//Week in review - 7 Aug 2020

AusCERT Week in Review for 7th August 2020


This week we wanted to highlight the blog we’ve written on the topic of the ProctorU breach. Key takeaways include: members are encouraged to assess it in the context of their own organisation, this breach mainly affects educational institutions who used ProctorU (prior to approximately Q3 of 2016) and AusCERT has notified affected members through their normal incident email alias.

Thank you to those who attended our Malicious URL Feed and Security Bulletins webinars. To catch up on the content we’d presented for these, drop by our YouTube channel.

A reminder that in lieu of the various member meet-ups we have been unable to host this year, our team will instead be hosting a series of webinars featuring our range of services and focusing on how to maximise the utilisation of these within our membership group. Our last session pre AusCERT2020 is detailed below:

• 19th August – Phishing Takedowns (register HERE)

Last but not least, further to the Prime Minister’s press conference with Home Affairs Minister Peter Dutton yesterday, we wanted to share the official launch details of Australia’s 2020 Cyber Security Strategy. The Strategy outlines Australia’s approach to protecting Australians from growing cyber threats and has committed an investment of $1.67 billion over 10 years to achieve this vision. We hope you find this document a useful resource.

Until next week, take care and have a restful weekend everyone.

Australia’s Cyber Security Strategy 2020
Date: 2020-08-06
Author: Australian Department of Home Affairs

The Australian Government has today launched Australia’s Cyber Security Strategy 2020.
The Strategy outlines Australia’s approach to keeping families, vulnerable Australians, critical infrastructure providers and business secure online.
It is a strategy for all Australians and Australian businesses. Security is a whole-of-community effort, in which we all have a role to play.
The Strategy will invest $1.67 billion to build new cyber security and law enforcement capabilities, assist industry to protect themselves and raise the community’s understanding of how to be secure online. This includes the $1.35 billion Cyber Enhanced Situational Awareness and Response (CESAR) package.
We encourage all Australians to read the Cyber Security Strategy 2020 and play your part in creating a more secure online world.

INTERPOL report shows alarming rate of cyberattacks during COVID-19
Date: 2020-08-04

An INTERPOL assessment of the impact of COVID-19 on cybercrime has shown a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure.
With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.
In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners.

Hacker leaks passwords for 900+ enterprise VPN servers
Date: 2020-08-04
Author: ZDNet

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.
ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community.
According to a review, the list includes:
IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password hashes Admin account details Last VPN logins (including usernames and cleartext passwords) VPN session cookies

Phishing campaigns, from first to last victim, take 21h on average
Date: 2020-08-01
Author: ZDNet

A mixed team of security researchers from Google, PayPal, Samsung, and Arizona State University has spent an entire year analyzing the phishing landscape and how users interact with phishing pages.
In a mammoth project that involved analyzing 22,553,707 user visits to 404,628 phishing pages, the research team has been able to gather some of the deepest insights into how phishing campaigns work.
“We find that the average phishing attack spans 21 hours between the first and last victim visit, and that the detection of each attack by anti-phishing entities occurs on average nine hours after the first victim visit,” the research team wrote in a report they are scheduled to present at the USENIX security conference this month.

ESB-2020.2699 – Cisco Identity Services Engine: Access confidential data – Existing account

There was a large batch of Cisco bulletins released this week.

ESB-2020.2679 – GRUB2: Multiple vulnerabilities

Further grub2 patches were released by many linux distros, including fixes for regressions.

ESB-2020.2661 – Android: Multiple vulnerabilities

Android patches released.

ESB-2020.2672 – Whoopsie: Multiple vulnerabilities

Isn’t that just a great product name!

Stay safe, stay patched and have a good weekend!

The AusCERT team