//Week in review - 7 Feb 2020

AusCERT Week in Review for 7th February 2020


The AusCERT team would like to thank all members who completed our 2019 Annual Survey.

All completed non-anonymous survey respondents will receive a branded wireless charging mouse pad; and our survey results will be shared next week.

And last but not least, our AusCERT2020 Early Bird registrations and ticket sales are now in full swing so be sure to tap into your membership benefits.

Please note that our membership team will be sending out member token emails in coming weeks so be sure to look out for these in your inbox.

CDPwn: 5 Zero-Days in Cisco Discovery Protocol
Date: 2020-02-06
Author: Armis

Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices without any user interaction.
[See ESB-2020.0424.2, which was sent as an AusCERT alert bulletin.]

Apple proposes simple security upgrade for SMS 2FA codes
Date: 2020-02-03
Author: Naked Security

Apple engineers think they’ve come up with a simple way to make SMS two-factor authentication (2FA) one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction.
The concept proposed by the company’s Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website.
This dodges today’s hazard that phishing websites can first fool people into entering their password and username, before asking them to submit the correct 2FA code sent to their phone to the same bogus site.

Update: Toll says IT systems infected by new variant of ‘Mailto’ ransomware
Date: 2020-02-06
Author: CSO Online

Australian logistics and delivery firm Toll has confirmed the ransomware attack that forced it to take its IT systems offline was a new variant of the Mailto ransomware.
Toll Group took some key IT systems offline last Friday after detecting the cyber attack and has gradually released more information about the attacks and their impact, on Monday confirming it was a ransomware attack. The latest update confirms its systems were infected by the Mailto ransomware.

Hackers are hijacking smart building access systems to launch DDoS attacks
Date: 2020-02-02
Author: ZDNet

Hackers are actively searching the internet and hijacking smart door/building access control systems, which they are using to launch DDoS attacks, according to firewall company SonicWall.
The attacks are targeting Linear eMerge E3, a product of Nortek Security & Control.

Anatomy of a rental phishing scam
Date: 2020-02-04
Author: Jeffrey Ladish

I was recently the (unsuccessful) target of a very well-crafted phishing scam. As part of a housing search a few weeks ago, I was trawling craigslist and zillow for rental opportunities in the SF bay area. I reached out to a beautiful looking rental place to inquire about a tour. Despite my experience as a security professional, I didn’t realize this was a scam until about the third email! Below I will account the story in excessive detail including screenshots.

ESB-2020.0424.2 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability

These are the “CDPwn” suite of vulnerabilities.

ESB-2020.0421 – Cisco IOS XR Software Intermediate System-to-Intermediate System DoS Vulnerability

DoS vulnerability for IS-IS routing protocol functionality in Cisco IOS XR Software.

Stay safe, stay patched and have a good weekend!