//Week in review - 3 Apr 2020

AusCERT Week in Review for 3rd April 2020


We’ve (safely) made it through another week.

For many, if not all of us, mastering remote work is all about finding the right tools to stay productive and connected. As we try to stay connected with colleagues remotely, we think it is also important to remind everyone to keep security front of mind.

We took the opportunity this week to remind folks that it is important to have a proper read through the safety policies of your web conferencing and sharing platform(s) of choice – make sure you’ve set yours up appropriately!

In other news this week, we reached out to a number of AusCERT2019 delegates that were potentially affected by the recent Marriott International data breach incident. In short, if you were personally affected by this breach, you would have received an email from Marriott International by now. For those wanting to find out more, Marriott International has set up a dedicated website here where guests can find more information about this incident.

Lastly, a reminder that we are here for you; it is business as usual for our team, and our member incident hotline continues to operate 24/7 in these extraordinary times. Details can be found on our website by logging in to our member portal.

Zoom Client Leaks Windows Login Credentials to Attackers
Date: 2020-03-31
Author: BleepingComputer

The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link.

Morrison: No anonymous tracking of people to enforce COVID-19 rules
Date: 2020-03-30
Author: iTWire

Australian Prime Minister Scott Morrison says the government would not be looking to use location data to track people anonymously in order to find out if they are following the rules which have been put in place to keep the coronavirus pandemic in check within the country.

New email phishing scam exploits Coronavirus fears
Date: 2020-03-31
Author: iTWire

A new type of email phishing scam has been discovered which warns people that they’ve come into contact with a friend/colleague/family member who has been infected with the coronavirus, according to one global security firm.
According to security awareness training and simulated phishing platform provider KnowBe4, the email instructs people to download a malicious attachment and proceed immediately to the hospital, with the particular “social engineering scheme” appearing to come from a legitimate hospital, “which is why it’s so alarming and could trick even a cautious end user”.

If you’re working from home, you’ve probably used Zoom. The FBI says you should be careful
Date: 2020-04-02
Author: ABCNews

Zoom has had a surge in popularity during the coronavirus pandemic, but some businesses are backing away from the videoconferencing app over concerns about security flaws.
It topped charts worldwide in February and March, according to TechCrunch, after swathes of companies moved their core functions online with workers sent home.
But Elon Musk’s rocket company SpaceX and NASA have both banned employees from using Zoom, with SpaceX citing “significant privacy and security concerns”.
SpaceX’s ban came just days after a warning from the FBI urging users not to make meetings public or share links widely.

Meet ‘Sara’, ‘Sharon’ and ‘Mel’: why people spreading coronavirus anxiety on Twitter might actually be bots
Date: 2020-04-01
Author: The Conversation

Recently Facebook, Reddit, Google, LinkedIn, Microsoft, Twitter and YouTube committed to removing coronavirus-related misinformation from their platforms.
COVID-19 is being described as the first major pandemic of the social media age. In troubling times, social media helps distribute vital knowledge to the masses. Unfortunately, this comes with myriad misinformation, much of which is spread through social media bots.

ESB-2020.1189 – haproxy: Multiple vulnerabilities

Code execution and DOS vulnerability patched in multiple versions of HAProxy.

ESB-2020.1095 – PAN-OS log daemon (logd): Multiple vulnerabilities

Patch for arbitrary code execution and privilege escalation vulnerability in PAN-OS 8.1.

ESB-2020.1096 – PAN-OS CLI: Multiple vulnerabilities

Patch for a shell injection vulnerability in PAN-OS CLI that allows execution of shell commands.

Stay safe, stay patched and have a good weekend!