11 Jan 2019

Week in review

AUSCERT Week in Review for 11th January 2019

Greetings,

Judging by the traffic on the roads, most people have started working again! Welcome to 2019!
We hope that this week has not been too difficult for you all! Fortunately, apart from some interesting vulnerabilities in Microsoft’s patch Tuesday, most vulnerabilities were quite “un-interesting”.

Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Hacker Uses Australian Early Warning Network to Send Spam Alerts
Date Published: 7/1/2019
Author: Lawrence Abrams
Excerpt: “Over the weekend, a hacker gained unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company’s subscribers.

EWN is a service offered by Australian company Aeeris that allows Australian councils, or local governments, to send emergency alerts regarding extreme weather, fires, evacuation information, or incident responses.

The unauthorized alerts stated that “EWN has been hacked. Your personal data is not safe.” They then went on to tell recipients to email support@ewn.com.au to unsubscribe from the service.”
—–

Title: Aussie electoral systems get 24×7 monitoring for 2019 election
Date Published: 8/1/2019
Author: Justin Hendry
Excerpt: “Australia’s electoral systems will be actively monitored around the clock by a new security operations centre during the upcoming federal election.

The Australian Electoral Commission has put out the call for vendors capable of providing “short-term, event based security monitoring” of its internal systems in a bid to protect against unauthorised interference.”
—–

Title: A YubiKey for iOS Will Soon Free Your iPhone From Passwords
Date Published: 8/1/2019
Author: Brian Barrett
Excerpt: “Over the last several years, Yubico has become close to ubiquitous in the field of hardware authentication. Its YubiKey token can act as a second layer of security for your online accounts and can even let you skip out on using passwords altogether. The only problem? It’s been largely unusable on the iPhone. That’s going to change soon.”
—–

Title: Samsung Phone Users Perturbed to Find They Can’t Delete Facebook
Date Published: 8/1/2019
Author: Sarah Frier
Excerpt: “Nick Winke, a photographer in the Pacific northwest, was perusing internet forums when he came across a complaint that alarmed him: On certain Samsung Electronics Co. smartphones, users aren’t allowed to delete the Facebook app.”
—–

Title: New tool automates phishing attacks that bypass 2FA
Date Published: 9/1/2019
Author: Catalin Cimpanu
Excerpt: “A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA).

Named Modlishka –the English pronunciation of the Polish word for mantis– this new tool was created by Polish researcher Piotr Duszy?ski.”
—–

Title: SingHealth COI report made public: System vulnerabilities, staff lapses, skilled hackers led to cyberattack
Date Published: 10/1/2019
Author: Fann Sim
Excerpt: “A potent mix of pre-existing system vulnerabilities, staff lapses and extremely skilled hackers led to the cyberattack on SingHealth’s patient database last year, said a report from the Committee of Inquiry (COI) into the breach.”
[…] ““To sum up, considerable initiative was shown by officers on the front line … It is a shame that such initiative was then smothered by a blanket of middle management mistakes,” the report said.””

Here are this week’s noteworthy security bulletins:

1) ESB-2019.0072 – [Win][Apple iOS][Android][Mac] Adobe Digital Editions: Access confidential data – Remote with user interaction

An information disclosure vulnerability has been identified and resolved in Adobe Digital Editions.

2) ESB-2019.0073 – [Win][Linux] Adobe Connect: Access privileged data – Remote with user interaction

A session token exposure vulnerability has been identified and resolved in Adobe Connect

3) ASB-2019.0003.3 – UPDATE [Win] Microsoft Windows: Multiple vulnerabilities

27 Vulnerabilities have been identified in Microsoft Windows OS. One of the more interesting ones is a memory corruption vulnerability in the Windows DHCP client where a specially crafted DHCP response could run arbitrary code on the client machine.

Stay safe, stay patched and have a good weekend!

Ananda