//Week in review - 3 Jul 2020

AusCERT Week in Review for 03rd July 2020


This week we welcomed the announcement of a record $1.35 billion investment in cyber security by the Australian Government. Hopefully this funding package will mean more Australian organisations can identify the ever-present cyber threats and protect themselves against these challenges. As always, AusCERT is supportive of both the ASD and ACSC in their vital work within this industry and hope to leverage their expertise in our mission to help members prevent, detect, respond to and mitigate cyber-based attacks.

Following the discovery of the Palo Alto vulnerability, we wanted to take this opportunity to remind members to update us with all relevant domains and IP ranges – via our member portal – that you want to receive alerts for. In this particular instance, affected members were contacted directly with a tailored email and it would have been a shame to be left off this list.

And last but not least, a reminder that tutorial and workshop registrations for Virtual AusCERT2020 is now open and priority access will be granted to all AusCERT members. Spots are filling up fast so be sure to get in quick!

Until next week, wishing everyone a restful weekend, especially the parents amongst us who are in the midst of or about to start their school holiday breaks. …

Inside the hacking attacks bombarding Australia
Date: 2020-06-29
Author: ABC News

Who are these people? Who is directing them? What are they after? And most important of all — how can they be stopped?
Questions like these have been asked more urgently since Scott Morrison announced that a “sophisticated state-based cyber actor” had launched attacks earlier this month on “all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure”.
Craig Valli, who left a teaching career 20 years ago for academia and is now Professor of Digital Forensics at Perth’s Edith Cowan University, has many of the answers.
It is a complex world that he explains with the sort of patience and relatability learnt from time corralling kids in a classroom.

Microsoft releases urgent security updates for Windows 10 Codecs bugs
Date: 2020-07-30
Author: Bleeping Computer

[Refer to AusCERT Bulletin ASB-2020.0117, which is member-only content.]
Microsoft has released two out-of-band security updates to address remote code execution security vulnerabilities affecting the Microsoft Windows Codecs Library on several Windows 10 and Windows Server versions.
The two vulnerabilities are tracked as CVE-2020-1425 and CVE-2020-1457, the first one being rated as critical while the second received an important severity rating.
Both desktop and server platforms affected.
In both cases, the remote code execution issue is caused by the way that Microsoft Windows Codecs Library handles objects in memory.

Beware “secure DNS” scam targeting website owners and bloggers
Date: 2020-06-29
Author: Naked Security

If you run a website or a blog, watch out for emails promising “DNSSEC upgrades” – these scammers are after your whole site.

The psychology of social engineering—the “soft” side of cybercrime
Date: 2020-07-30
Author: Microsoft Security Blog

Forty-eight percent of people will exchange their password for a piece of chocolate, 91 percent of cyberattacks begin with a simple phish, and two out of three people have experienced a tech support scam in the past 12 months.
What do all of these have in common? They make use of social engineering: when an attacker preys on our human nature in order to defraud. Also in common, these small, very human actions have led to billions of dollars of loss to global business.

Over 82,000 Aussies’ details leaked in crypto scam
Date: 2020-07-01
Author: ITNews

Personal details of tens of thousands of Australians who fell for a fraudulent cryptocurrency investment scheme that used fake media sites and celebrity endorsements have been leaked onto the web.
Singaporean security vendor Group-IB discovered 248,926 sets of personally identifable information, of which 82,263 records were from Australian users, leaked by an unknown party.
Details leaked include names, email addresses and phone numbers.

ESB-2020.2239 – misp: Multiple vulnerabilities

A new version of MISP released with a significant refactoring of the STIX import/export along with many improvements.

ESB-2020.2234 – chromium-browser: Multiple vulnerabilities

An important update for Chromium has been released that fixes a bug in Use After Free in extensions.

ESB-2020.2208 – McAfee Enterprise Appliance : Multiple vulnerabilities

McAfee Security Bulletin – Enterprise Appliance updates address two vulnerabilities

ESB-2020.2271 – Cisco Systems: Multiple Vulnerabilities

Cisco has released software updates that address Cisco Small Business RV042 and RV042G Routers Cross-Site Scripting Vulnerability

Stay safe, stay patched and have a good weekend!