//Week in review - 17 Apr 2020

AusCERT Week in Review for 17th April 2020


Hoping everyone’s come off the sugar rush that was the Easter long weekend!

This week, we announced that our member newsletter; circulated every other month – will now be called The Feed. We think this better reflects our mission, readers and the content we share. The April 2020 edition was sent in the mail yesterday (Thursday 16.04) so be sure to check your inbox to stay up-to-date with the on goings at AusCERT.

In other news this week, we’ve published a snapshot of our services stats for Quarter 1 2020. To find this information, please visit the Blogs & Publications section of our website. This report provides an overview of the cyber security incidents reported by members, from 1 January – 31 March 2020.

Last but not least, a final reminder that on Monday 20th April 2020, members will be able to manage all relevant email addresses that are linked to your organisation’s bulletins subscription through our member portal. Affected members have been emailed directly. Feel free to reach out to us should you require further assistance or clarification regarding this change.

Stay well (and thank you for staying home), until next time.

Microsoft April 2020 Patch Tuesday comes with fixes for three zero-days
Date: 2020-04-14
Author: ZDNet

[Please refer to the following AusCERT Security Bulletins for more information: ASB-2020.0077 to 86]
Microsoft has published today its monthly roll-up of security updates known as Patch Tuesday.
This month’s updates are a bulky release. The OS maker has made available patches today for 113 vulnerabilities across 11 products, including three zero-day bugs that were being actively exploited in the wild.
As always, details remain scant for the time being. Details about zero-day attacks are usually kept under wraps for days or weeks, to give users time to patch and prevent attackers from developing proof-of-concept code.

When corporate communications smell phishy: Why customers don’t trust your emails
Date: 2020-04-08
Author: The Daily Swig

We are constantly urged to stay vigilant to spam and malicious emails. Threat actors’ increasingly sophisticated tactics and mimicry of organizations poses a serious problem for businesses attempting to engage with their customers without appearing to be scammers.
However, some of the tactics employed by phishers are also used by genuine companies to promote consumer engagement or simply within the workplace between teams, which can lead to confusion and legitimate emails being reported as fraudulent.

Coronavirus tracing tech policy ‘more significant’ than the war on encryption
Date: 2020-04-15
Author: ZDNet

COVID-19 apps that track individuals’ movements and report them to a government server? What could possibly go wrong? Digital rights activists are starting to push back.
Tech-savvy individuals and firms have been eager to apply their skills to the coronavirus pandemic, as they should be. Some of them are working with governments who have flexed their “special powers” and public health muscles, as governments should do.
Much of this tech effort, from all sides, has been put into contact tracing, which aims to find out who might have been exposed to the virus from an infectious person.

ASB-2020.0082 – Microsoft Patch Tuesday update for Windows for April 2020

Microsoft’s Patch Tuesday included updates to resolve 66 vulnerabilities from Windows products.

ASB-2020.0076 – Oracle CPU April 2020 for Java SE

Oracle Java SE had a critical patch update with 15 new security patches made available.

Stay safe, stay patched and have a good weekend!