//Week in review - 22 May 2020

AusCERT Week in Review for 22nd May 2020


This week, we shared a couple of important and useful advisories with members.

Namely, the joint statement from DFAT and the ACSC regarding Unacceptable malicious cyber activity by cyber actors who are seeking to exploit the pandemic for their own gain as well as the Toolkit for Universities by eSafety and Universities Australia. This toolkit contains some useful resources that assists universities and their communities have tools to help keep safe online.

We are pleased to announce an upcoming joint webinar session on the topic of “An Integrated Approach to Embedding Security into DevOps” with the team from Checkmarx. This webinar will take place on Wednesday 10 June – save the date and invitations will be sent out shortly. We hope you can join us.

Last but not least, we shared news of our revised Virtual AusCERT2020 sponsorship prospectus with various stakeholders last week. Feel free to reach out to us via conference@auscert.org.au for more information on our various options to get involved as a conference sponsor!

Until next time, we hope everyone enjoys a lovely and restful weekend.

Norway’s Wealth Fund Loses $10m in Data Breach
Date: 2020-05-16
Author: Infosecurity Magazine

Norway’s state-owned investment fund Norfund has halted all payments after losing $10m in an “advanced data breach.”
On May 13, Norfund announced that it was “cooperating closely with the police and other relevant authorities” after “a series of events” allowed fraudsters to make off with $10m.
The fund said that a data breach allowed defrauders to access information concerning a loan of US$10m from Norfund to a microfinance institution in Cambodia.
Using a mixture of manipulated data and falsified information, the fraudsters managed to impersonate the borrowing institution and divert funds away from the genuine recipient and into their own pockets.

My Health Record system hit by hack attempt
Date: 2020-05-19
Author: iTnews

The My Health Record system was the subject of an attempted hack over the past 11 months, the Australian Digital Health Agency has revealed.
National health chief information officer Ronan O’Connor told a parliamentary inquiry into cyber resilience the cyber incident was one of two “potential data breaches” to occur since July 2019.

Nefilim ransomware gang leaks Toll documents on dark web
Date: 2020-05-20
Author: iTWire

The attackers behind an ongoing ransomware attack on Australian logistics and transport provider Toll Holdings has released some documents which it claims to have exfiltrated from the company when it staged the attack.
News of the attack, the second this year, was announced by Toll on 5 May, with the company saying at the time that it had shut down some of its systems as a precaution.
The documents released on Wednesday on the dark web include statements about company financials in plain text and a zipped file. This indicates that the ransom demand by the group has not been met by Toll. The attackers claim to have more than 200GB of company data.

ESB-2020.1785 – Wireshark: Denial of service

The Wireshark maintainers will be diligently patching minor crashes on crafted network traffic until after the sun burns out. I applaud their dedication to making the most resilient security tool possible.

ESB-2020.1781 – IBM Security Access Manager – Unauthorised access

A user-manipulable claim wasn’t validated properly, so users could forge additional access.

ESB-2020.1762 – Dovecot: Multiple vulnerabilities

Possible RCE and confirmed DoS in the popular Dovecot email server.

ESB-2020.1754 – OpenConnect: Denial of service

It’s a good time of year to be patching VPN clients, with the increased work from home arrangements.

Stay safe, stay patched and have a good weekend!

David & Vishaka