Greetings, We are very excited to announce that registrations are now open for the AUSCERT2023 Cyber Security Conference – Back to the Future! This year we are doing a couple of things differently with our tutorials. Firstly, we have worked hard to finalise the selection and scheduling of tutorials earlier than usual. This means that attendees can select their preferred tutorials at the time they complete their conference registration. Secondly, to leverage the advantages of diverse groups working and learning together we are creating and holding space to improve the gender diversity in our tutorials. Some tutorials are limited-capacity, and registrations for these are on a ‘first come, first served’ basis, with additional requests going into a waitlist. This year we’re reserving some spaces in these tutorials which we will fill from the waitlist by selecting people that identify as women, creating more opportunities for skills-improvement as part of the conference experience! News emerged this week that malicious actors are leveraging the popularity of ChatGPT to create fake web sites and social media pages used to distribute malware and steal credit card data. This is a good reminder that malicious actors are extremely good at recognising what people are interested in, concerned about or titillated by, and ruthlessly use this knowledge to achieve their objectives. Here is a selection of the rest of this week’s notable cyber security news articles, compiled by the AUSCERT analyst team: GoDaddy says a multi-year breach hijacked customer websites and accounts Date: 2023-02-18 Author: Ars Technica GoDaddy said on Friday that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. GoDaddy is one of the world’s largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion. In a filing Thursday with the Securities and Exchange Commission, the company said that three serious security events starting in 2020 and lasting through 2022 were carried out by the same intruder. Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities Date: 2023-02-21 Author: Security Week The iOS 16.3 and macOS Ventura 13.2 advisories, originally released on January 23, have been updated to add three vulnerabilities. One of them is CVE-2023-23520, a race condition affecting the crash reporter component, which can allow an attacker to read arbitrary files as root. The other two security holes impact the ‘foundation’ component in Apple’s operating systems and they can allow an attacker to “execute arbitrary code out of its sandbox or with certain elevated privileges”, according to the tech giant. ChatGPT is bringing advancements and challenges for cybersecurity Date: 2023-02-21 Author: Help Net Security Understanding why ChatGPT is garnering so much attention takes a bit of background. Up until recently, AI models have been quite “dumb”: they could only respond to specific tasks when trained on a large dataset providing context on what to find. But, over the last five years, research breakthroughs have taken AI to a whole new level, enabling computers to better understand the meaning behind words and phrases. Medibank reveals attack vector and cost of 2022 security breach Date: 2023-02-23 Author: iTnews Medibank is going to take a $26 million half-year hit as the result of its 2022 security breach, and this is expected to climb to between $40 million and $45 million over the full year. The insurer has also gone public for the first time with technical detail of the attack. In a half-year results announcement [pdf], Medibank said the attacker first obtained the user ID and password used by a third-party IT services contractor. ESB-2023.1013 – ALERT FortiNAC: CVSS (Max): 9.8 A critical severity vulnerability affecting FortiNAC has been patched by Fortinet ESB-2023.1049 – ALERT FortiWeb: CVSS (Max): 9.3 A stack based buffer overflow vulnerability leading to RCE has been addressed by Fortinet ESB-2023.1090 – VMware Carbon Black App Control: CVSS (Max): 9.1 VMware has addressed an injection vulnerability affecting VMware Carbon Black App Control ESB-2023.1105 – Tenable.sc: CVSS (Max): 9.8 Tenable has released updates for multiple vulnerabilities in third party software leveraged by Tenable.sc ESB-2023.1142 – clamav: CVSS (Max): 9.8 A possible Remote Code Execution and Information Leak vulnerability have been fixed in the Clamav package Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This week the Australian government’s Attorney-General released its Privacy Act Review Report and is seeking feedback on 116 proposals for privacy reform contained in the Report. Feedback can be provided until March 31, 2023. The proposals are designed to address the following broad areas: Reducing confusion about what information should be protected and who should be protecting it Providing greater protection of personal information and increasing transparency of how information is used and protected Increasing enforcement of privacy breaches and streamlining regulatory schemes This is a good reminder of the importance of cyber security and privacy measures and how they should work together to ensure the protection of information. The latest episode of AUSCERT’s Share Today, Save Tomorrow podcast has just been released! In Episode 19 we hear insights and wisdom about cyber security risk and insurance from widely respected friend of AUSCERT, Ben Di Marco. Here is a selection of this week’s notable cyber security news articles, compiled by the AUSCERT analyst team: Cloudflare blocks record-breaking 71 million RPS DDoS attack Date: 2023-02-13 Author: Bleeping Computer This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service (DDoS) attack to date. The company said it detected and mitigated not just one but a wave of dozens of hyper-volumetric DDoS attacks targeting its customers over the weekend. "The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps," Cloudflare's Omer Yoachimik, Julien Desgats, and Alex Forster said. Adobe Plugs Critical Security Holes in Illustrator, After Effects Software Date: 2023-02-14 Author: Secuirty Week Software maker Adobe on Tuesday released security fixes for at least a half dozen vulnerabilities that expose Windows and macOS users to malicious hacker attacks. The Mountain View, Calif. company warned that the security problems exist on three of its most popular software products — Photoshop, Illustrator and After Effects. According to Adobe’s security bulletins, the Illustrator and After Effects patches carry critical-severity ratings because of the risk of code execution attacks. Splunk Enterprise Updates Patch High-Severity Vulnerabilities Date: 2023-02-15 Author: Security Week Splunk on Tuesday announced Splunk Enterprise updates that resolve multiple high-severity vulnerabilities, including security defects impacting third-party packages used by the product. The most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Both flaws affect instances with Splunk Web enabled and require a high-privileged user to make a request in their browser. ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric Date: 2023-02-15 Author: Security Week Siemens and Schneider Electric have addressed a total of nearly 100 vulnerabilities with their February 2023 Patch Tuesday advisories. Siemens has published 13 new advisories covering a total of 86 vulnerabilities. The most significant vulnerability — based on its CVSS score of 10 — is a memory corruption issue that can lead to a denial-of-service (DoS) condition or arbitrary code execution in the Comos plant engineering software. Citrix fixes severe flaws in Workspace, Virtual Apps and Desktops Date: 2023-02-15 Author: Bleeping Computer [Refer AUSCERT Security Bulletin ESB-2023.0865, ESB-2023.0866 and ESB-2023.0867] Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products. The addressed security problems are categorized as high-severity and could enable attackers with local access to the target to elevate their privileges and take control of the affected system. Citrix products are widely used by organizations worldwide, so it’s critical to apply the available security updates to prevent intruders from having an easy way to escalate their privileges on breached systems. ESB-2023.0871 – Intel Atom and Xeon Processors: CVSS (Max): 7.5 Intel has released firmware updates to mitigate high-severity escalation of privilege issue (CVE-2022-21216) impacting Atom and Xeon processors. ESB-2023.0879 – macOS Ventura: CVSS (Max): None Apple has released updates for macOS which include a WebKit patch for a new zero-day vulnerability tracked as CVE-2023-23529. ESB-2022.0969 – Siemens COMOS: CVSS (Max): 10.0 Siemens has released updates for the critical vulnerability in the Comos plant engineering software. This could allow a malicious cyber actor to execute arbitrary code on the target system or cause a denial-of-service condition. ASB-2023.0048 – ALERT Microsoft Windows: CVSS (Max): 9.8 Microsoft has released security patch updates for Windows which resolve 36 vulnerabilities. ESB-2023.0954.2 – Atlassian Products: CVSS (Max): 10.0 Atlassian has released an advisory which addresses critical security vulnerabilities in Git that affect multiple Atlassian products. Atlassian has rated the severity level of these vulnerabilities as critical. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Today marks World Pizza Day, a celebration of one of the world's most beloved foods. Pizza has been around for over two thousand years, originating in Italy, and has since become a staple dish in households and restaurants all over the world. From classic Margherita to gourmet toppings, there's a pizza for everyone. As we celebrate the history of pizza, the AUSCERT team also took a moment to reflect on its own proud history. AUSCERT was founded in 1993, and next month will celebrate its thirtieth birthday. To mark the occasion, we released a blog entitled "AUSCERT: a proud history and bright future" which takes a deeper dive into AUSCERT’s history and outlines plans for the future. This blog truly is the essence of the whole AUSCERT team, summarising the combined efforts in producing our strategy for 2023. Late last year the team took a few moments away from analysing vulnerabilities, taking down phishing sites, delivering training and running a conference and instead attended two offsite workshops, one focused on “what is the culture of AUSCERT?”, and another on “what projects can we undertake to better serve our members?”. Combined with feedback from some of our members, our plans for 2023 are now underway. Next week we’ll share details of that, and don’t worry if you haven’t had a chance to give us feedback yourself – we’ve got plans to do that, too! Speaking of plans, very soon the AUSCERT2023 Cyber Security Conference registrations will be opened, so keep an eye on our announcements. Meanwhile here’s this week’s interesting news articles in case you missed them: New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers Date: 2023-02-04 Author: The Hacker News VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on Friday. VMware, in its own alert released at the time, described the issue as an OpenSLP heap-overflow vulnerability that could lead to the execution of arbitrary code. MITRE Releases Tool to Design Cyber-Resilient Systems Date: 2023-02-03 Author: Dark Reading Cyberattacks are on the rise and enterprise defenders are protecting an increasingly expanding and complex attack surface. For many organizations, the focus is shifting away from prevention to resilience — to maintain essential business functions during an attack and recover quickly without losing too much downtime. Toward that end, MITRE has released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber-resilient systems. OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability Date: 2023-02-06 Author: None The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1. "This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms," OpenSSH disclosed in its release notes on February 2, 2023. CISA releases recovery script for ESXiArgs ransomware victims Date: 2023-02-07 Author: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks. Starting last Friday, exposed VMware ESXi servers were targeted in a widespread ESXiArgs ransomware attack. Since then, the attacks encrypted 2,800 servers according to a list of bitcoin addresses collected by CISA technical advisor Jack Cable. NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices Date: 2023-02-08 Author: The Hacker News The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NIST said. "They are also designed for other miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles." Put differently, the idea is to adopt security protections via lightweight cryptography in devices that have a "limited amount of electronic resources." ESB-2023.0705 – OpenSSL: CVSS (Max): 7.4 An updated version of libssl has been provided to address multiple vulnerabilities in OpenSSL ESB-2023.0745 – Google Chrome: CVSS (Max): None Google has released updated version of Chrome to address several vulnerabilities ESB-2023.0768 – Cortex XDR Agent: CVSS (Max): 5.5 A patch for a medium severity vulnerability has been provided by Palo Alto for Cortex XDR Agent on Windows Platform ESB-2023.0756 – tigervnc: CVSS (Max): 7.8 A privilege escalation vulnerability has been addressed in TigerVNC Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Beazley’s new Cyber Services Snapshot report confirms two things most of us probably expected: in 2023 the way threat actors use stolen data will continue to worsen, and the categories “fraudulent instruction as a cause of loss” and “cyber extortion incidents with data exfiltration” are both increasing significantly year-on-year. The report calls for organisations to “get smarter” about educating employees to spot fraudulent instruction tactics like spoofed emails or domains, however cynics may point out that the cybersecurity industry has been attempting this for a couple of decades already, so why isn’t it working? Perhaps some organisations haven’t adopted a top down approach to cybersecurity, with management leading by example. Senior management and board members have an important role to play here, and the AICD released a set of Cybersecurity Governance Principles late last year on this topic. Similarly ASIC has published a document on key questions for an organisation’s board of directors to consider. We know that time is precious for senior management and board members, so in 2023 AUSCERT plans to help our members provide timely briefings and short education courses for this type of audience. We’re also expanding our existing AUSCERT Education courses to include data governance training and assistance with implementation. In the short term however, there are still places available in the existing “Intro to Cyber for IT Professionals”, “Cyber Security Risk Management” and “Incident Response Planning” courses, so while it’s still quiet why not consider a quick, economical upskilling for your team? To further help our members, AUSCERT and WTW are hosting a live forum in Brisbane on Thursday, 16 February to discuss the key lessons from major cyber incidents and losses of 2022, and the impact on the cyber and technology risk insurance