//Week in review - 29 May 2020

AusCERT Week in Review for 29th May 2020


This week, we participated in the launch of National Reconciliation Week 2020 virtually by sharing an Acknowledgement of Country on our various social media platforms. To find out more about this initiative and to get involved for the remainder of the week, please visit the following page shared by the folks at Reconciliation Australia.

In other news, we announced an upcoming joint webinar session on the topic of “An Integrated Approach to Embedding Security into DevOps” with the team from Checkmarx. This webinar will take place on Wednesday 10 June, for further details and to register, please click here. We hope you can join us.

Last but not least, we’re pleased to announce that the program details of our Virtual AusCERT2020 conference will be launched next week. Most of you will recall that the 2nd to 5th of June were the original dates for our annual conference. Although we are not convening on the Gold Coast this year, we look forward to catching up with as many of you as possible virtually in September!

Until next time, we hope everyone enjoys a safe and restful weekend.

eBay port scans visitors’ computers for remote access programs
Date: 2020-05-24
Author: Bleeping Computer

When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications.
Over the weekend, Jack Rhysider of DarkNetDiaries discovered that when visiting eBay.com, the site performed a port scan of his computer for 14 different ports.
Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more.

Bots hit up Australian Red Cross 900 times for bushfire donations
Date: 2020-05-26
Author: iTnews

The Australian Red Cross is being targeted by bots that have so far made almost 900 fraudulent applications for financial assistance from a $216 million bushfire relief fund.
Australian programs director Noel Clement told the Royal Commission into National Natural Disaster Arrangements on Tuesday that his organisation had seen “very significant cyber activity from the outset”.
The Australian Red Cross raised a total of $216 million in donations for the victims of devastating bushfires over the summer of 2019-20, of which $83 million has so far been distributed.

GitLab Hacks Own Remote-Working Staff In Phishing Test
Date: 2020-05-25
Author: Silicon UK

Company finds 20 percent of its all-remote staff responds to phishing message by exposing user credentials, raising fears about the work-from-home future
Software development tools start-up GitLab has carried out a targeted phishing campaign on its own remote-working staff, finding that one-fifth of those targeted exposed their corporate login credentials.
The study comes at a time when more employees are working from home during coronavirus shutdowns around the world.

Shadowserver, an Internet Guardian, Finds a Lifeline
Date: 2020-05-27
Author: WIRED

The internet security group Shadowserver has a vital behind-the-scenes role; it identifies online attacks and wrests control of the infrastructure behind them. In March, it learned that longtime corporate sponsor Cisco was ending its support. With just weeks to raise hundreds of thousands of dollars to move its data center out of Cisco’s facility—not to mention an additional $1.7 million to make it through the year—the organization was at real risk of extinction. Ten weeks later, Shadowserver has come a long way toward securing its financial future.
On Wednesday, the IT security company Trend Micro will commit $600,000 to Shadowserver over three years, providing an important backbone to the organization’s fundraising efforts. The nonprofit Internet Society is also announcing a one-time donation of $400,000 to the organization. Combined with other funding that’s come in, these large contributions make it possible for the the group to continue in a more sustainable way without becoming dependent on a single funder again. It also keeps the internet at large that much safer.

Apple responds to false Facebook claims about contact tracing update in iOS 13.5
Date: 2020-05-27
Author: iMore

Hysterical myths regarding Apple’s exposure notification have started appearing on Facebook.
Some users have taken to sharing screenshots of iOS 13.5, warning friends that it will automatically allow authorities to track their locations and who they meet.
The posts have been fact-checked by Facebook, and Apple has released a response to Reuters.

ESB-2020.1884 – [ALERT] Cisco CML and VIRL-PE: Multiple vulnerabilities

A patch for RCE and authentication bypass vulnerabilities has been released and marked as critical by Cisco. This includes a ‘perfect’ 10.0 CVSSv3 score, which is the maximum possible.

ESB-2020.1859 – macOS Catalina, Mojave & High Sierra: Multiple vulnerabilities

Apple update fixes 45 macOS vulnerabilities, including a root compromise from the PackageKit component.

ESB-2020.1855 – iOS and iPadOS: Multiple vulnerabilities

A similar number of vulnerabilities were patched in iOS and ipadOS, with similar impacts. Reports online indicate that even the latest version is susceptible to a jailbreak by Unc0ver.

Stay safe, stay patched and have a good weekend!