AusCERT Week in Review for 4th May 2018 4 May 2018


AusCERT Week in Review
04 May 2018


Greetings,

Happy Friday all.
Plenty of patches and some interesting security stories again this week.

Here's a summary (including excerpts) of some of the more interesting
stories we've seen this week:


Title: Twitter to All Users: Change Your Password Now!
Date Published: 03-05-2018
URL: https://krebsonsecurity.com/2018/05/twitter-to-all-users-change-your-password-now/
Author: Brian Krebs
Excerpt:
"Twitter just asked all 300+ million users to reset their passwords, citing
the exposure of user passwords via a bug that stored passwords in plain text"

-----

Title: Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package
Date Published: 03-05-2018
URL: https://www.bleepingcomputer.com/news/security/somebody-tried-to-hide-a-backdoor-in-a-popular-javascript-npm-package/
Author: Catalin Cimpanu
Excerpt:
"The Node Package Manager (npm) team avoided a disaster today when it
discovered and blocked the distribution of a cleverly hidden backdoor
mechanism"

-----

Title: Australia's Biggest Bank Loses 20 Million Customer Records
Date Published: 03-05-2018
URL: https://www.securityweek.com/australias-biggest-bank-loses-20-million-customer-records
Author: AFP
Excerpt:
"Australia's troubled Commonwealth Bank admitted Thursday it had lost
financial records for almost 20 million customers in a major security
blunder -- but insisted there was no need to worry."

-----

Title: DDoS Attacks Go Down 60% Across Europe Following WebStresser's Takedown
Date Published: 02-05-2018
URL: https://www.bleepingcomputer.com/news/security/ddos-attacks-go-down-60-percent-across-europe-following-webstressers-takedown/
Author: Catalin Cimpanu
Excerpt:
"Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across
Europe following the takedown of WebStresser, the largest DDoS-for-hire
portal on the market."

-----

Title: Fancy Bear abuses LoJack security software in targeted attacks
Date Published: 03-05-2018
URL: https://securityaffairs.co/wordpress/72072/apt/fancy-bear-abuses-lojack.html
Author: Pierluigi Paganini
Excerpt:
"Recently, several LoJack agents were found to be connecting to servers
that are believed to be controlled by the notorious Russia-linked Fancy
Bear APT group"

-----


Here are this week's noteworthy security bulletins:


1) ESB-2018.1312 - ALERT [RedHat] Red Hat: Root compromise - Existing account

https://www.auscert.org.au/bulletins/62054

Red Hat released updates for Openshift Container Platforms versions 3.1,
3.2 ... 3.9 which had root compromise vulnerabilities.

 

2) ESB-2018.1381 - [Win] Philips Brilliance Computed Tomography (CT)
System: Multiple vulnerabilities

https://www.auscert.org.au/bulletins/62326

From the ICS-CERT's advisory: "Successful exploitation of these
vulnerabilities may allow an attacker to attain elevated privileges
and access unauthorized system resources, including access to execute
software or to view/update files including patient health information
(PHI), directories, or system configuration."

 

3) ESB-2018.1294 - [Mac] Safari: Execute arbitrary code/commands - Remote
with user interaction

https://www.auscert.org.au/bulletins/61978

Vulnerabilities in Webkit affected Safari in various Apple products.

 

4) ESB-2018.1363 - [Win][UNIX/Linux][Debian] jackson-databind: Execute
arbitrary code/commands - Remote/unauthenticated

https://www.auscert.org.au/bulletins/62258

Jackson-databind is a widely used Java library for parsing JSON and othe
data formats, so this issue could have ramifications on many products and
operating systems.

 

5) ESB-2018.1337 - [Linux] IBM QRadar SIEM: Multiple vulnerabilities

https://www.auscert.org.au/bulletins/62154

One of many IBM bulletins relating to Java vulnerabilities.

 

Stay safe, stay patched and have a good weekend!


Marcus

 


« Back to all blog entries