market, third-party risk assessment, and risk management. You can register here. GitHub says hackers cloned code-signing certificates in breached repository Date: 2023-01-31 Author: Ars Technica GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to verify it was developed by the listed organization, which in this case is GitHub. If decrypted, the certificates could allow an attacker to sign unofficial versions of the apps that had been maliciously tampered with and pass them off as legitimate updates from GitHub. Current versions of Desktop and Atom are unaffected by the credential theft. myGov report warns against digital ID fragmentation Date: 2023-01-31 Author: iTnews The federal government’s slow movement on digital ID risks creating “digital rail gauges … where a credential issued by one jurisdiction won’t be accepted in another," a review of myGov, which also covered digital identity, has warned. The report, in two volumes, [pdf] and [pdf], highlights how slow decision-making at the federal level, along with a lack of legislative support for digital ID, have left Australians vulnerable. Facebook two-factor authentication bypass issue patched Date: 2023-01-27 Author: The Daily Swig Meta has patched a vulnerability in Facebook that could have allowed an attacker to bypass SMS-based two-factor authentication (2FA). The bug – which earned its finder a $27,200 bounty – did this by confirming the targeted user’s already-verified Facebook mobile number using the Meta Accounts Center in Instagram. It exploited a rate-limiting issue in Instagram that enabled an attacker to brute force the verification pin required to confirm someone’s phone number. JD Sports says hackers stole data of 10 million customers Date: 2023-01-30 Author: Bleeping Computer UK sports apparel chain JD Sports is warning customers of a data breach after a server was hacked that contained online order information for 10 million customers. In data breach notices shared by affected customers, the company warns that the "attack" exposed customer information for orders placed between November 2018 and October 2020. JD Sports says it detected the unauthorized access immediately and responded quickly to secure the breached server, preventing subsequent access attempts. OpenAI releases tool to detect AI-written text Date: 2023-01-31 Author: Bleeping Computer OpenAI has released an AI text classifier that attempts to detect whether input content was generated using artificial intelligence tools like ChatGPT. "The AI Text Classifier is a fine-tuned GPT model that predicts how likely it is that a piece of text was generated by AI from a variety of sources, such as ChatGPT," explains a new OpenAI blog post. OpenAI released the tool today after numerous universities and K-12 school districts banned the company's popular ChatGPT AI chatbot due to its ability to complete students' homework, such as writing book reports and essays, and even finishing programming assignments. KeePass disputes vulnerability allowing stealthy password theft Date: 2023-01-30 Author: Bleeping Computer The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text. KeePass is a very popular open-source password manager that allows you to manage your passwords using a locally stored database, rather than a cloud-hosted one, such as LastPass or Bitwarden. ESB-2023.0612 – Apache HTTP Server: CVSS (Max): 9.0 It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service ESB-2023.0600 – python-django: CVSS (Max): 7.5 It was discovered that there was a potential Denial of Service (DoS) vulnerability in Django, a popular Python-based web development framework ESB-2023.0567 – Tenable products: CVSS (Max): 9.1 This vulnerability allows a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges ESB-2023.0533 – git: CVSS (Max): 9.8 Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, The latest episode of AUSCERT’s Share Today, Save Tomorrow podcast is available for download, featuring Jess Dodson (@girlgerms) chatting with Anthony Caruana about her Zero Trust journey. Frameworks or ideas like Zero Trust often emerge in fast-paced industries like cyber security, however they’re sometimes unfairly overlooked as a “buzz phrase” or “passing trend”. Jess’s excellent presentation at the AUSCERT2022 Cyber Security Conference gives a great, no nonsense explanation of what Zero Trust actually is and how you can implement it within your organisation. Speaking of the AUSCERT Cyber Security Conference, the AUSCERT2023 Call For Presentations CLOSES this evening! If you haven’t submitted your idea yet there’s still time, and remember we’re very keen to support first time presenters with additional mentoring. Many professionals have imposter syndrome, but remember your experiences are uniquely yours and quite likely very interesting to others! If you’re still stuck for ideas, listen to our joint presentation with Lidia Giuliano (@pink_tangent) and AUSCERT's Mark Carey-Smith, Bek Cheb and Mike Holm from Tuesday this week, “How to prepare a speaking topic and submit to a conference CFP”. Some additional resources are available on the Call for Presentations page, such as the padlet coordinated by Mark containing crowd-sourced ideas on “What makes a great conference presentation?”. In amongst imposter syndrome, too-much-compliance fatigue, not-enough-resources burnout, rising costs and other such worries, it’s easy to lose sight of the real goals of your organisation or business unit. At this time, your professional network and trusted partners can significantly contribute towards your success. Why not discuss cyber security topics with peers on AUSCERT’s Member Slack or other communities like the JCSC Slack, use free resources like this blog and AUSCERT Daily Intelligence Report to help you keep up to date and plan your year? Here's the top stories from this week, in case you missed any of them: QUT alerts staff, students to data breach – Security Date: 2023-01-23 Author: iTnews Queensland University of Technology has alerted 2500 staff and 67 students that their personal information was breached in a late December incident. Most of the university’s IT systems were taken offline, some of them for weeks, when the breach was first detected. The university said most have been restored, in an announcement posted last week to its website. Authorities shut down HIVE ransomware infrastructure, provide decryption tools Date: 2023-01-26 Author: Help Net Security Europol supported the German, Dutch and US authorities in taking down the infrastructure of the prolific HIVE ransomware. This international operation involved authorities from 13 countries in total. Law enforcement identified the decryption keys and shared them with many victims, helping them regain access to their data without paying the cybercriminals. PayPal Warns 35,000 Users of Credential Stuffing Attacks Date: 2023-01-20 Author: Security Week Online payments system PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign. “On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials,” the company said in the notification letter sent to the impacted individuals. According to PayPal, between December 6 and 8, 2022, a third party accessed user accounts using login credentials obtained elsewhere. The unauthorized access was eliminated on December 8. Suspected Chinese hackers exploit vulnerability in Fortinet devices Date: 2023-01-21 Author: The Record [See AUSCERT Security Bulletin 13 December 2022 ESB-2022.6458.2] Suspected Chinese hackers have been targeting a European government entity and African managed service provider with new custom malware. According to a report released