4 Aug 2017

Week in review

AUSCERT Week in Review for 4th August 2017

Greetings,

As Friday 4th August comes to a close, there have been numerous security related news items this week. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: WannaCry hero arrested over banking malware
Date Published: 4/08/2017
URL: https://www.itnews.com.au/news/wannacry-hero-arrested-over-banking-malware-470090
Author: Juha Saarinen
Excerpt: “Marcus Hutchins, the security researcher credited for blunting the effect of the WannaCry ransomware attack in May this year, has been arrested in the United States.”
—–

Title: HBO Security Contractor: Hackers Stole ‘Thousands of Internal Documents’ (EXCLUSIVE)
Date Published: 2/08/2017
URL: http://variety.com/2017/digital/news/hbo-hack-thousands-of-documents-stolen-1202513573/
Author: Janko Roettgers
Excerpt: “The HBO hack may have been worse than the initial leaks of a few unaired TV show episodes suggested. A security company hired by HBO to scrub search results for the hacked files from search engines has told Google that the hackers stole “thousands of Home Box Office (HBO) internal company documents.””
—–

Title: Cryptocurrency community readies for Bitcoin Cash fork
Date Published: 31/07/2017
URL: https://www.itnews.com.au/news/cryptocurrency-community-readies-for-bitcoin-cash-fork-469732
Author: Juha Saarinen
Excerpt: “A new version of the Bitcoin cryptocurrency will be launched this Wednesday, in an effort to rectify the network capacity issues that have plagued the digital currency in recent months.”
—–

Title: SMBLoris – the new SMB flaw
Date Published: 30/07/2017
URL: https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/
Author: Renato Marinho
Excerpt: “While studying the infamous EternalBlue exploit about 2 months ago, researchers Sean Dillon (zerosum0x0) and Zach Harding (Aleph-Naught-) found a new flaw in the Server Message Block (SMB) protocol that could allow an adversary to interrupt the service by depleting the memory and CPU resources of the targeted machine on a Denial of Service (DoS) attack.”
—–

Title: How Netflix DDoS’d Itself To Help Protect the Entire Internet
Date Published: 28/07/2017
URL: https://www.wired.com/story/netflix-ddos-attack/
Author: Lily Hay Newman
Excerpt: “In June 2016, Netflix security engineer Scott Behrens ran a massive infrastructure test on the streaming system in front of dozens of coworkers. In the process, he brought the site down. But instead of panic or embarrassment, it was a moment of celebration. Behrens, working with cloud security engineer Jeremy Heffner and others, had successfully shown that Netflix was in fact vulnerable to an unorthodox type of distributed denial of service attack. And proving it worked was the first step toward preventing it in the future—not just for Netflix but for the entire internet.”
—–

Here are this week’s noteworthy security bulletins:

1) ESB-2017.1859 – ALERT [Win][UNIX/Linux] BIND: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/50434
BIND 9 version 9.9.10-P2,BIND 9 version 9.10.5-P2 and BIND 9 version 9.11.1-P2 have been released and these versions fix two vulnerabilities that allow to Attacker to circumvent TSIG authentication of AXFR and NOTIFY requests or forge a valid TSIG or signature for a dynamic update.

2) ESB-2017.1932.2 – UPDATED ALERT [Win] Siemens Molecular Imaging: Execute arbitrary code/commands – Remote/unauthenticated
https://portal.auscert.org.au/bulletins/50722
Siemens Molecular Imaging are vulnerable to multiple remote code unauthenticated exploits, exploit have been seen in the wild so please apply mitigations until Siemens produces patches!

3) ESB-2017.1926 – [Win][OSX] Prenotification Security Advisory for Adobe Acrobat and Reader
https://portal.auscert.org.au/bulletins/50702
Adobe have been keeping with the Microsoft patch Tuesday schedule for a couple of years now but this vulnerability must be pretty severe if they are doing a pre-notification of the out of band update! Get ready to patch your SOEs/MOEs at least twice next month!

Stay safe, stay patched and have a good weekend!

Ananda