AusCERT Week in Review for 21st December 2012

Date: 21 December 2012 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=16756 Greetings! On this final Friday before the holiday season, AusCERT has a number of announcements: 1) There will be an outage of AusCERT's systems on Saturday December 22nd between 10am and 2pm AEST whilst upgrades are completed. This will not include the AusCERT Certificate Service or the operation of the ARM Service; these will remain operational during the outage. However the ARM management console, AusCERT's web site and email will be unavailable. Please ensure you've obtained a copy of the AusCERT Member Hotline telephone number prior to the outage from the following web page: https://www.auscert.org.au/5141 2) AusCERT will be closed to regular business for the duration of the Christmas to New Year holiday period (Dec 22 - Jan 1, inclusive). If emergency incident response assistance is sought during this period, please call the AusCERT member-only hotline referred to above. 3) The AusCERT Quarterly Trend Report for October to December 2012 is now available for members to download at the following link: https://www.auscert.org.au/16753 Moving on now to some current affairs, we are still receiving reports of ransomware cases - including the "screen locker" type that can often be relatively easily recovered from. As an IT professional, it's possible at some point you will be called upon to assist an unfortunate relative, friend or colleague after their system has been held to ransom. You could take the proactive route and become that boring aunt or uncle at Christmas parties that only ever talks about work, and try and get your message across regarding "prevention is better than cure", or if this fails you may find our blog and PCrisk.com's site useful. ABC's 7:30 Report also ran a story on ransomware targeting Australian businesses, featuring AusCERT's General Manager, Graham Ingram. In other news, bring-your-own-device security took another step forward when Google recently announced the concept of private Android app stores. Primarily intended for companies to control distribution of their internal apps, this concept also removes the need to enable the "allow third party apps" setting on devices. This will in turn reduce the likelihood that a user may download malware onto their device. This week's bulletins included the following mixed bag: 1) ESB-2012.1198 - [Win][UNIX/Linux][Debian] tiff: Execute arbitrary code/commands - Remote with user interaction The tiff image processing library is relatively widespread and now features an execution of arbitrary code vulnerability unless upgraded to the latest version. 2) ASB-2012.0177 - ALERT [Win][UNIX/Linux] TWiki: Multiple vulnerabilities The open source TWiki enterprise wiki software package is vulnerable to a number of vulnerabilities, including execution of arbitrary code and denial of service from remote, unauthenticated users. Be sure to consider the mitigation strategies provided by the vendor. 3) ESB-2012.1216 - ALERT [UNIX] IBM HTTP Server: Execute arbitrary code/commands - Remote/unauthenticated IBM's HTTP server for z/OS is vulnerable to remote execution of arbitrary code. A patch is available from IBM to remediate. Finally, the entire AusCERT team would like to thank you for your support during 2012. We're eagerly looking forward to 2013, so stay tuned for developments on the AusCERT 2013 Conference! That's all for now so please have a great holiday and stay safe! Regards, Mike.