by Mandiant on Thursday, hackers exploited a recently patched vulnerability — CVE-2022-42475 — in FortiOS, an operating system developed by U.S. cybersecurity company Fortinet, as a zero-day. IoT vendors faulted for slow progress in setting up vulnerability disclosure programs Date: 2023-01-24 Author: The Daily Swig IoT vendors are making slow progress in making it easy for security researchers to report security bugs, with only 27.1% of suppliers offering a vulnerability disclosure policy. The figure, based on the latest annual report from the IoT Security Foundation (IoTSF), compares to the 9.7% of IoT (Internet of Things) vendors that were reported to have a disclosure policy in the 2018 edition of the same study. Vulnerability management ought to be a cornerstone of connected product security, widely recommended in 30 cybersecurity guidance initiatives including the IoTSF’s IoT Security Assurance Framework. Universities offered software to sniff out ChatGPT-written essays Date: 2023-01-23 Author: The Register Turnitin, best known for its anti-plagiarism software used by tens of thousands of universities and schools around the world, is building a tool to detect text generated by AI. Large language models have gained traction since the commercial release of OpenAI's GPT-3 in 2020. Now multiple companies have built their own rival machine learning systems, kickstarting a new wave of startups developing products powered by generative AI. These models operate like general-purpose chatbots. Users type instructions, and they will respond with passages of coherent, convincing text. ESB-2023.0391.2 – ALERT iOS: CVSS (Max): 8.8 Apple released additional updates that may have been actively exploited against versions of iOS released before iOS 15.1 ESB-2023.0398 – ALERT VMware vRealize Log Insight and Cloud Foundation (VMware vRealize Log Insight) : CVSS (Max): 9.8 VMware released the latest updates for vRealize Log Insight which addresses multiple security vulnerabilities ESB-2023.0428 – MySQL: CVSS (Max): 9.8 Ubuntu reports several security issues in the MySQL and advises their clients to apply the most recent patches ESB-2023.0462 – PAM: CVSS (Max): 9.8 Ubuntu released an update that fixes PAM vulnerability which would allow unintended access to the machine over the network ESB-2023.0466 – Linux kernel (Raspberry Pi): CVSS (Max): 10.0 Ubuntu released an update to fix Linux kernel (Raspberry Pi) vulnerabilities which could potentially result in the execution of arbitrary code and denial of service attack Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Some of us are currently in “planning mode”, setting the tone for 2023. We recently blogged on the importance of cyber preparedness, giving tips for those responsible for briefing management on this topic. For the rest of us, if you’re thinking “another year, more vulnerabilities and data breaches”, you’re not alone. Although cyber security professionals are often restricted due to the sensitive nature of our work, it’s pleasing to note that during several recent cyber security incidents, the affected organisations reached out to AUSCERT and asked us to share important information with our community. “Indicators of compromise” or just “IoCs” for short can be shared quickly (and anonymously if required) to help others defend against similar attacks. In many cases these days, MISP (Malware Informaiton Sharing Platform) or even Slack is used to share this data. AUSCERT’s Member Slack is also good place to discuss what’s important and reach out to other like-minded professionals to compare notes on priority, sightings of threats and mitigation techniques. If you’ve got a story to tell at the AUSCERT2023 Cyber Security Conference, whether a success or a learning experience you’ve had, you’ll need to head to the Call For Papers website before January 27. If you don’t think you’ve got a story, why not register for the free webinar on Tuesday January 24, “I don’t have anything to talk about”? We’re really keen to support first time presenters! Too many default ‘admin1234’ passwords increase risk for industrial systems, research finds Date: 2023-01-18 Author: CyberScoop Easily guessed default passwords can be a malicious hackers’ easiest way to infiltrate a target. And all too often, according to research released Wednesday, operators of critical infrastructure companies aren’t updating off-the-shelf security credentials in internet devices connected to industrial systems. “We’re seeing a lot of the ‘admin1234,’ meaning that [hackers are] still going to be using default credentials in hopes that no one is changing the credentials for IoT devices — which is pretty accurate,” said Roya Gordon, security research evangelist at Nozomi Networks, a cybersecurity firm that specializes in industrial security. Over 4,000 Sophos Firewall devices vulnerable to RCE attacks Date: 2023-01-17 Author: Bleeping Computer Over 4,000 Sophos Firewall devices exposed to Internet access are vulnerable to attacks targeting a critical remote code execution (RCE) vulnerability. Sophos disclosed this code injection flaw (CVE-2022-3236) found in the User Portal and Webadmin of Sophos Firewall in September and also released hotfixes for multiple Sophos Firewall versions (official fixes were issued three months later, in December 2022). The company warned at the time that the RCE bug was being exploited in the wild in attacks against organizations from South Asia. Azure Services SSRF Vulnerabilities Exposed Internal Endpoints, Sensitive Data Date: 2023-01-17 Author: SecurityWeek.Com Cloud security company Orca has published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services, including two bugs that could have been exploited without authentication. SSRF flaws, Orca explains, typically allow attackers to access the host’s IMDS (Cloud Instance Metadata Service), enabling them to view information such as hostnames, MAC addresses, and security groups. Furthermore, such security defects could be exploited to retrieve tokens, execute code remotely, and move to another host. Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more Date: 2023-01-13 Author: The Daily Swig Slack suffered a security breach recently, “involving unauthorized access to a subset of Slack’s code repositories” according to the messaging platform. The company said that although no customers were affected, an internal investigation revealed that an unknown actor downloaded private code repositories on or around December 27. “We discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository,” a statement read. “No downloaded repositories contained customer data, means to access customer data or Slack’s primary codebase.” Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Attacks Date: 2023-01-16 Author: SecurityWeek.Com Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet. The vulnerability, patched by Zoho last November, affects multiple Zoho ManageEngine products and can be reached over the internet to launch code execution exploits if SAML single-sign-on is enabled or has ever been enabled. Fortinet Says Recently Patched Vulnerability Exploited to Hack Governments Date: 2023-01-13 Author: SecurityWeek.Com Fortinet reported this week that a recently patched vulnerability tracked as CVE-2022-42475 has been exploited in highly targeted attacks aimed at government organizations. The security hole impacts the FortiOS SSL-VPN and it can allow a remote, unauthenticated hacker to execute arbitrary code or commands using specially crafted requests. The vulnerability’s existence was disclosed on December 12, 2022, when Fortinet warned that it was aware of in-the-wild exploitation. The company at the time announced patches and shared indicators of compromise (IoCs). Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks Date: 2023-01-17 Author: The Record Nearly one million active and inactive Norton LifeLock accounts have been targeted by credential stuffing attacks, according to a statement from the cybersecurity product’s parent company. Gen Digital – which owns Norton LifeLock and several other consumer cybersecurity brands – told The Record that 925,000 inactive and active accounts were locked down after their security team identified a high number of Norton account login attempts. The incident centered around Norton Password Manager users ESB-2023.0269 – Firefox ESR: CVSS (Max): 8.8* Multiple security issues have been found in the Mozilla Firefox ESR , which could potentially result in the execution of arbitrary code, information disclosure or spoofing. Security Vulnerabilities can be fixed by upgrading to Firefox ESR 102.7. ASB-2023.0019 – Oracle Communications: CVSS (Max): 9.9 Oracle released a critical patch update contains 79 new security patches, plus additional third party patches for Oracle Communications. ASB-2023.0013 – Oracle MySQL: CVSS (Max): 9.8 Oracle’s most recent patch update contains 37 new security patches for MySQL. ESB-2023.0278 – Nessus: CVSS (Max): 9.1 Tenable has released Nessus 10.4.2 to address a privilege escalation vulnerability in Nessus versions 10.4.1 and earlier. ESB-2023.0277 – Drupal Core: CVSS (Max): None Drupal reports a vulnerability in Drupal Core which potentially could result in users with access to edit content seeing metadata about media items they are not authorized to access. Drupal advises its clients to apply provided updates. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, With Australia taking out the unenviable title of the most hacked nation in the world during the last quarter of 2022, it shouldn’t be a surprise that spending on cybersecurity has grown in parallel and, shows no sign of slowing. Following the spate of cyber-attacks impacting millions of Australians in 2022, organisations are looking to increase their cyber resilience. Cyber Security Connect recently reported that businesses are re-evaluating cyber practices, including working together, to combat the increasing cyber threats. Although many of us have had some time off during the festive season, cybercriminals seem to have been hard at work with several ransomware attacks impacting organisations across the globe. QUT, The Guardian UK and SickKids, a research hospital in Toronto, are just some of the organisations that have had experienced ‘serious IT issues’ resulting in staff being forced to work from home along with other major service disruptions. Although, in the instance of the hospital, the ransomware gang apologised and provided a free decryptor. These situations reinforce the need to increase cyber resilience but also that organisations may need to focus on behaviour and culture, including improving security awareness and training. One way to improve awareness, understanding and insight into industry trends is to listen to AUSCERT’s podcast series, Share Today, Save Tomorrow. Now with eighteen episodes, there’s sure to be something for everyone – happy listening! Ransomware impacts over 200 govt, edu, healthcare orgs in 2022 Date: 2023-01-02 Author: Bleeping Computer Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational, and healthcare verticals. Data collected from publicly available reports, disclosure statements, leaks on the dark web, and third-party intelligence show that hackers stole data in about half of these ransomware attacks. Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational, and healthcare verticals. Data collected from publicly available reports, disclosure statements, leaks on the dark web, and third-party intelligence show that hackers stole data in about half of these ransomware attacks. Python's PyPI registry suffers another supply-chain attack Date: 2023-01-04 Author: iTnews Unknown attackers have compromised a package in the Python PyPI registry, injecting a malicious binary into it, the maintainers of the open source machine learning framework PyTorch are warning. PyTorch maintainers said the compromised dependency affected the nightly release of their code, but not the stable packages. The compromised package is torchtriton, which is part of the Triton language and compiler which is used for writing custom deep-learning primitives. 'Multiple security breaches' shut down trucker protest Date: 2023-01-03 Author: The Register An anti-government protest by truckers in Canada has been called off following "multiple security breaches," according to organizers, who also cited "personal character attacks," as a reason for the withdrawal. Canada Unity, one of the groups that organized last year's so-called Freedom Convoy – during which truckers and others overtook Canadian city streets to protest mandatory COVID-19 vaccinations – has canceled a repeat demonstration planned for February 17 to 20, according to a press release posted to the group's Facebook page. 200 million Twitter users' email addresses allegedly leaked online Date: 2023-01-04 Author: Bleeping Computer A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak. Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private (phone numbers and email addresses) and public data on various online hacker forums and cybercrime marketplaces. Car companies massively exposed to web vulnerabilities Date: 2023-01-04 Author: The Daily Swig The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) vendors, and fleet operators were riddled with security holes, security researchers warn. In a detailed report, security researcher Sam Curry laid out vulnerabilities that run the gamut from information theft to account takeover, remote code execution (RCE), and even hijacking physical commands such as starting and stopping the engines of cars. The findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem BitRat Malware Gnaws at Victims With Bank Heist Data Date: 2023-01-05 Author: Dark Reading Threat actors are using data stolen from a Colombian bank as a lure in what appears to be a malicious campaign aimed at spreading the BitRAT malware, researchers have found. The activity demonstrates the evolution of how attackers are using commercial, off-the-shelf malware in advanced threat scenarios, they said. Researchers at IT security and compliance firm Qualys were investigating "multiple lures" for BitRAT when they identified that the infrastructure of a Colombian cooperative bank had been hijacked. Attackers were using sensitive data gleaned from that compromise to try to capture victims, they reported in a blog post published Jan. 3. ESB-2023.0068 – Android OS: CVSS (Max): 8.8* Security patch levels of 2023-01-05 or later address the security vulnerabilities affecting Android devices. ESB-2023.0077 – OpenShift Container Platform 4.10.46: CVSS (Max): 9.8 Red Hat released an update that fix several bugs and add enhancements to OpenShift Container Platform. ESB-2023.0063 – Apache Tomcat: CVSS (Max): None The Apache Software Foundation released fixes for the vulnerabilities in Apache Tomcat. ESB-2023.0062 – WebSphere Application Server Patterns: CVSS (Max): 5.9 Multiple vulnerabilities in the IBM SDK Java Technology Edition affects IBM WebSphere Application Server that is bundled with IBM WebSphere Application Server Patterns. