27 Apr 2018

Week in review

AUSCERT Week in Review for 27th April 2018

AUSCERT Week in Review
27 April 2018

Greetings,

We have reached the end of another week, so I hope that you can all have
an enjoyable and relaxing weekend.
As always, there were numerous security vulnerabilities reported and
fixes released.
Of particular note (especially to us in the Education sector) were the
drupal issues (https://www.drupal.org/sa-core-2018-004).

Here’s a summary (including excerpts) of some of the more interesting
stories we’ve seen this week:

Title: Hackers Don’t Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours
Date Published: 25/04/2018
URL:  https://www.bleepingcomputer.com/news/security/hackers-dont-give-site-owners-time-to-patch-start-exploiting-new-drupal-flaw-within-hours/
Author: Catalin Cimpanu
Excerpt: “Five hours after the Drupal team published a security update
for the Drupal CMS, hackers have found a way to weaponize the patched
vulnerability, and are actively exploiting it in the wild.”
—–

Title: Australia joins NATO Cyber Defence Centre
Date Published: 24/04/2018
URL: https://www.itnews.com.au/news/australia-joins-nato-cyber-defence-centre-489536
Author: Juha Saarinen
Excerpt: “Australia will take part in the North Atlantic Treaty
Organisation’s cyber warfare centre in Tallinn, Estonia, in order to practice
how to defend critical infrastructure against attacks from hostile nations.”
—–

Title: Hotel, motel, Holiday Inn? Doesn’t matter – they may need to
update their room key software
Date Published: 25/04/2018
URL: https://www.theregister.co.uk/2018/04/25/hotel_room_key_security_flaw/
Author: Kat Hall
Excerpt: “Infosec outfit F-Secure has uncovered security vulnerabilities
in hotel keycard systems that can be exploited by miscreants to break into
rooms across the globe.”
—–

Title: Researchers Hacked Amazon’s Alexa to Spy On Users, Again
Date Published: 25/04/2018
URL: https://threatpost.com/researchers-hacked-amazons-alexa-to-spy-on-users-again/131401/
Author: Lindsey O’Donnell
Excerpt: “A malicious proof-of-concept Amazon Echo Skill shows how attackers
can abuse the Alexa virtual assistant to eavesdrop on consumers with smart
devices – and automatically transcribe every word said.”
—–

Title: Ransomware Hits HPE iLO Remote Management Interfaces
Date Published: 25/04/2018
URL: https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/
Author: Lawrence Abrams
Excerpt: “Attackers are targeting Internet accessible HPE iLO 4 remote
management interfaces, supposedly encrypting the hard drives, and then
demanding Bitcoins to get access to the data again.”
—–

Here are this week’s noteworthy security bulletins:

1) ESB-2018.1279.2 – UPDATED ALERT [Win][UNIX/Linux] Drupal core: Execute
arbitrary code/commands – Existing account
https://portal.auscert.org.au/bulletins/61918

As expected, this vulnerability was being exploited in the wild within
hours of release so needed quick remediation.

2) ESB-2018.1285 – [Apple iOS] iOS: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/61942

Included some RCE vulnerabilities.

3) ESB-2018.1281 – [RedHat] kernel: Root compromise – Existing account
https://portal.auscert.org.au/bulletins/61922

Another linux kernel root compromise

4) ESB-2018.1257 – [RedHat] patch: Execute arbitrary code/commands –
Remote with user interaction
https://portal.auscert.org.au/bulletins/61830

“Malicious patch files cause ed to execute arbitrary commands”

5) ESB-2018.1252 – [RedHat] java-1.8.0-oracle: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/61810

There were also numerous fixes released for java 1.6, 1.7 and 1.8 in
RHEL-based systems

Stay safe, stay patched and have a good weekend!

Marcus.