//Blogs - 05 April 2019

AusCERT Week in Review for 5th April 2019

Greetings,

This week, MISP released an update to patch a CVE in itself and China managed to top the cake by leaving over 590 million resumes sitting in an open-database.

Here's a summary (including excerpts) of some of the more interesting stories we've seen this week:

NIST cybersecurity resources for smaller businesses
Date Published: 4 April 2019
Author:  Lysa Myers    
Excerpt:
"There are a lot of challenges to being a small-business owner, including safely managing technology. Every risk can have an outsized effect on your ability to stay in business. And resources for protecting your business are often geared towards much larger organizations. The National Institute of Standards and Technology (NIST) aims to change that, with the release of their Small Business Cybersecurity Corner."
-----

SamSam outbreak led to FBI restructuring, top official says
Date Published: 4 April 2019
Author: Sean Lyngaas
Excerpt:
"The notorious SamSam ransomware — which extracted over $6 million in payments from more than 200 victim organizations — forced the FBI to adjust its model for handling cyberattack investigations, a senior bureau official said Thursday.
Nearly all 56 of the FBI's field offices responded to SamSam incidents — an inefficient way of keeping up with the malware, said Tonya Ugoretz, deputy assistant director of the FBI's Cyber Division."
-----

Chinese companies have leaked over 590 million resumes via open databases
Date Published: April 4 2019
Author: Catalin Cimpanu
Excerpt:
"Chinese companies have leaked a whopping 590 million resumes in the first three months of the year, ZDNet has learned from multiple security researchers.
Most of the resume leaks have occurred because of poorly secured MongoDB databases and ElasticSearch servers that have been left exposed online without a password, or have ended up online following unexpected firewall errors."
-----

540 Mllion Facebook Records Leaked by Public Amazon S3 Buckets
Date Published: 3 April 2019
Author: Sergiu Gatlan
Excerpt:
"More than 540 million records of Facebook users were exposed by publicly accessible Amazon S3 buckets used by two third-party apps to store user data such as plain text app passwords, account names, user IDs, interests, relationship status, and more.
As discovered by the UpGuard Cyber Risk team, Mexico-based media company Cultura Colectiva stored the records of roughly 540 million of its users within a 146 GB database called "cc-datalake," stored in a misconfigured Amazon S3 bucket which gave anyone download permissions."
-----

Hacker group has been hijacking DNS traffic on D-Link routers for three months
Date Published: April 4 2019
Author: Catalin Cimpanu
Excerpt:
"For the past three months, a cybercrime group has been hacking into home routers --mostly D-Link models-- to change DNS server settings and hijack traffic meant for legitimate sites and redirect it to malicious clones. The attackers operate by using well-known exploits in router firmware to hack into vulnerable devices and make silent changes to the router's DNS configuration, changes that most users won't ever notice."
-----

Here are this week's noteworthy security bulletins:

1) ESB-2019.1082 - [Linux] MISP: Cross-site scripting - Remote with user interaction  
    A new version of MISP (2.4.105) has been released to fix a cross-site scripting vulnerability (CVE-2019-10254) in addition to some minor improvements and fixes.

2) ESB-2019.1148 - [Win][UNIX/Linux] Jenkins plugins: Multiple vulnerabilities  
    72 CVE's published for various different Jenkins plugins.

3) ESB-2019.1139 - [Win][UNIX/Linux] drupal7: Multiple vulnerabilities  
    A Drupal7 update to resolve an access bypass vulnerability.
   

Stay safe, stay patched and have a great weekend,

Rameez Agnew