//Week in review - 28 Aug 2020

AusCERT Week in Review for 28th August 2020


Members, this week we informed everyone that we are extending the closing date of the AusCERT Security Bulletins survey (member portal login required) to 5.00pm AEST on Friday 18th September. Every completed survey will go in the draw to win a Nintendo Switch Lite console, valued at AU$299.

As we approach the AusCERT2020 conference, we would like to take this opportunity to remind everyone of our program offerings, speakers list as well as all the interactive activities that will be on offer during the conference.

Registrations for the conference are still open but with very limited spaces remaining so be sure to spread the word amongst your professional network so they don’t miss out. In 2020, all revenue raised through our general admission registration sales will be donated directly to a chosen charity. We will be announcing this charity early next week. We’re very much looking forward to catching up with as many of you as possible in mid-September – albeit virtually!

Until next week, take care and have a great weekend everyone.

ASIC sues financial services company for repeated hacks
Date: None
Author: iTnews

The Australian Securities and Investments Commission today said it has taken RI Advice Group to court for cyber security failings that led to its systems being hacked for months on end, and on multiple occasions. In its notice of filing, the regulator says RI is required to establish and maintain compliance measures, as an Australian financial services licence holder.
The unknown hacker obtained access via an FFG staff account, and spent more than 155 hours logged into the file server that contained senstiive financial information and client identification documents.

MITRE Releases ‘Shield’ Active Defense Framework
Date: None
Author: Dark Reading

MITRE Corp. has released a new guide cataloging measures that organizations can take to actively engage with and counter intruders on their networks.
Like MITRE’s widely used ATT&CK framework, which offers a comprehensive listing of attacker behavior, the federally funded organization’s new Shield is a publicly availably knowledge base, this time of tactics and techniques for proactive defense.

NZ stock exchange suffers outages due to DDoS attacks
Date: None
Author: iTWire

New Zealand’s stock exchange has been hit by a distributed denial of service attack on Wednesday morning which forced the exchange to go offline for about an hour.
The New Zealand Herald reported that the exchange had gone down at 11.24am local time (9.24am AEDT) on Wednesday and resumed operations at 12.20pm.
On Tuesday evening, the exchange could not operate during its last hour, due to a similar reason.
This outage happened as the exchange was approaching a record closing.

Elon Musk confirms Russian hacking plot targeted Tesla factory
Date: None
Author: ZDNet

Earlier this week, US authorities arrested and charged a Russian national for traveling to the US to recruit and convince an employee of a Nevada company to install malware on their employer’s network in exchange for $1 million.
While no court indictment named the targeted company, several news outlets specialized in covering the electric cars scene speculated today that the attack had very likely targeted US carmaker Tesla, which operates a mega-factory in Sparks, a town new Reno, Nevada.
While Tesla had not returned requests for comment on the topic, in a tweet earlier today, Tesla CEO Elon Musk officially confirmed that the hacking plot did, indeed, target his company.

New Zealand bourse crashes for fourth day after cyber attacks
Date: None
Author: iTnews

New Zealand’s stock exchange crashed for a fourth day on Friday, due to network connectivity issues relating to two cyber attacks targeted at the bourse this week, bourse operator NZX said.
There is no clarity on who is behind these “offshore” attacks and why New Zealand was targeted.

ASB-2020.0148 – AusCERT member survey: security bulletins

If you only read one bulletin this week, read this one. Tell us what you want from the service and we’ll enter you in the draw for a Nintendo Switch Lite, which will make you very cool with people in the 8-12yr age bracket.

ESB-2020.2898 – MongoDB: Denial of service – existing account

An authorised user could misuse the function to compare two geographic points.

ESB-2020.2899 – QEMU: Multiple vulnerabilities

Everyone’s favourite free and open-source hardware virtualiser.

Stay safe, stay patched and have a good weekend!

The AusCERT team