BF-SIRT Newsletter 2017-39

This weeks top stories is an update on how the CCleaner APT security incident targeted large technology companies, and a Deloitte breach affecting all company email.

A couple of new stories are currently evolving, including an easy-to-exploit flaw in Linux kernel rated ‘high risk’ (CVE-2017-1000253) and a (for now) more theoretical CLKSCREW Attack which can hack modern chipsets via their power management features.

ICANN delays KSK Rollover over fears 60 million people would be kicked offline.

If you are looking for longer reading to keep you company this weekend you are in luck, McAfee Labs Report sees cyberattacks target healthcare and social media users, Accenture reports global cost of cybercrime soars 23% in a year and Europol published it’s Internet Organised Crime Threat Assessment.

Notable CVEs this week
CVE-2017-14867 – git: cvsserver command injection – CVSS3 Base Score 7.8
CVE-2017-1000253 – kernel: load_elf_ binary() – CVSS3 Base Score 7.8
CVE-2017-7805 – nss: Potential use-after-free in TLS 1.2 server – CVSS3 Base Score 7.5

Top 5 Security Links
Avast, Cisco Confirm: CCleaner Malware Targeted Large Technology Companies
Source: Deloitte Breach Affected All Company Email, Admin Accounts
Patch alert! Easy-to-exploit flaw in Linux kernel rated ‘high risk’
CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features
Internet-wide security update put on hold over fears 60 million people would be kicked offline

About Hans-Petter Fjeld

Hans-Petter is a Information Security Manager and a member of the Basefarm Group's SIRT and certified GPEN.
This entry was posted in Uncategorized. Bookmark the permalink.

Comments are closed.