13 Oct 2017

Week in review

AUSCERT Week in Review for 13th October 2017

AUSCERT Week in Review
13 October 2017

Greetings,

As Friday 13th of October closes, all eyes are in Kaspersky and how it
will manage?

The above reflection came out of one of the news articles that have capped
off a solid week in bulletins, and we have included a few more articles
of interest that have grabbed our attention. Here’s a summary (including
excerpts) of some of the more interesting stories we’ve seen this week:

Title: Kaspersky Lab and the AV Security Hole
URL:
https://www.darkreading.com/attacks-breaches/kaspersky-lab-and-the-av-security-hole/d/d-id/1330116
Date: 10 October 2017
Author: Jai Vijayan

Excerpt: “It’s unclear what happened in the reported theft of NSA data by
Russian spies, but an attacker would need little help to steal if he or
she had privileged access to an AV vendor’s network, security experts say.”

——-

Title: Microsoft Patches Office Bug Actively Being Exploited
URL:
https://threatpost.com/microsoft-patches-office-bug-actively-being-exploited/128367/
Date: 10 October 2017
Author: Tom Spring

Excerpt: “Security experts are urging network administrators to patch a
Microsoft Office vulnerability that has been exploited in the wild.”

——-

Title: Dumb bug of the week: Outlook staples your encrypted emails to,
er, plaintext copies when sending messages
URL: https://www.theregister.co.uk/2017/10/11/outlook_smime_bug/
Date: 11 October 2017
Author: Iain Thomson

Excerpt: “Attention anyone using Microsoft Outlook to encrypt
emails. Researchers at security outfit SEC Consult have found a bug in
Redmond’s software that causes encrypted messages to be sent out with
their unencrypted versions attached.”

——-

Title: Equifax Website Caught Serving Malicious Ads to Visitors
URL:
https://www.forbes.com/sites/leemathews/2017/10/12/equifax-website-caught-serving-malicious-ads-to-visitors/
Date: 12 October 2017
Author: Lee Mathews

Excerpt: “It’s been just over a month since Equifax went public with
news of a massive server breach that affected roughly half of the adult
population of the United States and thousands more consumers in Canada and
the U.K. Now, a security researcher has spotted an ad campaign spreading
malware from the company’s website.”

——-

Title: Accentuate the negative: Accenture exposes data related to its
enterprise cloud platform
URL:
https://www.scmagazine.com/accentuate-the-negative-accenture-exposes-data-related-to-its-enterprise-cloud-platform/article/699636/

Date: 11 October 2017
Author: Bradley Barth

Excerpt: “Yet another company has mistakenly exposed its sensitive
internal information after storing data on misconfigured cloud-based
servers from Amazon Web Services. The culprit in this case – the $32.9
billion consulting and professional services company Accenture – was
found to be insecurely storing data that, ironically, has to do with its
own cloud-based enterprise solution, the Accenture Cloud Platform.”

——-

Title: Office 365 Adoption Picks Up Pace Amid Security Concerns
URL:
https://www.infosecurity-magazine.com/news/office-265-adoption-picks-up-pace/
Date: 12 October 2017
Author: Tara Seals

Excerpt: “Adoption rates for Microsoft’s cloud-based, hosted productivity
suite, Office 365, have increased significantly in the past 12 months;
however, security concerns remain a barrier to adoption.”

 

And lastly, here are this week’s noteworthy security bulletins (in no
particular order):

1. ASB-2017.0161 – ALERT [Win] Microsoft Windows: Multiple
vulnerabilities
https://portal.auscert.org.au/bulletins/53282

Plenty to patch this Microsoft patch Tuesday.

2. ASB-2017.0159 – ALERT [Win] Microsoft Office: Multiple
vulnerabilities
https://portal.auscert.org.au/bulletins/53274

MS Office and there is a exploit out now.

3. ESB-2017.2561 – [Debian] wordpress: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/53382

WordPress has vulnerabilities, that is a lot of websites.

4. ESB-2017.2562 – [RedHat] thunderbird: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/53386

Thunderbirds are go!

5. ESB-2017.2591 – [SUSE] git: Execute arbitrary code/commands –
Existing account
https://portal.auscert.org.au/bulletins/53498

Should I git onto patching this?

Wishing you the best from AUSCERT and hope to see you next week.
Stay patched, stay safe.
Peter