29 Sep 2017

Week in review

AUSCERT Week in Review for 27th September 2017

AUSCERT Week in Review
29th September 2017

Greetings,

As Friday 29th of September comes to a close, the big news is

AUSCERT is hiring https://www.seek.com.au/job/34448215

Here is our summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Dark Web Drug Suspect Cuffed On Way to Beard Contest
URL: https://www.infosecurity-magazine.com/news/dark-web-drug-suspect-cuffed-beard/
Date: 28 September 2017
Author: Phil Muncaster
Excerpt:
“A suspected dark web drug kingpin has been arrested in the US on the way to a beard-growing contest, it has emerged.

Gal Vallerius, 38, was cuffed in Atlanta International Airport at the end of August en route from his home in France to the competition in Austin, Texas.

Searching his laptop, border officials apparently found hundreds of thousands of dollars in Bitcoin, a Tor browser, and PGP keys linked to an “OxyMonster”.

That name is used by an administrator and senior moderator on Dream Market: a typical darknet drugs marketplace.”

——-

Title: Mac High Sierra hijinks continue: Nasty apps can pull your passwords
URL: http://www.theregister.co.uk/2017/09/28/high_sierra_hijinks_continue_nasty_apps_can_pull_your_passwords/
Date: 28 September 2017
Author: Shaun Nichols
Excerpt:
“Apple still hasn’t been able to seal up keychain access hole for unsigned applications.
A security shortcoming in earlier versions of OS X has made its way into macOS High Sierra despite an expert’s best efforts to highlight the flaw.

Patrick Wardle, of infosec biz Synack, found that unsigned, and therefore untrustworthy, applications running on High Sierra, aka macOS 10.13, were able to quietly access sensitive information – including stored passwords and keys – without any notification to the user. Normally, apps, even signed trusted ones, trigger a prompt to appear on screen when touching the operating system’s Keychain database of saved passphrases and other secrets.”

——-

Title: Android unlock patterns are too easy to guess, stop using them
URL: https://nakedsecurity.sophos.com/2017/09/28/android-unlock-patterns-are-too-easy-to-guess-stop-using-them/
Date: 28 September 2017
Author: Lisa Vaas
Excerpt:
“Let’s start with some things we knew already: people are really bad at creating and remembering secure passwords and PINs.

We’re also bad at choosing and answering password recovery questions. Most of us can’t even cook up an unlock pattern for our Androids that’s not crazy easy to predict, be it by shoulder-surfing or the tell-tale streaks we leave with our greasy fingers.

Now, a new report (PDF) from security researchers at the US Naval Academy and the University of Maryland Baltimore County has quantified just how absurdly easy it is to do an over-the-shoulder glance that accurately susses out an Android unlock pattern.”

——-

Title: Deloitte Hit by Cyber-Attack Revealing Clients’ Secret Emails
URL: https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
Date: 25 September 2017
Author: Nick Hopkins
Excerpt:
“Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months. Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.”

——-

Title: US Plans to Collect Social Media Info From Permanent Residents, Naturalized Citizens
URL: https://www.bleepingcomputer.com/news/government/us-plans-to-collect-social-media-info-from-permanent-residents-naturalized-citizens/
Date: 26 September 2017
Author: Catalin Cimpanu
Excerpt:
“The US Department of Homeland Security (DHS) published documents on Monday that detail a plan for collecting extra information on all US immigrants, including not only permanent residents but also previously naturalized citizens. According to a notice of modification to the 1974 Privacy Act System of Records, the DHS wants to collect extra information such as “social media handles, aliases, associated identifiable information, and search results.” The data will be used to expand the DHS’ database on US immigrants with new information that would allow for easier tracking of immigrants, but also Americans who obtained official citizenship years or decades before.”

——-

And lastly, here are this week’s noteworthy security bulletins (in no particular order):

1. ESB-2017.2425 – [OSX] macOS: Multiple vulnerabilities

It’s time to patch your Mac! The most severe vulnerability addressed could allow a malicious application to execute arbitrary code with
system privileges.

2. ESB-2017.2436 – ALERT [Linux][RedHat] kernel: Root compromise – Existing account

This Linux PIE/stack corruption (CVE-2017-1000253) was an existing two-year-old bug in the Linux kernel. Qualys published a detailed analysis including demonstration of a proof-of-concept to exploit the vulnerability – https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

3. ESB-2017.2444 – ALERT [Cisco] Cisco IOS and IOS XE: Multiple vulnerabilities

Make plans to patch your Cisco network appliances. Many subsystems of IOS are impacted, of particular note is CVE-2017-12240.

4. ASB-2017.0155 – [Win][UNIX/Linux] Mozilla Firefox: Multiple vulnerabilities

Mozilla has rated the security vulnerabilities fixed in Firefox 56 as critical.

Wishing you the best from AUSCERT and stay safe,

Danny