//Blogs - 18 April 2019

AusCERT Week in Review for 18th April 2019

Greetings,

Easter is here again, so hopefully some of us will get a few days' break
from work. If travelling, please take care on the roads.

This week Oracle released vulnerability details and patches for its
wide-ranging product list.
For those using their products, there are many fixes to apply (up to 297)!

As for other news, here is a summary (including excerpts) of some of the more
interesting stories we've seen this week:


- ---


Oracle Releases 297 Fixes in April 2019 Critical Patch Update
URL:
https://www.securityweek.com/oracle-releases-297-fixes-april-2019-critical-patch-update
Author:  Ionut Arghire
Date:  17-04-2019

Excerpt:

"Oracle this week announced the release of 297 new security fixes as part
of its April 2019 Critical Patch Update (CPU), two-thirds of which are
remotely exploitable without authentication."


- ---


The web's infrastructure is under attack from a global hacking spree
URL:  https://www.wired.co.uk/article/dns-hijacking-hack-seaturtle-cisco
Author:  Matt Burgess
Date:  17-04-2019

Excerpt:

"Hackers have been conducting a large scale attack on the websites of
governments and intelligence agencies around the world. Security experts
claim the attackers are being backed by an unnamed government and their
actions threaten to undermine the systems that keep the web functioning.
Startling new research from Cisco's Talos security group says that a core
part of the internet's infrastructure has been targeted as the hackers
attempt to steal confidential information. Here's what we know."


- ---


Fifth of Web Traffic Comes from Malicious Bots
URL:
https://www.infosecurity-magazine.com/news/fifth-of-web-traffic-comes-from-1/
Author:  Phil Muncaster
Date:  17-04-2019

Excerpt:

"Around a fifth of all web traffic last year was linked to malicious
bot activity, with financial services hit more than any other sector,
according to Distil Networks."


- ---


Wipro hacked, internal systems used to attack customers: report
URL:
https://www.itnews.com.au/news/wipro-hacked-internal-systems-used-to-attack-customers-report-523956
Author:  Juha Saarinen
Date:  16-04-2019

Excerpt:

"Wipro is currently investigating what appears to be a serious breach
of its networks and systems, which are apparently being used to launch
attacks on customers, forcing the outsourcing giant to build a private
email service to replace compromised corporate system."


- ---


Big Companies Thought Insurance Covered a Cyberattack. They May
Be Wrong.
URL:
https://www.nytimes.com/2019/04/15/technology/cyberinsurance-notpetya-attack.html
Author:  Adam Satariano and Nicole Perlroth
Date:  15-04-2018

Excerpt:

"Mondelez, owner of dozens of well-known food brands like Cadbury chocolate
and Philadelphia cream cheese, was one of the hundreds of companies struck
by the so-called NotPetya cyberstrike in 2017."
...
"Mondelez's insurer, Zurich Insurance, said it would not be sending
a reimbursement check. It cited a common, but rarely used, clause in
insurance contracts: the "war exclusion," which protects insurers from
being saddled with costs related to damage from war.
Mondelez was deemed collateral damage in a cyberwar."


- ---


Here are some of this week's noteworthy security bulletins (in no particular
order):



1. ESB-2019.1280 - [Linux][OSX] Webkit: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/79038
"Processing maliciously crafted web content may lead to arbitrary code
execution."



2. ESB-2019.1345 - [Win][UNIX/Linux] Drupal: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/79366
"Service IDs derived from unfiltered user input could result in the
execution of any arbitrary code"


3.  ESB-2019.1353 - [SUSE] python: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/79430
"blacklist bypass in URIs by using the 'local-file:' scheme"


4.  ESB-2019.1329 - [Cisco] Aironet access points: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/79278
Denial of Service and Root Compromise vulnerabilities.


5. ASB-2019.0110 - [Win][UNIX/Linux] Oracle Construction and Engineering
Suite: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/79254
Remote code execution, Denial of Service, and other vulnerabilities.


- ---


Stay safe, stay patched and have a great weekend,
Marcus.