AUSCERT Week in Review for 14th February 2020

Happy Friday (and Valentine’s Day for those who celebrate)!

If you’re still looking for a last-minute gift inspiration, we recommend giving your significant other the gift of security and help them set up two-factor authentication on their accounts (Credit: CERT NZ).

In addition to our weekly summary below, please keep an eye out for a copy of our membership newsletter in your inbox today; some important messages on there including a copy of our survey results and some upcoming changes to how we send security bulletins.

From Monday 2nd of March we will be sending bulletins from bulletins@auscert.org.au rather than auscert@auscert.org.au. Get ready to update your mail rules.

Until next week.

Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches
Date: 2020-02-11
Author: Threatpost

Microsoft has issued one of its largest Patch Tuesday updates for the shortest month of the year, addressing 99 security vulnerabilities across a range of products. Twelve of the bugs are listed as critical – and the rest are rated as being important.

Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm
Date: 2020-02-10
Author: Threatpost

The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks – and their devices – via brute force loops.

Puerto Rico govt loses $2.6M in phishing scam
Date: 2020-02-13
Author: AP News

Puerto Rico’s government has lost more than $2.6 million after falling for an email phishing scam, according to a senior official.
The finance director of the island’s Industrial Development Company, Rubén Rivera, said in a complaint filed to police Wednesday that the agency sent the money to a fraudulent account.

Dangerous Domain Corp.com Goes Up for Sale
Date: 2020-02-08
Author: Krebs on Security

As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe.
During an eight month analysis of wayward internal corporate traffic destined for corp.com in 2019, Schmidt found more than 375,000 Windows PCs were trying to send this domain information it had no business receiving — including attempts to log in to internal corporate networks and access specific file shares on those networks.

ASB-2020.0043 – Windows Malicious Software Removal Tool

Microsoft’s Patch Tuesday included fixes for the Windows Malicious Software Removal Tool.

ASB-2020.0038 – Microsoft Patch Tuesday updates for Windows (February 2020)

Microsoft’s Patch Tuesday also included fixes for 81 Windows vulnerabilities.

ESB-2020.0480 – Security Updates Available for multiple Adobe products

This bulletin contains 5 Adobe security advisories.

Stay safe, stay patched and have a good weekend!

Mal