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, With a little over a week left for the year, many people look towards the year ahead, often making resolutions focused on their health, finance or perhaps an overseas trip. Whilst we can’t help on those fronts, we thought it might be beneficial and a little fun to look at what might be in store for 2023. Two of the predictions which popped up in a few publications centred on the new social engineering ‘battleground’ following the growing trend of social media scams and building a security-aware society. Articles in Forbes and the Australian Cyber Security Magazine provide an insight into what to look out for and how to prepare for what possibly awaits. Earlier in the week, it was revealed that Australia was the most hacked nation in the world during the last quarter of 2023. Many of us hope that we’ve seen the end of attacks like those still impacting customers of Medibank and Optus, however, many within the cybersecurity industry are anticipating a large-scale incident to occur during the Festive Season. With many out-of-office replies being sent and Christmas closure notices posted on social media and websites, it’s easy for potential attackers to know which organisations may be softer targets. To help individuals and organisations to prepare, cybersecurity expert Alistair MacGibbon recently spoke to the team at Today and provided some tips on how we can all take steps to better protect ourselves. Lastly, a reminder of our scheduled shutdown over the Christmas and New Year period: AUSCERT will be closed from 5:00 pm Friday, December 23rd, 2022, until Monday, January 2nd 2023. We will reopen on Tuesday, January 3rd, 2023. The auscert@auscert.org.au mailbox will not be monitored during this period. However, we will staff the 24/7 member incident hotline as usual; so do call us for any urgent matters during this period. To log an incident or for further information, log in via the Member Portal. We would like to wish everyone a safe and happy Christmas and all the very best for 2023. 5 Recommendations to Improve Wholesale and Retail Cybersecurity Over the Holidays Date: 2022-12-16 Author: Security Intelligence It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches. The risk of data breaches and other cyber crimes can make this shopping season feel pretty perilous. It makes sense to learn about the types of cyberattacks aimed at this sector, particularly at this time of year, and what retailers and wholesalers can do to protect themselves. Google announces client-side encryption for Gmail is now in beta Date: 2022-12-19 Author: Cyber Security Connect Google revealed last week that it is expanding client-side encryption access on a range of its web-based platforms. The encryption is in its beta phase and is now available for Google Workspace Enterprise Plus, Education Plus, and Education Standard. Sign-ups are open now and until 20 January 2023. The beta program is not yet available for individual accounts. “Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities,” Google said in its announcement. “Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs.” Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks Date: 2022-12-19 Author: Security Week Cisco has updated multiple security advisories to warn of the malicious exploitation of severe vulnerabilities impacting its networking devices. Many of the bugs, which carry severity ratings of ‘critical’ or ‘high’, have been addressed 4-5 years ago, but organizations that haven’t patched their devices continue to be impacted. Last week, the tech giant added exploitation warnings to more than 20 advisories detailing security defects in Cisco IOS, NX-OS, and HyperFlex software. Cybercrime (and Security) Predictions for 2023 Date: 2022-12-19 Author: The Hacker News Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it’s up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Here’s a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead. Ransomware Attackers Bypass Microsoft’s ProxyNotShell Mitigations With Fresh Exploit Date: 2022-12-22 Author: Dark Reading The operators of a ransomware strain called Play have developed a new exploit chain for a critical remote code execution (RCE) vulnerability in Exchange Server that Microsoft patched in November. The new method bypasses mitigations that Microsoft had provided for the exploit chain, meaning organizations that have only implemented those but have not yet applied the patch for it need to do so immediately. The RCE vulnerability at issue (CVE-2022-41082) is one of two so-called “ProxyNotShell” flaws in Exchange Server versions 2013, 2016, and 2019 that Vietnamese security company GTSC publicly disclosed in November after observing a threat actor exploiting them. The other ProxyNotShell flaw, tracked as CVE-2022-41040, is a server-side request forgery (SSRF) bug that gives attackers a way to elevate privileges on a compromised system. ESB-2022.6617 – VMware vRealize Operations (vROps): CVSS (Max): 7.2 VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities ESB-2022.6630 – Nessus Network Monitor: CVSS (Max): 9.8 Nessus Network Monitor 6.2.0 updates moment.js to version 2.29.4 and handlebars to version 4.7.7 to address the identified vulnerabilities ESB-2022.6657 – Mozilla Thunderbird: CVSS (Max): 6.1 Mozilla has released updates to Thunderbird to address malicious code execution vulnerability ESB-2022.6631 – Citrix Hypervisor: CVSS (Max): 6.3 Several security issues have been identified in Citrix Hypervisor 8.2 LTSR CU1, each of which may allow a privileged user in a guest VM to cause the host to become unresponsive or crash Stay safe, stay patched and Merry Christmas! The AUSCERT team

Greetings, The AUSCERT team are excited to announce that the Call for Presentations and Sponsorship options for next year’s conference are open! We believe that there is an abundance of potential speakers from far afield and close to home, even if people don’t know it. To help those unsure of what to speak about or, in need of some assistance, AUSCERT has implemented some new initiatives aimed at helping uncover talking points and help interested parties develop their presentation. These include a mentorship program and a webinar titled, “I don’t have anything to talk about”, scheduled for early 2023. If you would like some inspiration or ideas, perhaps an episode of our podcast, ‘Share Today, Save Tomorrow’ is in order. This includes our last episode of 2022 , released today, that features Dave Lewis, a speaker at this year’s conference and is currently a Global Advisory CISO for Cisco. Dave is also working towards his graduate degree at Harvard and wrote columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others. If you’re considering sponsorship at AUSCERT2023, we have the usual offerings along with some returning favourites from this year – including the Gelato Cart – along with some fantastic new options that we think will be highly sought after! If you’d like to see what’s on offer, simply visit the sponsorship portal and request a copy of the Sponsorship Prospectus. With just over a week until Christmas Day, many people have placed online orders for their gifts and no doubt are anticipating the delivery each day. If you are one of the many on the look-out for a delivery, beware of potential scams that make claims of a failed delivery, requesting you update your details – be warned, DO NOT click on any links! This is just one of the ’12 Scams of Christmas’ that have been compiled to promote awareness and hopefully, keep everyone safe this Festive Season! Fortinet confirms VPN vulnerability exploited in the wild Date: 2022-12-12 Author: TechTarget [Refer AUSCERT Security Bulletin ESB-2022.6458.2] A critical zero-day vulnerability in Fortinet’s SSL-VPN has been exploited in the wild in at least one instance. Fortinet issued an advisory Monday detailing the heap-based buffer overflow flaw, tracked as CVE-2022-42475, affecting multiple versions of its FortiOS SSL-VPN. Ranked a 9.3 on the common vulnerability scoring system, Fortinet warned the critical flaw could allow a remote unauthenticated attacker to execute arbitrary code. “Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise,” Fortinet wrote in the advisory. Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws Date: 2022-12-13 Author: Bleeping Computer ​Today is Microsoft’s December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. Six of the 49 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution, one of the most severe types of vulnerabilities. Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw Date: 2022-12-14 Author: Dark Reading Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild. The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32. “Both must be configured with an SAML SP or IdP configuration to be affected,” Citrix noted in its security update. TPG Telecom discloses hosted Exchange breach at iiNet, Westnet Date: 2022-12-14 Author: iTnews TPG Telecom has disclosed a breach of hosted Exchange services that run email accounts for up to 15,000 iiNet and Westnet business customers. The telco said that Mandiant had “found evidence of unauthorised access” on December 13. The target appeared to be “crypocurrency and financial information” contained within accounts, TPG Telecom said in a financial filing. It appears the incident was identified as part of routine scans on networked assets. Fire Rescue Victoria relies on radios and mobile phones as it probes mystery dispatch system outage Date: 2022-12-15 Author: The Age [Update at : https://www.frv.vic.gov.au/update-frv-outage} Victorian firefighters will be forced to use mobile phones and radios for up to four days after their dispatch system suffered a mystery outage. Fire Rescue Victoria acting Commissioner Gavin Freeman said the disruption was first noticed between 4am and 5am on Thursday. The acting commissioner said fire trucks and crews were still able to be deployed in response to the incidents, and safety had not been compromised. ESB-2022.6592 – Tenable.ad: CVSS (Max): 9.8 Tenable.ad leverages third-party software to help provide underlying functionality. One of the third-party components (Erlang) was found to contain vulnerabilities, and updated versions have been made available by the providers. ESB-2022.6508 – macOS Ventura: CVSS (Max): 8.2* macOS Ventura 13.1 addresses multiple important security issues. ESB-2022.6481 – ALERT VMware vRealize Network Insight (vRNI): CVSS (Max): 9.8 Multiple vulnerabilities in VMware vRealize Network Insight (vRNI) were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products. ESB-2022.6474 – ALERT Citrix ADC and Gateway: CVSS (Max): None A vulnerability has been discovered in Citrix Gateway and Citrix ADC that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. ASB-2022.0245 – ALERT Microsoft Windows: CVSS (Max): 8.5* Microsoft has released its monthly security patch update for the month of December 2022 which outlined 31 vulnerabilities across multiple products ESB-2022.6458.2 – UPDATED ALERT FortiOS: CVSS (Max): 9.3 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, It’s hard to ignore the biggest sporting spectacle of the year, especially following the Socceroos success in reaching the Round of 16 for only the second time! But with these large-scale and popular events, comes an increase in cyber threats. As reported in The Register recently, tactics such as phishing are part of the social engineering tactics due to the more promising opportunities for an attack. With the FIFA Women’s World Cup being held in Australia and New Zealand next year and, the Summer Olympics in Brisbane in 2032, greater awareness, education and support for individuals and organisations, should be sought out and provided to ensure a more protected and resilient environment exists. At AUSCERT, we’re already in the throes of enhancing our education and training portfolio for 2023. We will be providing updates when dates and course information is finalised so be sure to keep an eye on our Education page. In the meantime, there is a broad range of topics and intriguing speakers featured in our podcast series, Share Today, Save Tomorrow that you can fill your spare time with these holidays – even if it’s to drown out the noise of everything that’s happening around you! The AUSCERT Conference team will soon be putting the call out for Tutorial and Presentation submissions for any and all interested in sharing their insights and experience with attendees at AUSCERT2023 which will take place between May 9-12, 2023. We believe that there is an abundance of potential speakers from far afield and close to home, even if they don’t know it! Should you wish to be inspired and motivated to make a submission, or if you just want to be entertained by our wonderful array of speakers at previous conferences, visit our YouTube channel. Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems Date: 2022-12-05 Author: The Hacker News The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. Multiple government departments in New Zealand affected by ransomware attack on IT provider Date: 2022-12-06 Author: The Record by Recorded Future A ransomware attack on Mercury IT, a widely used managed service provider (MSP) in New Zealand, is feared to have disrupted dozens of organizations in the country, including several government departments and public authorities. The Ministry of Justice and Te Whatu Ora (Health New Zealand) are among the public authorities that have announced being impacted by a cyberattack on a third-party IT support provider. New Zealand’s privacy commissioner confirmed on Tuesday morning that “a cyber security incident involving a ransomware attack” was to blame, saying its upstream target was Mercury IT, which “provides a wide range of IT services to customers across New Zealand.” Android malware apps with 2 million installs spotted on Google Play Date: 2022-12-04 Author: Bleeping Computer A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation. One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this. Several Code Execution Vulnerabilities Patched in Sophos Firewall Date: 2022-12-06 Author: Security Week Sophos has informed customers that Sophos Firewall version 19.5, whose general availability was announced in mid-November, patches several vulnerabilities, including ones that can lead to arbitrary code execution. In addition to resiliency improvements and a performance boost, the latest Sophos Firewall version brings patches for seven vulnerabilities. According to a security advisory released on December 1, one of the vulnerabilities patched in version 19.5 is CVE-2022-3236, which has a ‘critical’ severity rating. Amnesty International hit by China-sponsored cyber attack Date: 2022-12-07 Author: Cyber Security Connect Amnesty International has said that it has been targeted by a China-sponsored cyber attack. The breach was first detected by the human rights organisation on 5 October, when hackers attempted to search for data specific to China, Hong Kong and several high-profile Chinese activists. Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover Date: 2022-12-07 Author: The Daily Swig Steps towards building a defendable internet are possible, but to get there the industry needs to accept baseline security regulations and move away from a fixation about zero-day vulnerabilities. Opening the Black Hat Europe conference on Tuesday, security researcher Daniel Cuthbert praised security improvements gained with the wider adoption of cloud computing, improvements in iOS, and tighter web security controls in Google Chrome, among other developments. One problem, however, is that these improvements are not feeding down to provide improvements in security practices more generally. Machine Learning Models: A Dangerous New Attack Vector Date: 2022-12-07 Author: Dark Reading Threat actors can hijack machine learning (ML) models that power artificial intelligence (AI) to deploy malware and move laterally across enterprise networks, researchers have found. These models, which often are publicly available, serve as a new launchpad for a range of attacks that also can poison an organization’s supply chain — and enterprises need to prepare. Researchers from HiddenLayer’s SAI Team have developed a proof-of-concept (POC) attack that demonstrates how a threat actor can use ML models — the decision-making system at the core of almost every modern AI-powered solution — to infiltrate enterprise networks, they revealed in a blog post published Dec. 6. The research is attributed to HiddenLayer’s Tom Bonner, senior director of adversarial threat research; Marta Janus, principal adversarial threat researcher; and Eoin Wickens, senior adversarial threat researcher ESB-2022.6363 – Android OS: CVSS (Max): 7.8* Android released a security bulletin that contains details of security vulnerabilities affecting Android devices ESB-2022.6333 – IBM Security QRadar SIEM: CVSS (Max): 8.2 IBM QRadar Wincollect agent is vulnerable to using components with known vulnerabilities ESB-2022.6305 – chromium: CVSS (Max): 8.8 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure ESB-2022.6359 – FortiOS and FortiProxy: CVSS (Max): 7.7 An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, The Medibank breach here in Australia and another recent attack on the Colombian healthcare provider, Keralty. support a 2014 Reuters article, which claimed that “your medical information is worth 10 times more than your credit card number on the black market”. For those in the healthcare industry, there are resources available to help keep sensitive information safe. From individuals to large health providers, digitalhealth.gov.au has a range of services and resources to help promote cyber security awareness and better protect individual’s data and the people tasked with safeguarding it. Additionally, the Cyber and Tech Risk Team at WTW, will look at the most recent cyber events across Australia, during an education session on Thursday 8 December from 12:00 pm that will examine key learnings that can be taken from the incident, governance impacts and analysis of the current state of cyber and technology risk insurance market. For more information and to register, click here. For companies that fail to provide satisfactory protection of their customers’ data in Australia, new laws recently passed may act as a motivator to review practices. The Privacy Legislation Amendment Bill 2022 will see an increase in fines for serious or repeated privacy breaches that currently have a maximum of $2.2 million, to upwards of $50 million. Despite the current weather in a lot of the country, Summer has arrived in Australia! It coincides with International Volunteer Day on December 5. With so many Aussies flocking to the beach each year, perhaps it’s the perfect time to consider volunteering with your local Surf Lifesaving club. There are numerous ways to get involved, just click on your state for more info: Queensland New South Wales Victoria Tasmania South Australia Western Australia Northern Territory Medibank breach prompts “intensifying” APRA scrutiny Date: 2022-11-28 Author: IT News The Australian Prudential Regulation Authority (APRA) is intensifying its supervision of Medibank Private, and is widening its investigations into financial services security more broadly. The move comes in the wake of the Medibank data breach, which APRA said in a statement “raised concerns about the strength of [Medibank’s] operational risk controls”. Twitter Data Breach Bigger Than Initially Reported Date: 2022-11-28 Author: Security Week A massive Twitter data breach disclosed a few months ago appears to be bigger than initially reported. In August, Twitter admitted that a vulnerability affecting its systems had been exploited to obtain user data. The issue, introduced in June 2021, could have been exploited to determine whether a specified phone number or email address was tied to an existing Twitter account, even for accounts where the information should have been private. The vulnerability was reported to the social media giant in January and it was quickly fixed, but not before it was exploited by malicious actors. LastPass Suffers Another Breach, and This Time Customer Data Is Affected Date: 2022-12-01 Author: PC Mag Australia The data breach LastPass suffered in August enabled a hacker to infiltrate the company again and steal customer information. On Wednesday, LastPass announced it was investigating the breach, which involved a third-party cloud storage service connected to company systems. “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” the company wrote in a blog post. Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework Date: 2022-11-30 Author: SecurityWeek.Com [Refer AUSCERT Bulletin ESB-2022.6037] Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution. Available since 2019, Quarkus is an open source Kubernetes-native Java framework designed for GraalVM and HotSpot virtual machines. Tracked as CVE-2022-4116 (CVSS score of 9.8), the security defect was identified in the Dev UI Config Editor and can be exploited via drive-by localhost attacks. “Exploiting the vulnerability isn’t difficult and can be done by a malicious actor without any privileges,” Contrast Security researcher Joseph Beeton, who discovered the bug, explains. Chrome fixes 8th zero-day of 2022 – check your version now Date: 2022-11-28 Author: Naked Security [This article refers to AUSCERT Security Bulletin ESB-2022.6163] Google has just patched Chrome’s eighth zero-day hole of the year so far. Zero-days are bugs for which there were zero days you could have updated proactively… …because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and published. So, the quick version of this article is: go to Chrome’s Three-dot menu (⋮), choose Help > About Chrome, and check that you have version 107.0.5304.121 or later. Gov’s new privacy breach penalties pass parliament Date: 2022-11-28 Author: iTnews The government has secured passage of a sizable increase in civil penalties for organisations that experience “serious” or “repeated” privacy breaches. The new penalties will come into effect a day after Royal Assent by the Governor-General. The bill passed the senate on Monday with only one minor wording amendment, and was then approved by the lower house later in the afternoon. ESB-2022.6282 – Moodle: CVSS (Max): 9.1 Moodle’s LTI provider library did not utilise Moodle’s inbuilt cURL helper, which resulted in a blind SSRF risk. ESB-2022.6260 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 7.7 Github released important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. ESB-2022.6259 – Thunderbird: CVSS (Max): 7.5* Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. This vulnerability has fixed in Thunderbird 102.5.1. ESB-2022.6163 – Google Chrome: CVSS (Max): None Google released a security update on Chrome and Google is aware that this exploit exists in the wild. Stay safe, stay patched and have a good weekend! The AUSCERT team