//Week in review - 1 Oct 2020

AusCERT Week in Review for 25th September 2020


We hope everyone’s been enjoying the Spring weather we’ve had recently!

For those of you who attended our AusCERT2020 conference last week, you can revisit the conference’s key learnings by re-watching the presentations on-demand on our now LIVE website. Please keep an eye out for an email that was sent earlier today with the specific details on how to access this resource page.

A common theme throughout last week was just how much delegates enjoyed the ability to remain connected with their network of industry peers despite the circumstances this year. We hope you enjoyed your conference experience and we look forward to having you join us again at AusCERT2021.

Last but not least, it’s that time of the year again folks – the 2020 BDO in Australia and AusCERT Cyber Security Survey is now open. This annual survey of key decision-makers across Australia and New Zealand, identifies the current cybersecurity trends, issues and threats facing organisations.

We would like to encourage as many of you as possible to take part now. This anonymous survey closes at midnight on Friday, 30 October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches.

Until next week, have a restful weekend everyone.

Microsoft: Hackers using Zerologon exploits in attacks, patch now!
Date: 2020-09-23
Author: BleepingComputer

[Please refer to AusCERT Bulletin ASB-2020.0140, member portal login required]
Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates.

Researchers say not to use myGovID until login flaw is fixed
Date: 2020-09-21
Author: iTnews

ATO declines to change protocol.
Two security researchers are warning Australians not to use myGovID as they say the login system contains an implementation flaw that could lead to attackers gaining full access to their accounts.
Masters student Ben Frengley and adjunct professor Vanessa Teague created a threat scenario in which an attacker sets up sites that they control and asks users to log into them with myGovID.
In the scenario, the attacker captures the email address of the user and then immediately uses it to try to log into an official government portal.
The official portal displays a 4-digit PIN that the attacker then relays back to the user via the controlled site.

Popular password manager could have a critical vulnerability
Date: 2020-09-22
Author: TechRadar

A security researcher has discovered a new vulnerability in a popular password manager that could allow for remote code execution.
The password manager in question is Bitwarden and the vulnerability resides in the company’s desktop app which automatically downloads updates and replaces its own code with these updates without user intervention.

Australians want more control over privacy, survey shows
Date: 2020-09-24
Author: Office of the Australian Information Commissioner (OAIC)

Privacy is a major concern for 70% of Australians while 87% want more control and choice over the collection and use of their personal information, a new study shows.
The Australian Community Attitudes to Privacy Survey (ACAPS) 2020 released today provides a comprehensive view of beliefs and concerns about the protection of personal information.
“Our survey shows data privacy is a significant concern for Australians, particularly as the digital environment and data practices evolve rapidly. The community sees identity theft and fraud, and data breaches and security, as the biggest privacy risks we face today.”

Phishing awareness training wears off after a few months
Date: 2020-09-21
Author: ZDNet

Security and phishing awareness programs wear off in time, and employees need to be re-trained after around six months, according to a paper presented at the USENIX SOUPS security conference last month.
The purpose of the paper was to analyze the effectiveness of phishing training in time.
Taking advantage of the fact that organizations in the German public administration sector must go through mandatory phishing awareness training programs, academics from several German universities surveyed 409 of 2,200 employees of the State Office for Geoinformation and State Survey (SOGSS).

ESB-2020.3307 – Apple: Multiple vulnerabilities

Apple releases updates for macOS Catalina, High Sierra and Mojave

ESB-2020.3233 – Google Chrome: Multiple vulnerabilities

Updates released to address the multiple vulnerabilities in Google Chrome

ESB-2020.3226 – MISP: Multiple vulnerabilities

A new version of MISP released with several bugs fixed

ESB-2020.3188 – Samba: Multiple vulnerabilities

An update has been released to fix multiple vulnerabilities in Netlogon protocol

Stay safe, stay patched and have a good weekend!

The AusCERT team