AusCERT Week in Review for 6th October 2017 6 Oct 2017


AusCERT Week in Review
06 October 2017

Greetings,

As Friday 6th of October closes, the Equifax event highlights the need to have a patch management program in your organization.  In that patch management program it is important to ensure that the risks of not patching gets transferred as high up as possible and as soon as possible. So, should you not have a patch management program in place at this moment, next Monday may be a good time to set one up.  It may be better to point the finger at best practices and frameworks for patch management now, then have the finger pointed at your staff later.
 
The above reflection came out of one of the news articles that have capped off a solid week in bulletins, and we have included a few more articles of interest that have grabbed our attention. Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

Title:  Sole Equifax security worker at fault for failed patch, says former CEO
URL:    http://www.theregister.co.uk/2017/10/04/sole_security_worker_at_fault_for_equifax_fail_says_former_ceo/
Date:   October 4, 2017
Author: Simon Sharwood

Excerpt:
"Recently-and-forcibly-retired Equifax CEO Rick Smith has laid the blame for his credit-check biz's IT security breach on a single member of the company's security team."

-------

Title:  Equifax failed to patch security vulnerability in March -- testimony
URL:    https://www.reuters.com/article/equifax-breach/equifax-failed-to-patch-security-vulnerability-in-march-testimony-idUSL2N1MD0UQ
Date:   October 3, 2017
Author: David Shepardson

Excerpt:
"Equifax Inc failed to patch a software security vulnerability after being alerted in March by the U.S. Homeland Security Department to the issue that led to hackers obtaining personal information from over 140 million Americans, the company’s former chief executive will tell Congress in written testimony made public Monday. "

-------

Title:  Hey, IoT vendors. When a paediatric nurse tells you to fix security, you definitely screwed up
URL:    https://www.theregister.co.uk/2017/10/05/nurse_iot/
Date:   October 5, 2017
Author: John Leyden

Excerpt:
"...Jelena Milosevic, who developed an interest in cybersecurity over the last three years, told attendees that the healthcare sector needs to work with infosec experts and manufacturers to sort out the emerging problem of the security risk posed by internet-connected medical kit."

-------

Title:  So, Uh, That Billion-Account Yahoo Breach Was Actually 3 Billion
URL:   https://www.wired.com/story/yahoo-breach-three-billion-accounts/
Date:   October 3, 2017    
Author: Lily Hay Newman

Excerpt:
"When Yahoo disclosed in December that a billion (yes, billion) of its users' accounts had been compromised in an August 2013 breach, it came as a staggering revelation. Now, 10 months later, the company would like to make a correction: That incident actually exposed three billion accounts—every Yahoo account that existed at the time."

-------

Title:  Google's October Android patches have landed: There's a big fix for dnsmasq bug
URL:    http://www.zdnet.com/article/googles-october-android-patches-have-landed-theres-a-big-fix-for-dnsmasq-bug/
Date:   October 3, 2017
Author: Liam Tung

Excerpt:
"Google has published its October Android security bulletin and is rolling out the OTA update to Nexus and Pixel devices.

It's also introduced a new way of handling its security bulletins. As usual it's publishing a monthly Android security bulletin with details about a partial patch level and complete patch level, But it's now introduced a new 'Pixel/Nexus bulletin' that documents additional bugs fixed in these devices."

-------

Title:  Apple issues update to patch password vulnerabilities in High Sierra operating software
URL:    https://siliconangle.com/blog/2017/10/05/apple-releases-high-sierra-security-update-patch-password-vulnerabilities/
Date:   October 5, 2017
Author: Duncan Riley

Excerpt:
"Apple Inc. has issued a security update for macOS High Sierra that patches a severe vulnerability identified in September that allows unsigned apps to capture plain-text passwords from the Mac keychain.

The High Sierra 10.13 Supplemental Update actually fixes two security issues, the previously discovered security issue in the Mac keychain as well as a newly identified vulnerability that allows passwords to be accessed via the Apple File System, also known as APFS."


And lastly, here are this week's noteworthy security bulletins (in no particular order):

1.    ASB-2017.0156 - [Android] Google Nexus devices: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/53034

Google Nexus devices were patched for remote code execution, elevation of privileges and accessing information from phones.

2.    ESB-2017.2518 - [Appliance] Siemens 7KT PAC1200 Data Manager: Administrator compromise - Remote/unauthenticated
https://www.auscert.org.au/bulletins/53186
Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and perform administrative functions.

3.    ESB-2017.2523 - [Appliance] IBM Netezza Analytics: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/53206

OpenSSL and zlib were patched in the IBM Netezza Analytics product.

4.    ESB-2017.2521 - [Mac] Apple StorageKit and Apple Security: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/53198
A method existed for applications to bypass the keychain access prompt with a synthetic click as well as, if a hint was set in Disk Utility when creating an APFS
encrypted volume, the password was stored as the hint.

5.    ESB-2017.2520 - [Ubuntu] ruby: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/53194

ruby allowed remote unauthenticated attackers to execute arbitrary code, denial of service, overwrite arbitrary Files as well as access confidential data.


Wishing you the best from AusCERT and hope to see you next week.
Stay patched, stay safe.
Geoffroy


« Back to all blog entries