28 Jul 2017

Week in review

AUSCERT Week in Review for 28th July 2017

Greetings,

As Friday 28th July comes to a close, there have been numerous security related news items this week. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: WikiLeaks drops another cache of ‘Vault7’ stolen tools
Date Published: 26/07/2017
URL: https://nakedsecurity.sophos.com/2017/07/26/wikileaks-drops-another-cache-of-vault7-stolen-tools/
Author: Taylor Armerding
Excerpt: “The WikiLeaks “Vault 7” almost-weekly drip-drip-drip of confidential information on the cybertools and tactics of the CIA continued last week.

The latest document dump is a trove from agency contractor Raytheon Blackbird Technologies for the so-called “UMBRAGE Component Library” (UCL) Project, which includes reports on five types of malware and their attack vectors.”

—–

Title: Joint international operation sees US citizen arrested for denial of service attacks on IT systems
Date Published: 28/07/2017
URL: https://www.afp.gov.au/news-media/media-releases/joint-international-operation-sees-us-citizen-arrested-denial-service
Author: AFP
Excerpt: “A two and a half year joint operation between the Australian Federal Police (AFP), Federal Bureau of Investigation (FBI) and Toronto Police Department has resulted in a 37-year-old Seattle man being arrested in connection with serious offences relating to distributed denial of service attacks on IT systems.”

—–

Title: Australia’s war on maths blessed with gong at Pwnie Awards
Date Published: 27/07/2017
URL: https://www.computerworld.com.au/article/625351/australia-war-maths-blessed-gong-pwnie-awards/
Author: Rohan Pearce
Excerpt: “Australia’s own Malcolm Turnbull has been recognised at the Pwnie Awards in Las Vegas, with the prime minister taking out the ‘Pwnie for Most Epic FAIL’.

The annual awards, staged at the BlackHat security conference, recognise security successes and failures.”

—–
Title: Flash Player death warrant signed by Adobe
Date Published: 27/07/2017
URL: http://technology.inquirer.net/65543/flash-player-death-warrant-signed-by-adobe
Author: INQUIRER.net
Excerpt: “Adobe is making a move to permanently terminate it’s Flash Player feature—which many believe should have been done a while back.

According to an Adobe press release, the end-of-life (EOL) of the multimedia software platform is already in the works, as they are working with various technology partners like Apple, Facebook, Google, Microsoft and Mozilla, to create a smooth transition into open web platform.”

—–
Title: Russian National And Bitcoin Exchange Charged In 21-Count Indictment For Operating Alleged International Money Laundering Scheme And Allegedly Laundering Funds From Hack Of Mt. Gox
Date Published: 26/07/2017
URL: https://www.justice.gov/usao-ndca/pr/russian-national-and-bitcoin-exchange-charged-21-count-indictment-operating-alleged
Author: Department of Justice
Excerpt: “SAN FRANCISCO – A grand jury in the Northern District of California has indicted a Russian national and an organization he allegedly operated, BTC-e, for operating an unlicensed money service business, money laundering, and related crimes.”

—–
Here are this week’s noteworthy security bulletins:

1) ESB-2017.1841 – [Cisco] Cisco IOS and IOS XE: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/50358

Cisco has released information about three vulnerabilities (CVE-2017-6665, CVE-2017-6664, CVE-2017-6663) that do not have any patches currently.

2) ASB-2017.0125 – [Win][UNIX/Linux] Joomla!: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/50350

Two vulnerabilities have been fixed in Joomla! core, the first is a fix to the CMS Installer itself and the second is a fix in the lack of proper filtering of potentially malicious HTML tags.

3) ESB-2017.1852 – ALERT [Cisco] Cisco Products: Access privileged data – Remote/unauthenticated
https://portal.auscert.org.au/bulletins/50402

Multiple Cisco Products are susceptible to an OSPF LSA Manipulation Vulnerability. This allows an attacker to take full control of the OSPF AS routing table.

AUSCERT in the Media:

Title: The Methodology of Improving Incident Response
URL: http://www.bankinfosecurity.com/methodology-improving-incident-response-a-10124
Author: Tom Field
Excerpt: “AUSCERT is one of the oldest CERT’s in the world, and Phil Cole says the independent organization is now laser-focused on helping enterprises across sectors to fundamentally improve their strategies and solutions for incident response.”
—-
Title: Is your company and customer data being sold on the darknet?
URL: https://www.cio.com.au/article/621699/your-company-customer-data-being-sold-darknet/
Author: George Nott
Excerpt: “Increasingly businesses are monitoring the darknet for clues that their company and customer data is being exposed. But it’s no easy task.

Last week, The Guardian reported that Australians’ Medicare numbers were being offered for sale on a darknet marketplace for the equivalent of $30 in Bitcoins each.”

Stay safe, stay patched and have a good weekend!

Ananda