//Week in review - 20 Mar 2020

AusCERT Week in Review for 20th March 2020


Given the current ever-evolving situation with COVID-19 and the advice from our State and Federal Governments; in support of the health and wellbeing of our stakeholders we wanted to let you know that the AusCERT2020 Conference has now been postponed.

The Conference will now take place on 15th – 18th September 2020.

A reminder that our member incident hotline continues to operate 24/7 and details can be found on our website by logging in to our member portal.

In other news this week, our Principal Analyst wrote a blog on the various COVID-19 cyber threats we’re seeing out there. It’s unfortunate that this happens at a time when the community is already vulnerable! Read more about it here and be sure to check out his recommendations.

Last but not least, we are pleased to share with you a copy of our 2019 Year in Review publication which provides members (and the general public) with a summary of our state-of-the-union, statistics from our range of services, achievements and milestones as well as details of our goals for 2020 and beyond.

COVID-19 Cyber Threats: Observations, OSINT and Safety Recommendations
Date: 2020-03-18
Author: AusCERT

AusCERT have been made aware from either direct reports or via OSINT research that related threats have been seen relating to emails, mobile apps, web-applications; and social engineering scams.
The purpose of this blog post is to:
– Remind readers that it is common for threat actors to use the most compelling or big news topics of the times to be used in malspam attacks to incite their targets to open a crafted attachment linked to a website.
– Inform readers of the various vectors or attack angles that threat actors have deployed using COVID-19 as their theme so they (organisations) can make informed decisions and take appropriate actions.

A Critical Internet Safeguard Is Running Out of Time
Date: 2020-03-16
Author: WIRED

Keeping the internet safe may sometimes feel like a game of Whac-A-Mole, reacting to attacks as they arise, then moving on to the next. In reality, though, it’s an ongoing process that involves not just identifying threats but grabbing and retaining control of the infrastructure behind them. For years a small nonprofit called Shadowserver has quietly carried out a surprisingly large portion of that work. But now the organization faces permanent extinction in a matter of weeks.
There’s a pivotal scene in Ghostbusters in which Environmental Protection Agency inspector Walter Peck marches into the group’s headquarters, armed with a cease and desist order. “Shut this off,” Peck tells the utility worker accompanying him. “Shut this all off.” They cut power to the Ghostbusters’ protection grid, and all the ghosts are released. Think of Shadowserver as the internet’s protection grid.
For more than 15 years, Shadowserver has been funded by Cisco as an independent organization. But thanks to budget restructuring, the group now has to go out on its own. Rather than seek a new benefactor, founder Richard Perlotto says the goal is for Shadowserver to become a fully community-funded alliance that doesn’t rely on any one contributor to survive. The group needs to raise $400,000 in the next few weeks to survive the transition, and then it will still need $1.7 million more to make it through 2020—an already Herculean fundraising effort coinciding with a global pandemic. They’ve set up a page for both large corporate donations and smaller individual contributions.

Exploring Various Ways in Which Hackers Are Milking the COVID-19 Scare
Date: 2020-03-13
Author: Cyware

Hackers have a history of sabotaging and manipulating public emergencies for their own gains. Imagine how tempting an epidemic like Coronavirus disease (COVID-19) would be for the crooks. Recently, hackers have run several attack campaigns across various countries, taking advantage of the spread of the disease.

Microsoft releases patches for leaked, wormable ‘SMBGhost’ flaw
Date: 2020-03-13
Author: IT News

Microsoft has rushed out security updates for a remotely exploitable vulnerability in the Windows System Message Block version 3 file sharing protocol that researchers said could be abused to create self-spreading “worms” like the 2017 WannaCry malware.

Adobe Fixes Nine Critical Vulnerabilities in Reader, Acrobat
Date: 2020-03-17
Author: Bleeping Computer

Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution.
Adobe usually releases security updates in conjunction with Microsoft’s Patch Tuesday security updates, but this month nothing was released at that time.

ESB-2020.0975 – Security Bulletin for Adobe Acrobat and Reader | APSB20-13

Security updates for Adobe Acrobat and Adobe Reader for vulnerabilities ranging from information disclosure to arbitrary code execution.

ESB-2020.0942.2 – VMware Security Advisories – VMSA 2020-0005

VMware security updates to address privilege escalation and denial-of-service (DoS) in the VMware Workstation, Fusion, VMware Remote Console and Horizon Client.

Stay safe, stay patched and have a good weekend!