//Week in review - 13 Mar 2020

AusCERT Week in Review for 13th March 2020


We understand that this is a worrying time for many in our community and wanted to broach the subject of how COVID-19 (Coronavirus) impacts AusCERT.

Our team will continue to support our members through our range of services.

A reminder that our member incident hotline continues to operate 24/7 and details can be found on our website by logging in to our member portal.  Because we are a part of The University of Queensland, we are aligning ourselves with the University by responding to the situation as it evolves and are also planning for contingencies to continue delivering our services.

In other news this week, AusCERT took part as the leading team in the annual Asia Pacific Computer Emergency Response Team (APCERT) drill. This drill tests the response capability of leading Computer Security Incident Response Teams (CSIRT) within the Asia Pacific economies. To find out more about this annual endeavour, please visit our site here.

Last but not least, we are pleased to announce that our conference website is now updated with a list of speakers and program details will be announced soon.

Microsoft emits SMBv3 worm-cure crisis patch
Date: 2020-03-12
Author: The Register

Microsoft has released an out-of-band emergency patch for a wormable remote-code execution hole in SMBv3, the Windows network file system protocol.
On Thursday morning, Redmond emitted the update to Server Message Block 3.1.1 to kill off a critical flaw designated CVE-2020-0796.
The bug can be exploited by an unauthenticated attacker to execute malicious code, at administrator level, on an un-patched system simply by sending the targeted system specially crafted compressed data packets.
Systems running 32 and 64-bit Windows 10 v1903, Windows 10 v1909, Windows Server v1903 (Server Core), and Windows Server v1909 (Server Core) – and just those versions – need to get patched right now.

Coronavirus map used to spread malware
Date: 2020-03-09
Author: Graham Cluley

Be careful about which websites you trust. A malicious site appears to have copied the look-and-feel of a legitimate Coronavirus map from Johns Hopkins University.
Security researchers at Malwarebytes say that they have found malicious code hiding behind the fake website that claimed to show an up-to-date global heatmap of Coronavirus reports.
The malicious code skims for passwords and payment card details, as a variant of the AzorUlt spyware.
Be careful what programs you install and run on your computers folks… or you might be putting yourself at risk.

Coronavirus: How hackers are preying on fears of Covid-19
Date: 2020-03-13
Author: BBC News

Cyber-criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance.
Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.
The BBC has tracked five of the campaigns.

March 2020 Patch Tuesday: Microsoft fixes 115 vulnerabilities, Adobe none
Date: 2020-03-10
Author: Help Net Security

It’s March 2020 Patch Tuesday, Adobe seems to have skipped releasing any patches, whilst Microsoft has dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity.
The 26 critical flaws all allow remote code execution, but some are more easily exploited than others.
The good news is that no active attacks have been observed for any of the vulnerabilities at this time.

Preparing for Covid-19 and beyond
Date: 2020-03-06
Author: Beta News

The threat of a global pandemic is alarming, but at least in this case, IT has some advance notice to prepare for the worst-case scenario. You do not want to be caught without a plan if local governments institute a quarantine or local schools are closed for several weeks. And even if we avoid a pandemic — fingers crossed — the planning you did won’t be in vain.
It’s important for every organization to always have a plan to deal with disasters large and small, whether it’s flooding, inclement winter weather or a particularly bad cold that sends half your team home. Here are the steps you should take to put together your plan and prepare for a potential pandemic.

ESB-2020.0862.2 – UPDATED ALERT SMBv3: Execute arbitrary code/commands – Remote/unauthenticated

Microsoft released an out-of-bounds emergency patch today for a vulnerability identified as wormable. See article above.

ESB-2020.0868 – Firefox ESR: Multiple vulnerabilities

Firefox update patches Airpod information disclosure vulnerability.

ASB-2020.0054 – Windows: Multiple vulnerabilities

Microsoft Patch Tuesday resolves 78 vulnerabilities for Windows.

Stay safe, stay patched and have a good weekend!