why fixing security vulnerabilities in medical devices, IoT is so hard
Date: 2020-02-20
Author: Ars Technica

When your family opened up that brand-new computer when you were a kid, you didn’t think of all of the third-party work that made typing in that first BASIC program possible. There once was a time when we didn’t have to worry about which companies produced all the bits of licensed software or hardware that underpinned our computing experience. But recent malware attacks and other security events have shown just how much we need to care about the supply chain behind the technology we use every day.
The URGENT/11 vulnerability, the subject of a Cybersecurity and Infrastructure Security Agency advisory issued last July, is one of those events. It forces us to care because it affects multiple medical devices. And it serves as a demonstration of how the software component supply chain and availability of support can affect the ability of organizations to update devices to fix security bugs—especially in the embedded computing space.

Samsung freaks out smartphone owners with mysterious ‘1’ notification
Date: 2020-02-20
Author: Graham Cluley

Many owners of Samsung smartphones have received an odd notification from the Find My Mobile app.
Curious users who clicked on the notification message found that it simply disappeared, leaving them none the wiser.
The truth, however, is this – no, it’s nothing malicious. It was just an accident, as Samsung explained on Twitter, and it’s not the first time a test message has accidentally gone to the wider public.

ESB-2020.0537 – chromium-browser security update

Keep those browsers updated!

ESB-2020.0536 – firefox security update

As above.

ESB-2020.0548 – sudo security update

Another sudo vulnerability.

ESB-2020.0601 – USN-4289-1: Squid vulnerabilities

DOS, bypass and possibly RCE in a popular web proxy product.

Stay safe, stay patched and have a good weekend!

The AusCERT Team.