12 Apr 2019

Week in review

AUSCERT Week in Review for 12th April 2019

With less than 2 months to go until the AUSCERT 2019 conference, we hope you
have your tickets ready! Our Early Bird rate and Member Tokens expire this
Sunday, so please send off those applications as soon as possible.

You can purchase tickets and redeem tokens here:
https://gems.eventsair.com/auscert2019/register/

We’re looking forward to seeing you all at the Marriot in May!

Here’s a summary (including excerpts) of some of the more interesting
stories we’ve seen this week:

Title: ASD confirms data stolen in Parliament IT breach
Date Published: 10 April 2019
Author: Justin Hendry
Excerpt:

“Australian Signals Directorate chief Mike Burgess has confirmed data was
stolen by a state-sponsored actor during February’s malicious attack
against Parliament House.
In what appears to be the first public admission of the data exfiltration,
Burgess told senate estimates last week that a limited amount of
non-confidential data had made its way into the hands of attackers.
It was revealed during the agency’s damage assessment of the security
breach, which has now been wrapped up and handed to government for
consideration.”
—–

Title: Largest Leak in History: Email Data Breach Exposes Over Two Billion Personal Records
Date Published: 8 April 2019
Author: Scott Ikeda
Excerpt:

“The size and scope of data breaches continues to grow. The new world
record has been set by email marketing service Verifications.io, thanks
to some unsecured public-facing databases containing what appears to be
just about all of their customer information. Passwords were not exposed
in the email data breach, but quite a bit of personal information useful
for identity theft and scamming was.”
—–

Title: WikiLeaks founder Julian Assange arrested by police
Date Published: 11 April 2019
Author: ITnews Staff Writers
Excerpt:

“Police said they arrested Assange after being “invited into the embassy
by the Ambassador, following the Ecuadorean government’s withdrawal
of asylum.”
Assange took refuge in Ecuador’s London embassy in 2012 to avoid being
extradited to Sweden, where authorities wanted to question him as part of
a sexual assault investigation.
That probe was later dropped, but Assange fears he could be extradited
to face charges in the United States, where federal prosecutors are
investigating WikiLeaks.”
—–

Here are this week’s noteworthy security bulletins:

1) ESB-2019.1237 – [Win][UNIX/Linux][Ubuntu] wpa_supplicant and hostapd:
Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/ESB-2019.1237

Several vulnerabilities have been found in wpa, a widely-used wifi
authentication utility.

2) ESB-2019.1200 – [Win][UNIX/Linux][SUSE] sqlite3: Execute arbitrary
code/commands – Existing account
https://portal.auscert.org.au/bulletins/ESB-2019.1200

A plugin in sqlite3 could be exploited to achieve remote code execution.

3) ESB-2019.1163 – [Win][UNIX/Linux][SUSE] Salt: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/ESB-2019.1163

Salt, a popular configuration management software, could be exploited
to achieve remote code execution.

 

Stay safe, stay patched and have a good weekend!

Anthony