AusCERT Week in Review for 5th June 2020

AusCERT Week in Review for 5th June 2020

Greetings,

This week, we are pleased to announce that the program details of our Virtual AusCERT2020 conference has been launched.

Details on this can be found here. Members, don’t forget to use your member tokens by Monday 3 August for free access to our conference registration. Please note that registrations for our tutorial sessions will open shortly and AusCERT members will have priority access.

Questions? We’ve addressed a few of these on our conference site here. Members who are on Slack are most welcome to send us your queries on that platform. Didn’t quite find what you were after? Drop us a line.

Although we are not convening on the Gold Coast this year, we look forward to catching up with as many of you as possible virtually in September.

In other news, don’t forget to come along to our joint webinar session on the topic of “An Integrated Approach to Embedding Security into DevOps” with the team from Checkmarx. This webinar will take place on Wednesday 10 June, for further details and to register, please click here. We hope you can join us.

And last but not least, we shared the June update of the Australian Government Information Security Manual which helps organisations manage their cyber security risks on our Twitter channel but here it is for reference.

Until next time, we hope everyone enjoys a safe and restful weekend.

VMware Cloud Director flaw lets hackers take over virtual datacenters
Date: 2020-06-02
Author: Bleeping Computer

[Refer to AusCERT Bulletin ESB-2020.1769]
Organizations offering trial accounts for versions of VMware Cloud Director lower than 10.1.0 risk exposing private clouds on their virtualized infrastructure to complete takeover attacks from a threat actor.
A code injection vulnerability exists in VMware Cloud Director (vCloud Director) 10.0.0.2, 9.7.0.5, 9.5.0.6, and 9.1.0.4 that may lead to remote code execution, VMware says in its security advisory.
Cloud Director software allows cloud-service providers around the world to deploy, automate, and manage virtual infrastructure resources in a cloud environment.

Office 365 to give detailed info on malicious email attachments
Date: 2020-05-31
Author: Bleeping Computer

Microsoft will provide Office 365 Advanced Threat Protection (ATP) users with more details on malware samples and malicious URLs discovered following detonation.
“We’re working to reveal more of the details that led to a malicious verdict when URLs or files are detonated in Office 365 ATP,” the new feature’s Microsoft 365 roadmap entry reads.
“In addition to the detonation chain (the series of detonations that were necessary to reach a verdict for this entity), we’ll also share a detonation summary, with details such as detonation time range, verdict of the file or URL, related entities (other entities called or used during the detonation), screenshots, and more.”

Apple pushes fix across ALL devices for “unc0ver” jailbreak flaw
Date: 2020-06-02
Author: Bleeping Computer

These past few days have been quite busy for Apple on the security front.
As reported by BleepingComputer, the company recently patched a critical flaw in its “Sign in with Apple” service. What follows now is a mega update across all its major operating systems and devices.
Last year we provided details on the Sock Puppet jailbreak exploit that targeted the use-after-free kernel vulnerability, CVE-2019-8605.
Yesterday, Apple pushed an update across all its OSes to fix the “unc0ver” jailbreak flaw, tracked as CVE-2020-9859 (note: a MITRE/NVD entry has not yet been published for this CVE).
Rooting, colloquially known as ‘jailbreaking,’ refers to the concept of obtaining root access to a device that lets oneself install third-party apps and tweaks which would otherwise be restricted by the official app store and manufacturer policies.
Loopholes like unc0ver allow someone to “break out of this jail” and, therefore, the moniker.
Because the flaw impacted all previous versions of iOS, including 13.5, users are encouraged to update to iOS 13.5.1 and iPadOS 13.5.1 immediately. Of course, that also means the jailbreak functionality that lets users install custom tweaks and apps would be gone.

MyBudget hackers threaten on dark web to release data stolen during cyberattack
Date: 2020-06-03
Author: ABC News

Cybercriminals are threatening to publish data they claim to have stolen from financial management group MyBudget online, an internet security expert has warned.
The Adelaide-based company was hit with a ransomware attack early last month that left 13,000 customers in financial limbo for two weeks.
Thousands of customers took to social media to vent their frustration at the outage and also their concerns about the security of their data.

Google Faces $5B Lawsuit for Tracking Users in Incognito Mode
Date: 2020-06-03
Author: Dark Reading

A proposed class-action lawsuit accuses Google of collecting browser data from people who used “private” mode. A proposed class-action lawsuit filed earlier this week accuses Google of violating users’ privacy by collecting their data while they searched the Web in “incognito mode,” or private browsing.
The lawsuit seeks at least $5 billion, Reuters reports. A complaint filed in federal court alleges Google collects data via Google Analytics and Google Ad Manager, along with other applications and plug-ins, to learn more about where people browse and what they view on the Web. This data collection occurs whether or not someone clicks a Google-supported ad, the report notes.

ESB-2020.1935 – Cisco IOS Software for Cisco Industrial Routers: Multiple vulnerabilities

Multiple advisories were released by Cisco. The most major of which was marked as critical and affected multiple Cisco routers. If exploited this vulnerability could result in a complete system compromise.

ESB-2020.1909 – iOS & iPadOS: Execute arbitrary code/commands – Unknown/unspecified

Apple has released iOS and ipadOS version 13.5.1. Installing this update patches the vulnerability exploited by the “unc0ver” jailbreak and also patches a potential RCE vulnerability.

Stay safe, stay patched and have a good weekend!

Sean