20 Oct 2017

Week in review

AUSCERT Week in Review for 20th October 2017

AUSCERT Week in Review
20 October 2017

Greetings,

What a week for Information Security! With the new vulnerabilities revealed
in WPA2 and the Infineon RSA algorithm, can we be certain that anything
is truly secure any more? All eyes are on vendors and their responses to
these potentially catastrophic security flaws. As we go forward, putting
more of our trust and confidential data into computers, being able to
respond to new vulnerabilities in a timely fashion is critical.

Here’s a summary (including excerpts) of some of the more interesting
stories we’ve seen this week:

Title: Millions of high-security crypto keys crippled by newly discovered flaw
URL: https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
Date: 16th October, 2017
Author: Dan Goodin
Excerpt: “A crippling flaw in a widely used code library has fatally
undermined the security of millions of encryption keys used in some of
the highest-stakes settings, including national identity cards, software-
and application-signing, and trusted platform modules protecting government
and corporate computers.”



Title: Necurs Botnet malspam pushes Locky using DDE attack
URL: https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/
Date: 19th October, 2017
Author: Brad Duncan
Excerpt: “I’ve seen Twitter traffic today about malspam from the Necurs
Botnet pushing Locky ransomware using Word documents as their attachments.
These Word documents use the DDE attack technique, something I already
wrote about in a previous diary covering Hancitor malspam on 2017-10-16.”



Title: Adobe rushes out fix for exploited Flash bug
URL: https://www.itnews.com.au/news/adobe-rushes-out-fix-for-exploited-flash-bug-475535
Date: 17th October, 2017
Author: Staff Writer
Excerpt: “The patch came after Kaspersky Lab said a group it was tracking,
BlackOasis, used the previously unknown weakness on October 10 to plant
FinSpy or FinFisher malware on computers before connecting them back to
servers in Switzerland, Bulgaria and the Netherlands.”



Title: ACORN received almost 48k cyber-related reports in 2016-17
URL: http://www.zdnet.com/article/acorn-received-almost-48k-cyber-related-reports-in-2016-17/
Date: 20th October, 2017
Author: Asha McLean
Excerpt: “As revealed in the Connect Discover Understand Respond 2016-17
Annual Report from the Australian Criminal Intelligence Commission (ACIC),
scams and online fraud were the highest reported incidents to ACORN,
accounting for 51 percent of the 47,873 total.”



Title: Australian government details Govpass digital ID
URL: http://www.zdnet.com/article/australian-government-details-govpass-digital-id/
Date: 17th October, 2017
Author: Asha McLean
Excerpt: “The federal government has detailed what its digital identification
solution will look like, outlining how citizens can apply for an optional
Govpass in a video posted on YouTube.”


And lastly, here are this week’s noteworthy security bulletins (in no
particular order):


ESB-2017.2607 – ALERT [Appliance] Infineon RSA: Access privileged data – Remote/unauthenticated
https://portal.auscert.org.au/bulletins/53570

A flaw in the Infineon RSA algorithm could result in keys that are
factorisable in months instead of centuries.



ESB-2017.2602 – ALERT [Win][Linux][OSX] Adobe Flash Player: Execute arbitrary code/commands – Remote with user interaction
https://portal.auscert.org.au/bulletins/53546

A newly-disclosed vulnerability in Adobe Flash affects all versions of
the software, and has already been seen in the wild.



ESB-2017.2599 – ALERT [Win][UNIX/Linux][Appliance][Mobile] Wi-Fi Protected Access II (WPA2) devices: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/53534

A flaw discovered in the WPA protocol itself could affect billions of
people, as the encryption protocol is used ubiquitously around the globe
for WiFi networks.

 

Wishing you the best from AUSCERT and hope to see you next week.
Stay patched, stay safe.
Anthony