//Week in review - 28 Feb 2020

AusCERT Week in Review for 28th February 2020


Just a reminder that on Monday 2 March the AusCERT External Security Bulletins (ESB) and AusCERT Security Bulletins (ASB) are going to be sent from bulletins@auscert.org.au. You will still receive the bulletin service as usual but the source email address will be changed to bulletins@auscert.org.au.

This change is being executed to allow for easier filtering of one of our largest volumes of email correspondence. However, if you are currently automating the bulletins you receive from auscert@auscert.org.au, make sure you tweak your scripts / update your mail rules to match on Monday 2 March.

Last but not least, AusCERT as an ally for the LGBTIQ+ community would like to wish all members a safe and enjoyable Mardi Gras weekend.

Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data
Date: 2020-02-24
Author: Threatpost

Any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps installed on the specific device – even malicious ones. That data can then reveal private information such as a user’s GPS coordinates, passwords, banking data or a spreadsheet copied into an email.
Shedding light onto the potential harm of this scenario is German software engineer, Tommy Mysk. Mysk said that any app that can constantly read a device’s clipboard can easily abuse the data.
One caveat to the developer’s research was that iOS can only allow apps to read clipboard data when the apps are active and in the foreground.
Apple is no strangers to clipboard concerns. Three years ago a Reddit user pleaded; “Apple should fix the clipboard on iOS to make accessing it require Permission. This is a massive opening for malicious apps.”

Australian Government attacked over ransomware ‘epidemic’
Date: 2020-02-25
Author: Micky

The shadow assistant minister for cyber security Tim Watts has taken aim at the Federal Government over a lack of attention to the ransomware epidemic.
In an opinion piece published in the Australian Financial Review, Watts cited last year’s attack on hospitals in the Gippsland Health Alliance and the South West Alliance of Rural Health, as well as the more recent attack on global transport company Toll, as warning signs the threat was increasing.

As Coronavirus Spreads, So Does Covid-19 Themed Malware
Date: 2020-02-27
Author: Bleeping Computer

Threat actors are still taking advantage of the ongoing COVID-19 global outbreak by attempting to drop Remcos RAT and malware payloads on their targets’ computers via malicious files that promise to provide Coronavirus safety measures.
Yoroi researchers recently spotted a suspicious CoronaVirusSafetyMeasures_pdf.exe executable after it was submitted to their free sandbox-based file analysis service.
As the Yoroi research team later discovered, the executable is an obfuscated Remcos RAT dropper that would drop a Remcos RAT executable on the compromised computer, together with a VBS file designed to run the RAT.
Essentially, COVID-19 is a popular phishing bait right now. The World Health Organization (WHO) recently warned of active Coronavirus-themed phishing attacks that impersonate the organization with the end goal of delivering malware and stealing sensitive information.

Massive DDoS Attack Shuts Down Iran’s Internet, Tehran Blames Washington
Date: 2020-02-21
Author: CPO Magazine

The head of Iran Civil Defense has accused Washington of the latest large-scale cyber-attack that targeted Iranian infrastructure. The coordinated Distributed Denial of Service attack affected two mobile operators and partially shut down Iran’s internet for hours.

Corruption watchdog calls for mandatory data breach laws in Qld
Date: 2020-02-26
Author: iTnews

Queensland’s corruption watchdog has called for state government agencies to be subjected to a mandatory data breach notification scheme after uncovering corruption risks around confidential information.
The Crime and Corruption Commission made the recommendation in its Operation Impala report into the misuse of confidential information in the state’s public sector.
The inquiry found “potential corruption risks associated with confidential information” at seven government agencies, including police, health, transport, education and corrective services.
The report, handed down on Friday, has recommended the mandatory data breach scheme be developed and managed by the Office of the Information Commissioner Queensland (OIC).

ASB-2020.0049 – ALERT [Win][UNIX/Linux] Google Chrome: Multiple vulnerabilities

There have been reports of active exploits in the wild.

ASB-2020.0050 – ALERT [Win] Microsoft Edge: Multiple vulnerabilities

The corresponding advisory from Microsoft as Edge is now based on Chrome.

ESB-2020.0712 – [Cisco] Cisco Wi-Fi Products: Multiple vulnerabilities

A concerning vulnerability affecting multiple Cisco Wi-Fi devices.

Stay safe, stay patched and have a good weekend!

The AusCERT Team.