11 Aug 2017

Week in review

AUSCERT Week in Review for 11th August 2017


As Friday 11th August comes to a close, we have seen another busy week of security updates. AUSCERT published its 2000th ESB bulletin for the year today – an average of nearly 9 each day since the year began! Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Attackers Use Typo-Squatting To Steal npm Credentials
Date Published: 4/08/2017
URL: https://threatpost.com/attackers-use-typo-squatting-to-steal-npm-credentials/127235/
Author: Tom Spring
Excerpt: “Hackers seeking developer credentials used typo-squatting to spread malicious code via libraries hosted at the online repository npm. In all,
40 npm packages were found malicious and removed from the Node.js package management registry, according to npm.”


Title: Aussie domain registrars sued over alleged fake invoice scam
Date Published: 11/08/2017
URL: https://www.itnews.com.au/news/aussie-domain-registrars-sued-over-alleged-fake-invoice-scam-470631
Author: Allie Coyne
Excerpt: “Two Australian domain name registration companies are being taken to court by the competition watchdog for an alleged fake invoice scam that reaped $2.3 million from their customers.”

Title: Blood Service escapes penalties in data breach investigation
Date Published: 07/08/2017
URL: https://www.itnews.com.au/news/blood-service-escapes-penalties-in-data-breach-investigation-470264
Author: Allie Coyne
Excerpt: “The Australian Red Cross Blood Service and its website contractor have escaped penalties from the country’s privacy watchdog over a 2016 data breach that exposed the data of 550,000 donors.”


Title: VPN Provider Accused of Sharing Customer Traffic With Online Advertisers
Date Published: 08/08/2017
URL: https://www.bleepingcomputer.com/news/technology/vpn-provider-accused-of-sharing-customer-traffic-with-online-advertisers/
Author: Catalin Cimpanu
Excerpt: “In a 14-page complaint, the CDT accuses AnchorFree — the company behind the Hotspot Shield VPN — of breaking promises it made to its users by sharing their private web traffic with online advertisers for the purpose of improving the ads shown to its users.”


Here are this week’s noteworthy security bulletins:

1) ESB-2017.1987 – [Linux][Debian][OSX] git: Execute arbitrary code/commands — Remote with user interaction
A newly-discovered vulnerability in git can cause users to execute shell commands by cloning a malicious repo, by making use of ssh:// URLs.
2) ESB-2017.1978 – [Win][OSX] Adobe: Multiple vulnerabilities
The latest round of Adobe patches fix various security vulnerabilities in Adobe Reader, including remote code execution and denial of service.

3) ASB-2017.0134 – [Win][UNIX/Linux] Mozilla Firefox and Mozilla Firefox ESR: Multiple vulnerabilities
A new update for Mozilla Firefox fixes several significant security issues.

Stay safe, stay patched and have a good weekend!
