AusCERT Week in Review for 4th May 2018

AusCERT Week in Review for 4th May 2018

AusCERT Week in Review
04 May 2018

Greetings,

Happy Friday all.
Plenty of patches and some interesting security stories again this week.

Here’s a summary (including excerpts) of some of the more interesting
stories we’ve seen this week:

Title: Twitter to All Users: Change Your Password Now!
Date Published: 03-05-2018
URL: https://krebsonsecurity.com/2018/05/twitter-to-all-users-change-your-password-now/
Author: Brian Krebs
Excerpt:
“Twitter just asked all 300+ million users to reset their passwords, citing
the exposure of user passwords via a bug that stored passwords in plain text”

—–

Title: Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package
Date Published: 03-05-2018
URL: https://www.bleepingcomputer.com/news/security/somebody-tried-to-hide-a-backdoor-in-a-popular-javascript-npm-package/
Author: Catalin Cimpanu
Excerpt:
“The Node Package Manager (npm) team avoided a disaster today when it
discovered and blocked the distribution of a cleverly hidden backdoor
mechanism”

—–

Title: Australia’s Biggest Bank Loses 20 Million Customer Records
Date Published: 03-05-2018
URL: https://www.securityweek.com/australias-biggest-bank-loses-20-million-customer-records
Author: AFP
Excerpt:
“Australia’s troubled Commonwealth Bank admitted Thursday it had lost
financial records for almost 20 million customers in a major security
blunder — but insisted there was no need to worry.”

—–

Title: DDoS Attacks Go Down 60% Across Europe Following WebStresser’s Takedown
Date Published: 02-05-2018
URL: https://www.bleepingcomputer.com/news/security/ddos-attacks-go-down-60-percent-across-europe-following-webstressers-takedown/
Author: Catalin Cimpanu
Excerpt:
“Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across
Europe following the takedown of WebStresser, the largest DDoS-for-hire
portal on the market.”

—–

Title: Fancy Bear abuses LoJack security software in targeted attacks
Date Published: 03-05-2018
URL: https://securityaffairs.co/wordpress/72072/apt/fancy-bear-abuses-lojack.html
Author: Pierluigi Paganini
Excerpt:
“Recently, several LoJack agents were found to be connecting to servers
that are believed to be controlled by the notorious Russia-linked Fancy
Bear APT group”

—–

Here are this week’s noteworthy security bulletins:

1) ESB-2018.1312 – ALERT [RedHat] Red Hat: Root compromise – Existing account

https://www.auscert.org.au/bulletins/62054

Red Hat released updates for Openshift Container Platforms versions 3.1,
3.2 … 3.9 which had root compromise vulnerabilities.

2) ESB-2018.1381 – [Win] Philips Brilliance Computed Tomography (CT)
System: Multiple vulnerabilities

https://www.auscert.org.au/bulletins/62326

From the ICS-CERT’s advisory: “Successful exploitation of these
vulnerabilities may allow an attacker to attain elevated privileges
and access unauthorized system resources, including access to execute
software or to view/update files including patient health information
(PHI), directories, or system configuration.”

3) ESB-2018.1294 – [Mac] Safari: Execute arbitrary code/commands – Remote
with user interaction

https://www.auscert.org.au/bulletins/61978

Vulnerabilities in Webkit affected Safari in various Apple products.

4) ESB-2018.1363 – [Win][UNIX/Linux][Debian] jackson-databind: Execute
arbitrary code/commands – Remote/unauthenticated

https://www.auscert.org.au/bulletins/62258

Jackson-databind is a widely used Java library for parsing JSON and othe
data formats, so this issue could have ramifications on many products and
operating systems.

5) ESB-2018.1337 – [Linux] IBM QRadar SIEM: Multiple vulnerabilities

https://www.auscert.org.au/bulletins/62154

One of many IBM bulletins relating to Java vulnerabilities.

Stay safe, stay patched and have a good weekend!

Marcus