25 Aug 2017

Week in review

AUSCERT Week in Review for 18th August 2017

Greetings,

As Friday 18th August comes to a close, we have seen another busy week of security updates. Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Botched Firmware Update Bricks Hundreds of Smart Door Locks
Date Published: 12/08/17
URL: https://www.bleepingcomputer.com/news/hardware/botched-firmware-update-bricks-hundreds-of-smart-door-locks/
Author: Catalin Cimpanu
Excerpt: “On Tuesday, August 8, smart locks manufacturer LockState botched an over-the-air firmware update for its WiFi enabled smart locks, causing the devices to lose connectivity to the vendor’s servers and the ability to o
pen doors for its users.”
—–

Title: Seven More Chrome Extensions Compromised
Date Published: 15/08/17
URL: https://threatpost.com/seven-more-chrome-extensions-compromised/127458/
Author: Tom Spring
Excerpt: “The number of compromised Chrome browser extensions is growing beyond the initial Aug. 1 hijacking of the OCR add-on called Copyfish. Added to list are seven additional legitimate Chrome Extensions that attackers too
k over and used to manipulate internet traffic and web-based ads, according to researchers at Proofpoint.”
—–

Title: Maersk Shipping Reports $300M Loss Stemming from NotPetya Attack
Date Published: 16/08/17
URL: https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/
Author: Michael Mimoso
Excerpt: “Maersk was just one of hundreds of companies impacted around the world by NotPetya, also known as ExPetr. The wiper attack was disguised as ransomware, and like WannaCry before it, was spread via the leaked NSA Etern
alBlue exploit along with a few other distribution vectors, including a watering hole attack.”
—–

Title: LambdaLocker ransomware victim? Now you can decrypt your files for free
Date Published: 17/08/17
URL: http://www.zdnet.com/article/lambdalocker-ransomware-victim-now-you-can-decrypt-your-files-for-free/
Author: Danny Palmer
Excerpt: “No More Ransom recently celebrated its one-year anniversary, and now offers over 50 decryption tools for use against more than 100 ransomware families.”
—–

Title: Biohackers Encoded Malware in a Strand of DNA
Date Published: 08/08/17
URL: https://www.wired.com/story/malware-dna-hack/
Author: Andy Greenberg
Excerpt: “In new research they plan to present at the USENIX Security conference on Thursday, a group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious softwar
e into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer.”

—–

Here are this week’s noteworthy security bulletins:

1) ESB-2017.2048 – [Win][UNIX/Linux] Drupal Core: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/51222
The latest release of Drupal Core fixes some vulnerabilities that could allow attackers to bypass access restrictions.

2) ESB-2017.2032 – [Ubuntu] postgresql: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/51158
New vulnerabilities in the authentication modules of postgresql could allow attackers to access users’ passwords, or log in with an empty password.

3) ESB-2017.2010 – [Linux][Debian] iortcw: Execute arbitrary code/commands – Remote/unauthenticated
https://portal.auscert.org.au/bulletins/51070
The Quake 3 engine, despite being 18 years old now, still has bugs present.

 

Stay safe and have a great weekend.

Anthony