9 Mar 2018

Week in review

AUSCERT Week in Review for 9th March 2018


As Friday draws to a close, here are some of the more interesting Infosec
stories we’ve seen this week:

Title: Kali Linux for WSL now available in the Windows Store
Date Published: Mar 05 2018
URL: https://blogs.msdn.microsoft.com/commandline/2018/03/05/kali-linux-for-wsl/
Author: Tara Raj
Excerpt: “Our community expressed great interest in bringing Kali Linux
to WSL in response to a blog post on Kali Linux on WSL. We are happy to
officially introduce Kali Linux on WSL.”


Title: Vulnerability Affects Half of the Internet’s Email Servers
Date Published: March 06 2018
URL: https://www.bleepingcomputer.com/news/security/vulnerability-affects-half-of-the-internets-email-servers/
Author: Catalin Cimpanu
Excerpt: “A critical vulnerability affects hundreds of thousands of email
servers. A fix has been released but this flaw affects more than half of
the Internet’s email servers, and patching the issue will take weeks if
not months.”


Title: BoM IT staffers questioned by police over cryptocurrency mining
Date Published: March 08 2018
URL: https://www.itnews.com.au/news/bom-it-staffers-questioned-by-police-over-cryptocurrency-mining-486546
Author: Allie Coyne
Excerpt: “Two IT workers within the Bureau of Meteorology have been
questioned by police over the alleged use of the agency’s IT infrastructure
to mine cryptocurrencies. AFP officers raided the bureau’s Melbourne
headquarters last Wednesday, as first reported by the ABC, and spoke with
two of the agency’s IT workers.”


Title: APRA to give banks stricter cyber security rules
Date Published: Mar 07 2018
URL: https://www.itnews.com.au/news/apra-to-give-banks-stricter-cyber-security-rules-486477
Author: Allie Coyne
Excerpt: “the Australian Prudential Regulation Authority (APRA) now wants
to create a dedicated prudential standard for cyber security to ensure
financial services firms are keeping their systems secure against the
latest trends in attack.”


Here are this week’s noteworthy security bulletins:

1) ESB-2018.0620 – [Debian] simplesamlphp: Multiple vulnerabilities
Several vulnerabilities have been discovered in SimpleSAMLphp, a
framework for authentication, primarily via the SAML protocol.

2) ESB-2018.0681 – ALERT [Virtual][Cisco] Cisco Prime Collaboration: Root compromise – Remote/unauthenticated
A hardcoded password in Cisco Prime Collaboration could allow attackers to
access the underlying Linux operating system.

3) ESB-2018.0679 – [UNIX/Linux][FreeBSD] ntp: Multiple vulnerabilities
Various vulnerabilities in the ntp suite of programs can allow hackers to
affect the system clocks of hosts using these programs.

Stay safe, stay patched and have a good weekend!