31 May 2019

Week in review

AUSCERT Week in Review for 31st May 2019

Greetings,

As you may be aware, this week marked our 18th annual AUSCERT conference. It’s been another great week of talks, tutorials, events, meeting new people, and catching up with familiar faces. A big thank you to our membership team for another successful year – we get a behind-the-scenes view of just how much work they put in to make this all happen.

Another big thank you to everyone who came to join us, it makes all the hard work in the lead up worthwhile. If you couldn’t make it this year, we’re sorry to have missed you, but don’t worry – there’s always AUSCERT2020!

And not to detract from the celebrations, but just a friendly reminder to make sure your systems are patched against BlueKeep.

 

Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Almost one million Windows systems vulnerable to BlueKeep (CVE-2019-0708)
Date published: 28/05/2019
Author: ZDNet
Excerpt: “Nearly one million Windows PCs are vulnerable to BlueKeep, a vulnerability in the Remote Desktop Protocol (RDP) service impacting older versions of the Windows OS.

This number comes to put initial fears into context — that over seven million devices were in danger — although the danger remains present, as one million devices are still nothing to joke about.”

Unpatched Flaw Affects All Docker Versions, Exploits Ready 
Date published: 28/05/2019
Author: Bleeping Computer
Excerpt: “All versions of Docker are currently vulnerable to a race condition that could give an attacker both read and write access to any file on the host system. Proof-of-concept code has been released.

The flaw is similar to CVE-2018-15664 and it offers a window of opportunity for hackers to modify resource paths after resolution but before the assigned program starts operating on the resource. This is known as a time-to-check-time-to-use (TOCTOU) type of bug.”

How to protect your business against cyber crime
Date published: 28/05/2019
Author: In Daily
Excerpt: “The 2018/2019 BDO and AUSCERT Cyber Security Survey found data loss/theft of confidential information incidents rose by 78.68 per cent in 2018 compared to 2017. While this could be partially explained by the February 2018 introduction of mandatory reporting through the Notifiable Data Breaches (NDB) scheme, BDO Technology Advisory Partner Nick Kervin said cyber attacks continued to increase across the board and were changing in their form.”

Australian tech unicorn Canva suffers security breach
Date published: 24/05/2019
Author: ZDNet
Excerpt: “Canva, a Sydney-based startup that’s behind the eponymous graphic design service, was hacked earlier today, ZDNet has learned.

Data for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off ZDNet.

Responsible for the breach is a hacker going online as GnosticPlayers. The hacker is infamous. Since February this year, he/she/they has put up for sale on the dark web the data of 932 million users, which he stole from 44 companies from all over the world.”

 

Here are this week’s noteworthy security bulletins:

1) ESB-2019.1894.2 – sqlite3: Execute arbitrary code/commands – Remote/unauthenticated
https://portal.auscert.org.au/bulletins/ESB-2019.1894.2/

sqlite3 is vulnerable to a use-after-free remote execution via a crafted SQL statement.

2) ESB-2019.1941 – drupal plugins multiple security vulnerabilities
https://portal.auscert.org.au/bulletins/ESB-2019.1941/

A number of Drupal modules have updated to fix a swath of vulnerabilities.

3) ESB-2019.1905 – gnome-desktop: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/ESB-2019.1905/

GNOME has patched a vulnerability where maliciously crafted images could execute code when thumbnailed.

Stay safe, stay patched and have a good weekend!

Tim