AusCERT Week in Review for 18th May 2018 18 May 2018


Greetings,

We've seen a spate of bulletins this week following Twitter's revelation that they were accidentally logging some passwords in clear-text, indicating that some products have also exposed sensitive data.

NSW Family Planning has suffered a ransomware attack, leading to concerns that personal data may have been exposed.

In other news, the AusCERT 2018 conference is almost upon us!
We look forward to seeing some of you there from Tuesday the 29th of May.

In the news this week:

--------------------------------------------------------------------------------

Family Planning NSW ransomware attack sees personal information of 8000 people at risk

URL: https://www.healthcareit.com.au/article/family-planning-nsw-ransomware-attack-sees-personal-information-8000-people-risk-0

Author: Lynne Minion

Excerpt: A ransomware attack on Family Planning NSW two weeks ago has potentially exposed the personal information of up to 8000 people, including women who sought information on abortions and contraception, but the reproductive and sexual health organisation claims medical records were never under threat.

...

In the attack on ANZAC Day, the hackers demanded a $15,000 ransom be paid in bitcoin.

--------------------------------------------------------------------------------

Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers

Date published: 15-05-2018

URL: https://www.bleepingcomputer.com/news/security/shadowy-hackers-accidentally-reveal-two-zero-days-to-security-researchers/

Author: Catalin Cimpanu

Excerpt: An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.

The zero-days were spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months.

[These vulnerabilities have been patched in the last week.]

--------------------------------------------------------------------------------

'Efail' vulnerability lies in apps, not PGP and GnuPG

Date published: 15-05-2018

Author: Juha Saarinen

URL: https://www.itnews.com.au/news/efail-vulnerability-lies-in-apps-not-pgp-and-gnupg-490961

Excerpt: A security scare said to affect the popular Pretty Good Privacy (PGP) and Gnu Privacy Guard (GnuPG) protocols used to encrypt email messages is in fact caused by bugs in older mail apps.

The issue arose after researchers from three German universities claimed to have devised an attack the called Efail, which they said would allow the decryption of current and past emails scrambled with PGP or GnuPG and exfiltration of the decoded content.

But maintainers of the open source GnuPG set of encryption tools quickly issued a statement on Efail, pointing out that the issue affects older email applications and not the protocol itself.

--------------------------------------------------------------------------------

WordPress releases GDPR features

URL: https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/

Author: Allen Snook

Excerpt: It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located.

...

We’re committed to supporting site owners around the world in their work to comply with this important law. As part of that effort, we’ve added a number of new privacy features in this release.

--------------------------------------------------------------------------------

And lastly, here are this week's most noteworthy security bulletins:


ESB-2018.1526 - [RedHat] sensu: Access privileged data - Existing account

https://www.auscert.org.au/bulletins/62978

Sensitive data, including passwords, was logged in clear-text.

--------------------------------------------------------------------------------

ESB-2018.1468 - [Win][UNIX/Linux] IBM MQ Managed File Transfer: Access privileged data - Existing account

https://www.auscert.org.au/bulletins/62738

Passwords were logged in clear-text.

--------------------------------------------------------------------------------

ESB-2018.1489 - [RedHat] ovirt-ansible-roles: Access privileged data - Existing account

https://www.auscert.org.au/bulletins/62822

Passwords were logged in clear-text.

--------------------------------------------------------------------------------

ESB-2018.1506 - [Win][Mac] Adobe Acrobat & Reader: Multiple vulnerabilities

https://www.auscert.org.au/bulletins/62898

Multiple vulnerabilities when handling malicious PDF files could lead to execution of arbitrary code or data leakage.

--------------------------------------------------------------------------------

ASB-2018.0106.2 - UPDATE [Win][Mac] Microsoft Office products: Multiple vulnerabilities

https://www.auscert.org.au/bulletins/62450

Multiple vulnerabilities in Microsoft Office when handling malicious files could lead to execution of arbitrary code.

--------------------------------------------------------------------------------

ESB-2018.1419 - [Win][Linux][Mac] Adobe Flash Player: Execute arbitrary code/commands - Remote with user interaction

https://www.auscert.org.au/bulletins/62514

Flash also executes arbitrary code.

--------------------------------------------------------------------------------

Stay safe, stay patched and have a great weekend.
David


« Back to all blog entries