//Week in review - 2 Oct 2020

AusCERT Week in Review for 02nd October 2020


And just like that, we’ve landed in the final quarter of 2020.

This week we would like to share a couple of initiatives from colleagues in the industry, namely:

· AustCyber and their Australian Cyber Week 2020 range of events which will take place at the end of this month between 26th to 30th October.

· AHECS and their inaugural AHECS Cybersecurity Summit, which is a conference with a focus on the higher education & research, as well as identity management & privacy communities.

We also wanted to bring to your attention a recent alert published by the ACSC (cyber.gov.au) on the topic of an observed resurgence of the Emotet malware campaign. Have a read and please do not hesitate to get in touch with our team should you require any assistance in this area.

For those of you who took the time to complete our AusCERT Security Bulletins survey – thank you! The team is currently working through the feedback you’ve provided and the results will be used to strengthen our delivery of this particular service and will be part of a long-term service improvement project.

Last but not least, don’t forget to complete the 2020 BDO in Australia and AusCERT Cyber Security Survey. This anonymous survey closes at midnight on Friday, 30 October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches.

Until next week, have a wonderful weekend everyone.

Government’s cyber pledge has largely failed to increase awareness
Date: 2020-09-30
Author: CRN Australia

The federal government’s decision to spend $1.6bn boosting Australia’s ability to repel cyber-attacks might have highlighted the risks they pose to the economy, but security partners say that some customers still struggle to understand the scale of the threat and manage it appropriately.
It was a trend that generally became more pronounced as businesses diminished in size, they said. However, even in larger organisations, board level support for company-wide measures to tackle cyber security breaches was still far from universal as cyber leaders continued to grapple with stubborn communication barriers.

Microsoft Netlogon exploitation continues to rise
Date: 2020-10-28
Author: Talos Intelligence

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report.
The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which — among other things — can be used to update computer passwords by forging an authentication token for specific Netlogon functionality.
This flaw allows attackers to impersonate any computer, including the domain controller itself and gain access to domain admin credentials.

Airports, ATMs, hospitals: Microsoft Windows XP leak would be less of an issue, if so many didn’t use it
Date: 2020-10-30
Author: The Conversation

The source code of the Windows XP operating system is now circulating online as a huge 43GB mega-dump.
Although the software is nearly two decades old, it’s still used by people, businesses and organisations around the world. This source code leak leaves it open to being scoured for bugs and weaknesses hackers can exploit.

Microsoft disrupts nation-state hacker op using Azure Cloud service
Date: 2020-10-25
Author: Bleeping Computer

In a report this week, Microsoft said that it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks.
Microsoft refers to the actor by the name Gadolinium and says that it’s been active for about a decade targeting organizations in the maritime and health industry; more recently, the hackers expanded focus to higher education and regional government entities.

WA govt creates first cyber security operations centre
Date: 2020-10-29
Author: ITnews

The WA government has established a cyber security operations centre to coordinate its response to cyber security incidents and improve visability over the network threats facing agencies.
The government launched the centre, complete with eight cyber security personnel, on Tuesday using $1.8 million set aside in next week’s 2020-21 state budget.

Wondering how to tell the world you’ve been hacked? Here’s a handy guide from infosec academics
Date: 2020-10-24
Author: theregister.com

Infosec boffins at the University of Kent have developed a “comprehensive playbook” for companies who, having suffered a computer security breach, want to know how to shrug off the public consequences and pretend everything’s fine.
In a new paper titled “A framework for effective corporate communication after cyber security incidents,” Kent’s Dr Jason Nurse, along with Richard Knight of the University of Warwick, devised a framework for companies figuring out how to publicly respond to data security breaches and similar incidents where servers are hacked and customer records end up in the hands of criminals.

GitHub rolls out new Code Scanning security feature to all users
Date: 2020-10-30
Author: ZDNet

Code-hosting website GitHub is rolling out today a new security feature named Code Scanning for all users, on both paid and free accounts.
GitHub says the new Code Scanning feature “helps prevent vulnerabilities from reaching production by analyzing every pull request, commit, and merge—recognizing vulnerable code as soon as it’s created.”
Once vulnerabilities are detected, Code Scanning works by prompting the developer to revise their code.

ESB-2020.3403 – firefox: Multiple vulnerabilities

Red Hat’s updates include fixes for multiple vulnerabilities in Firefox.

ESB-2020.3360 – NetworkManager: Reduced security – Existing account

An update released for NetworkManager to address a Reduced Security vulnerability.

ESB-2020.3343 – IBM Cloud Private: Multiple vulnerabilities

IBM releases updates to address Kubernetes vulnerabilities.

ASB-2020.0160 – Microsoft Edge (based on Chromium): Multiple vulnerabilities

Microsoft updates its Edge browser to include security fixes from the upstream Chromium project.

Stay safe, stay patched and have a good weekend!

The AusCERT team