AusCERT Week in Review for 8th December 2017 8 Dec 2017


AusCERT Week in Review
08 December 2017

Greetings,

Remember that the holiday season is the time we relax so don't get caught by someone trying to take advantage of this.

And the Call for Proposals for AusCERT 2018 is now open.
https://gems.eventsair.com/auscert2018-conference/presentation

Important Dates for submission
------------------------------
13 Nov 2017 - (Monday) - Call for Presentations submissions open
19 Jan 2018 - (Friday) - Call for Presentations submission deadline
19 Feb 2018 - (Monday) - Notifications from Program Committee

Conference Date
---------------
29 May 2018 - 01 Jun 2018 | AusCERT2018 Conference

As for more news, here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

-------------------------------------------------------------------------------

Title: Banking Apps Found Vulnerable to MITM Attacks issue
URL: https://threatpost.com/banking-apps-found-vulnerable-to-mitm-attacks/129105/
Date: December 07, 2017
Author: Tom Spring
Excerpt: "Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks"

-------------------------------------------------------------------------------

Title: Uber hacker is a 20 yr-old Florida man
URL: https://www.itnews.com.au/news/uber-hacker-is-a-20-yr-old-florida-man-479365 
Date: Decemeber 07, 2017
Author: Joseph Menn and Dustin Volz
Excerpt: "Paid to keep quiet in bug bounty. A 20-year-old Florida man was responsible for a massive data breach at Uber last year and was paid by Uber to destroy the data through a bug bounty program, three people familiar with the events have told Reuters."

-------------------------------------------------------------------------------

Title: Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin
URL: https://www.darkreading.com/cloud/bitcoin-miner-nicehash-hacked-possibly-losing-$62-million-in-bitcoin/d/d-id/1330585 
Date: Decemeber 07, 2017
Author: Dark Reading
Excerpt: "Slovenia-based bitcoin mining company NiceHash has temporarily halted its operations while it investigates a security breach and determines how many bitcoins were stolen, the company announced Wednesday."

-------------------------------------------------------------------------------

Title: The Cumulative Effect of Major Breaches: The Collective Risk of
Yahoo & Equifax
URL:
http://www.securityweek.com/cumulative-effect-major-breaches-collective-risk-yahoo-equifax 
Date: Decemeber 07, 2017
Author: Markus Jakobsson
Excerpt: "While there are no signs today of criminals consolidating and reselling data from different breaches, it is an obvious concern as the value-add of the packaging would be substantial."

-------------------------------------------------------------------------------

And lastly, here are this week's most noteworthy security bulletins:

1. ASB-2017.0210 - [Win][UNIX/Linux] Firefox: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/55934 

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content.
This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash.


2. ASB-2017.0209 - [Win][UNIX/Linux] Tenable Nessus: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/55930 

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to
contain vulnerabilities, and updated versions have been made available by the providers.


3. ESB-2017.3144 - [Win][UNIX/Linux][FreeBSD] OpenSSL: Access privileged data - Remote/unauthenticated
https://www.auscert.org.au/bulletins/55898 

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake.


4. ESB-2017.3117 - [SUSE] shibboleth-sp: Reduced security - Remote/unauthenticated
https://www.auscert.org.au/bulletins/55786


CVE-2017-16852: Fix critical security checks in the Dynamic MetadataProvider plugin in Shibboleth Service (bsc#1068689).

Wishing all the best from AusCERT and see you next week,

Peter


« Back to all blog entries