AusCERT Week in Review for 4th May 2018 4 May 2018

AusCERT Week in Review
04 May 2018


Happy Friday all.
Plenty of patches and some interesting security stories again this week.

Here's a summary (including excerpts) of some of the more interesting
stories we've seen this week:

Title: Twitter to All Users: Change Your Password Now!
Date Published: 03-05-2018
Author: Brian Krebs
"Twitter just asked all 300+ million users to reset their passwords, citing
the exposure of user passwords via a bug that stored passwords in plain text"


Title: Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package
Date Published: 03-05-2018
Author: Catalin Cimpanu
"The Node Package Manager (npm) team avoided a disaster today when it
discovered and blocked the distribution of a cleverly hidden backdoor


Title: Australia's Biggest Bank Loses 20 Million Customer Records
Date Published: 03-05-2018
Author: AFP
"Australia's troubled Commonwealth Bank admitted Thursday it had lost
financial records for almost 20 million customers in a major security
blunder -- but insisted there was no need to worry."


Title: DDoS Attacks Go Down 60% Across Europe Following WebStresser's Takedown
Date Published: 02-05-2018
Author: Catalin Cimpanu
"Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across
Europe following the takedown of WebStresser, the largest DDoS-for-hire
portal on the market."


Title: Fancy Bear abuses LoJack security software in targeted attacks
Date Published: 03-05-2018
Author: Pierluigi Paganini
"Recently, several LoJack agents were found to be connecting to servers
that are believed to be controlled by the notorious Russia-linked Fancy
Bear APT group"


Here are this week's noteworthy security bulletins:

1) ESB-2018.1312 - ALERT [RedHat] Red Hat: Root compromise - Existing account

Red Hat released updates for Openshift Container Platforms versions 3.1,
3.2 ... 3.9 which had root compromise vulnerabilities.


2) ESB-2018.1381 - [Win] Philips Brilliance Computed Tomography (CT)
System: Multiple vulnerabilities

From the ICS-CERT's advisory: "Successful exploitation of these
vulnerabilities may allow an attacker to attain elevated privileges
and access unauthorized system resources, including access to execute
software or to view/update files including patient health information
(PHI), directories, or system configuration."


3) ESB-2018.1294 - [Mac] Safari: Execute arbitrary code/commands - Remote
with user interaction

Vulnerabilities in Webkit affected Safari in various Apple products.


4) ESB-2018.1363 - [Win][UNIX/Linux][Debian] jackson-databind: Execute
arbitrary code/commands - Remote/unauthenticated

Jackson-databind is a widely used Java library for parsing JSON and othe
data formats, so this issue could have ramifications on many products and
operating systems.


5) ESB-2018.1337 - [Linux] IBM QRadar SIEM: Multiple vulnerabilities

One of many IBM bulletins relating to Java vulnerabilities.


Stay safe, stay patched and have a good weekend!



« Back to all blog entries