24 Jul 2020

Week in review

AUSCERT Week in Review for 24th July 2020

Greetings,

A slightly less hectic one this week.

A quick reminder to complete the 2020 AUSCERT Security Bulletins Survey, due by 5pm AEST Friday 7 August (if you haven’t already done so). We look forward to collating our member thoughts and feedback; thank you in advance for your time and support.

Thank you also to those members who attended our Malicious URL Feed webinar which took place on Wednesday 22 July; we trust that you benefitted from the session. The good news is, we will be hosting a couple more of these sessions on different topics:

And last but not least, in case you haven’t stumbled across this already, the Australian Government Department of Home Affairs have released their report on Australia’s 2020 Cyber Security Strategy. AUSCERT is very proud to have been involved in the consultation process through our parent organisation, The University of Queensland, late last year. The report included 60 recommendations to bolster Australia’s critical cyber defences which are structured around a framework with five key pillars: Deterrence, Prevention, Detection, Resilience and Investment – all aligned to our core values here at AUSCERT. “Cyber security has never been more important” – we hope you find this report useful.

Until next week, have a great weekend everyone!


New ‘Shadow Attack’ can replace content in digitally signed PDF files
Date: 2020-07-23
Author: ZDNet

[The researchers disclosed this in early March, Adobe released a patch in mid-May which we published as ESB-2020.1693, and the researchers have gone public this week with information proofs of concept. This raises the public profile of the vulnerability and increases the chance that it will be exploited; patch your PDF viewer applications!]
Fifteen out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents.
The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research published this week by academics from the Ruhr-University Bochum in Germany.
Companies should update their PDF viewer apps to make sure the PDF documents they sign can’t be tampered with via a Shadow Attack.

20,000+ new vulnerability reports predicted for 2020, shattering previous records
Date: 2020-07-22
Author: Help Net Security

Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new record, Skybox Security reveals.

Why the internet went haywire last week
Date: 2020-07-20
Author: ZDNET

It was another end of the work week; what could possibly go wrong?
Sure, Outlook had failed for a few hours earlier in the week and Twitter lost control of some big-name accounts, but surely nothing else could go awry? Right? Wrong.
Bad things come in threes. Starting on Friday afternoon, Cloudflare, the major content delivery network (CDN) and Domain Name System (DNS) service, had a major DNS failure, and tens of millions users found their internet services failing.


ESB-2020.2480 – [Win][Mac] Photoshop: Multiple vulnerabilities

Adobe’s patch day included arbitrary code execution upon opening a crafted file.

ESB-2020.2460 – [Win][UNIX/Linux] Python: Execute arbitrary code/commands – Remote with user interaction

Insecure linked library loading in the pliable language led to potential privilege escalation.

ESB-2020.2260.7 – UPDATED ALERT [Appliance] F5 Networks: Multiple vulnerabilities

F5’s fix for a critical unauthenticated RCE in their Traffic Manager User Interface has received a lot more information this week, including a warning that the Viprion B2250 Blade may have problems with the provided patch.

ESB-2020.2464 – [Win][UNIX/Linux] Moodle: Multiple vulnerabilities

Moodle released three advisories marked “serious” and one marked “minor”, including teachers for a course being able to assign themselves as a manager of that course and increase their own privileges.

ESB-2020.2541 – [Linux] QRadar Advisor: Access confidential data – Console/Physical

Just for a change of pace, here’s a simple one: IBM accidentally didn’t obscure the password field in a login form, so someone could read it over your shoulder. CVE-2020-4408.


Stay safe, stay patched and have a good weekend!

The AUSCERT team