5 Jul 2019

Week in review

AUSCERT Week in Review for 5th July 2019

AUSCERT Week in Review
05 July 2019

Greetings,

I hope you are all enjoying the holiday period, whether it be having a
break, less students/customers, or quieter roads.

This week we again saw a wide variety of vulnerabilities revealed and
patches released, including several root compromises and numerous remotely
exploitable issues.

Here are some of this week’s noteworthy security bulletins (in no particular
order):

Germany to publish standard on modern secure browsers

Author: Catalin Cimpanu
Date:   01-07-2019

Excerpt:

“Germany’s cyber-security agency is working on a set of minimum rules that
modern web browsers must comply with in order to be considered secure.
The new guidelines are currently being drafted by the German Federal
Office for Information Security (or the Bundesamt fur Sicherheit in der
Informationstechnik — BSI), and they’ll be used to advise government
agencies and companies from the private sector on what browsers are safe
to use.”

Morrison sells Australia’s terrorism video streaming plan to the G20

Author: Stilgherrian
Date:   01-07-2019

Excerpt:

Led by Australia, the G20 nations have urged online platforms to “meet our
citizens’ expectations” to prevent terrorist and violent extremism conducive
to terrorism (VECT) content from being streamed, uploaded, or re-uploaded.
“Platforms have an important responsibility to protect their users,”
read the Leaders’ Statement [PDF] issued in Osaka on Saturday.

Poison certs imperils GnuPG checking of Linux software

Author: Juha Saarinen
Date:   01-07-2019

Excerpt:

“An attack has been unleashed against the global synchronising keyserver
(SKS) network used by the popular OpenPGP encryption standard, with
developers saying there is currently no mitigations available and that
the problem is likely to get worse.”

China Is Forcing Tourists to Install Text-Stealing Malware at its Border

Author: Joseph Cox
Date:   03-07-2019

Excerpt:

“The malware downloads a tourist’s text messages, calendar entries,
and phone logs, as well as scans the device for over 70,000 different files.”

US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks

Author: Catalin Cimpanu
Date:   02-07-2019

Excerpt:

The idea is to use “retro” technology to isolate the grid’s most important
control systems, to limit the reach of a catastrophic outage.
“Specifically, it will examine ways to replace automated systems with
low-tech redundancies, like manual procedures controlled by human operators,”

YouTube mystery ban on hacking videos has content creators puzzled

Author: Thomas Claburn
Date:   03-07-2019

Excerpt:

It forbids: “Instructional hacking and phishing: Showing users how to
bypass secure computer systems or steal user credentials and personal data.”

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol

Author: Catalin Cimpanu
Date:   03-07-2019

Excerpt:

“The DoH (DNS) request is encrypted and invisible to third-party observers,
including cyber-security software that relies on passive DNS monitoring
to block requests to known malicious domains.”

Here are some of this week’s noteworthy security bulletins (in no particular
order):

1. ESB-2019.1280 – [Linux][OSX] Webkit: Multiple vulnerabilities
https://portal.auscert.org.au/bulletins/79038
“Processing maliciously crafted web content may lead to arbitrary code
execution.”

1. ESB-2019.2443 – [Appliance] Cisco IP Phone 7800 and 8800 Series: Denial
of service – Remote/unauthenticated
https://portal.auscert.org.au/bulletins/ESB-2019.2443/
“A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800
Series and 8800 Series could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition on an affected phone.”

2. ESB-2019.2433 – [Virtual] VMware Products: Denial of service –
Remote/unauthenticated
https://portal.auscert.org.au/bulletins/ESB-2019.2433/
“Several vulnerabilities in the Linux kernel implementation of TCP
Selective Acknowledgement (SACK) have been disclosed. These issues may
allow a malicious entity to execute a Denial of Service attack against
affected products.”

3. ESB-2019.2413 – [Appliance] F5 Products: Denial of service –
Remote/unauthenticated
https://portal.auscert.org.au/bulletins/ESB-2019.2413/
“An attacker may exhaust file descriptors available to the named process;
as a result, network connections and the management of log files or zone
journal files may be affected.”

4. ESB-2019.2370 – [Win][Mac] Symantec Endpoint Encryption: Increased
privileges – Existing account
https://portal.auscert.org.au/bulletins/ESB-2019.2370/
“Symantec Endpoint Encryption and Symantec Encryption Desktop may be
susceptible to a privilege escalation vulnerability”

5. ESB-2019.2474 – [FreeBSD] cd_ioctl: Root compromise – Existing account
https://portal.auscert.org.au/bulletins/ESB-2019.2474/
“A user in the operator group can make use of this interface to gain root
privileges on a system with a cd(4) device when some media is present in
the device.”

Stay safe, stay patched and have a great weekend,
Marcus.