//Week in review - 6 Mar 2020

AusCERT Week in Review for 6th March 2020


Welcome to March. This month sees us turning 27.

As an organisation, we have come a long way since the day that student hacked into NASA in their spare time in 1993! 27 years later, we are still preaching our greater good ethos and are proud to be serving our members daily. Soon, we will be sharing with you a copy of our Year in Review 2019 publication. This is something we have put together to help our members (and the public) understand the current trends in our industry – from AusCERT’s unique perspective; it will also provide an oversight of our operations and offers a preview of our automation-focused road map for 2020 and beyond.

Last but not least, Happy International Women’s Day to all our readers. To celebrate and pay homage to our female colleagues, AusCERT will be featuring a Women of AusCERT series on our LinkedIn page throughout next week.

The Let’s Encrypt CAA Code Bug – A Plain View
Date: 2020-03-05
Author: AusCERT Blog

Let’s Encrypt recently found a bug in their CAA checking code and after remediating the bug on 2020-02-29 UTC (the evening of Friday February 28, U.S. Eastern time), announced they would revoke approximately 2.6% of their active certificates that were potentially affected by the bug, totaling approximately 3 million certificates.
Whilst this might not be seen as critical on the surface, a certificate is fundamentally used to establish and maintain site trustworthiness between two parties. Essentially, certificates are used by browsers to ensure that the site we intended to visit is really the one we’ve arrived at.
Leaving a revoked certificate in-place could trigger errors in browsers and other applications, cause loss availability and/or trust, all potentially causing harm to the companies that rely on them.

Social Engineering Risks: How to Patch the Humans in Your Organization
Date: 2020-02-28
Author: PenTest Magazine

Employees have long been presumed as the weakest link in the corporate cybersecurity chain. But new research from Proofpoint’s Human Factor report claims that over 99% of email-borne cyber-attacks require human intervention to work. Hackers are targeting primarily people, rather than technology systems, to get what they want.
Technically anyone in your organization could be on the receiving end of such an attack. Organizations need to do better at protecting and educating these Very Attacked People (VAPs) in their midst.
As always, a defense-in-depth approach makes the best sense. This should start with user awareness training and education, but not rely 100% on it. By adding in other steps, you stand a better chance of knocking back the hackers in the event that they manage to trick an employee or bypass a security solution.

Citrix vulnerability used for potential Defence recruitment database access
Date: 2020-03-04
Author: ZDNet

The Australian Signals Directorate (ASD) has revealed that a vulnerability in Citrix, announced over Christmas, could have been used by malicious actors to access a database of Australian Defence recruitment details.
“On the 24th of January … through sensitive other sources, had a concern that the Department of Defence and its contractor running the DFRN [Defence Force Recruiting Network] may have been vulnerable to a malicious act as a result of the Citrix issue,” newly installed director-general of the Australian Signals Directorate Rachel Noble told Senate Estimates on Wednesday night.
Noble added that ASD believed no data was compromised, but it did see attempts to access the network related to the vulnerability.

Fraud Prevention Month: How to protect yourself from scams
Date: 2020-03-04
Author: WeLiveSecurity

Businesses and citizens lead busy lives and it is very easy to keep items that may not immediately affect us towards the bottom of the to-do list. Fraud is potentially one of those items, we may appreciate it can happen but unless it’s happening to us at this moment in time then we can often be guilty of delaying preventative action.
And for businesses the risk is compounded; fraud may affect the daily operations of the business and if it requires public disclosure can lead to loss of reputation and potentially create a distrust atmosphere with customers.
Banking fraud and identity theft are intrinsically linked, as you would expect. Here are some tips on what should be the beginning of your plan to protect your identity.

ASB-2020.0051 – Android: Multiple vulnerabilities

The March 2020 patch level for Android includes fixes for multiple critical vulnerabilities.

ESB-2020.0769 – zsh: Increased privileges

The commonly-used zsh shell had a flaw in its –no-PRIVILEGED option.

ESB-2020.0746 – Salt: Unauthenticated RCE

A SecOps product fixed an unauthenticated command injection vulnerability.

Stay safe, stay patched and have a good weekend!

Sean & Mal