1 Dec 2017

Week in review

AUSCERT Week in Review for 1st December 2017

AUSCERT Week in Review

01 December 2017

 

Greetings,

 

Headline news this week was the flaw in Apple High Sierra that allows login with the user root and a blank password.

And the Call for Proposals for AUSCERT 2018 is now open.

As for more news, here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

 

——————————————————————————-

 

Title:   Apple releases update to fix critical macOS High Sierra security issue

URL:

https://www.theverge.com/2017/11/29/16715246/apple-releases-high-sierra-root-security-patch

Date:    November 29, 2017

Author:  Chris Welch

 Excerpt:

“Apple has just rolled out a security update for macOS High Sierra that fixes the major flaw that was publicly disclosed yesterday. A support page for the patch, Security Update 2017–001, confirms that it addresses the vulnerability that allowed admin access to a Mac computer without providing any password. The update breaks file sharing for some users, but Apple has released a fix for that as well.”

 

——————————————————————————-

 

Title:   Cryptocurrency Mining Scripts Now Run Even After You Close

Your Browser

URL:

https://thehackernews.com/2017/11/cryptocurrency-mining-javascript.html

Date:    November 29, 2017

Author:  Swati Khandelwal

 

Excerpt:

“Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser.

Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies.”

 

——————————————————————————-

 

Title:   Cisco Patches Critical Playback Bugs In Webex Players

URL:

https://threatpost.com/cisco-patches-critical-playback-bugs-in-webex-players/129057/

Date:    November 30, 2017

Author:  Tom Spring

Excerpt:

“Cisco Systems issued a Critical alert on Wednesday warning of multiple vulnerabilities in its popular WebEx player. Six bugs were listed in the security advisory, each of them relating to holes in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

 

“A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file,” according to Cisco.”

 

——————————————————————————-

 

Title:   Classified Pentagon data leaked on the public cloud

URL:

http://www.bbc.com/news/technology-42166004?intlink_from_url=http://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-story

Date:    November 29, 2017

Author:  Technology

Excerpt:

“Classified Pentagon data was mistakenly left exposed on an unsecured public cloud server, cyber-security researchers have discovered.

The 100GB of data is from a failed joint intelligence-sharing programme run by the US Army and National Security Agency in 2013.

The information was left on an unlisted but public Amazon Web Services storage server.

It is likely to have been accessible to anyone on the internet for years.”

 

——————————————————————————-

 

And lastly, here are this week’s most noteworthy security bulletins:

 

  1. ASB-2017.0206 – [Win][UNIX/Linux] WordPress: Execute arbitrary code/commands – Existing account

30 November 2017

https://portal.auscert.org.au/bulletins/55550

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack.

 

 

  1. ASB-2017.0205 – ALERT [OSX] Apple High Sierra : Root compromise – Console/physical

29 November 2017

http://www.auscert.org.au/55378

 Today, a security researcher twitted about a dangerous behaviour he found in the Apple High Sierra operating system: It is possible to get administrator rights (the “root” account on UNIX) by connecting without a password.

  

  1. ASB-2017.0204 – [Win][UNIX/Linux] Thunderbird: Multiple vulnerabilities

27 November 2017

http://www.auscert.org.au/55322

 Security vulnerabilities fixed in Thunderbird 52.5

A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations.

 

 

  1. ESB-2017.3057 – [Cisco] Cisco WebEx Meeting Center: Unauthorised access – Remote with user interaction

30 November 2017

http://www.auscert.org.au/55538

 A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts.

  

Wishing all the best from AUSCERT and see you next week,

 

Cheers,

Peter