//Week in review - 16 Oct 2020

AusCERT Week in Review for 16th October 2020


This week, our Senior Manager Mike Holm joined a number of panel members from Baidam Solutions Pty Ltd and Vectra AI to discuss the topic of “Network Detection and Response”. This event was held in conjunction with the annual Australian Indigenous Business Month. A recording of this thought-leadership panel discussion can be found here.

For those of you who missed out on attending AusCERT2020, good news – content from the conference can now be found on the AusCERT YouTube channel. Look out for the “AusCERT2020” playlist to browse through all the presentations we’ve uploaded on there for your viewing pleasure. In addition to this, we’ve also published a couple of blog articles from the winners of our annual awards at the conference. These can be found here, with more to come in the following weeks!

Members, keep an eye out for a copy of our October edition of the AusCERT membership newsletter aka “The Feed”, landing in your inbox early next week. We will be sharing a bumper edition which will also contain a copy of our Q3 2020 report.

Last but not least, don’t forget to complete the 2020 BDO in Australia and AusCERT Cyber Security Survey. This anonymous survey closes at midnight on Friday, 30th October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches.

Until next week, have a wonderful weekend everyone. …

Microsoft October 2020 Patch Tuesday fixes 87 vulnerabilities
Date: 2020-10-13
Author: ZDNet

[Please refer to AusCERT bulletin ASB-2020.0161, member portal login required]
Microsoft has released today its monthly batch of security updates known as Patch Tuesday, and this month the OS maker has patched 87 vulnerabilities across a wide range of Microsoft products.
By far, the most dangerous bug patched this month is CVE-2020-16898. Described as a remote code execution (RCE) vulnerability in the Windows TCP/IP stack, this bug can allow attackers to take over Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer via a network connection.

Microsoft and others orchestrate takedown of TrickBot botnet
Date: 2020-10-12
Author: ZDNet

A coalition of tech companies has announced today a coordinated effort to take down the backend infrastructure of the TrickBot malware botnet.
Companies and organizations which participated in the takedown included Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec.

Iranian hackers restart attacks on universities as the new school year begins
Date: 2020-10-14
Author: ZDNet

A group of Iranian hackers with a history of attacking academic institutions have come back to life to launch a new series of phishing campaigns, security firm Malwarebytes said today.
The new attacks were timed to coincide with the start of the new academic years when both students and university staff were expected to be active on university portals.
The attacks consisted of emails sent to victims. Known as “phishing emails,” they contained links to a website posing as the university portal or an associated app, such as the university library.
The websites were hosted on sites with lookalike domains, but in reality, collected the victim’s login credentials.

The most common malicious email attachments infecting Windows
Date: 2020-10-11
Author: Bleeping Computer

To stay safe online, everyone needs to recognize malicious attachments that are commonly used in phishing emails to distribute malware.
When distributing malware, threat actors create spam campaigns that pretend to be invoices, invites, payment information, shipping information, eFaxes, voicemails, and more. Included in these emails are malicious Word and Excel attachments, or links to them, that when opened and macros are enabled, will install malware on a computer.

Malware gangs love open source offensive hacking tools
Date: 2020-10-13
Author: ZDNet

In the cyber-security field, the term OST refers to software apps, libraries, and exploits that possess offensive hacking capabilities and have been released as either free downloads or under an open source license.
OST projects are usually released to provide a proof-of-concept exploit for a new vulnerability, to demonstrate a new (or old) hacking technique, or as penetration testing utilities shared with the community. Today, OST is one of the most (if not the most) controversial topics in the information security (infosec) community.

ASB-2020.0161 – ALERT Windows: Multiple vulnerabilities

Microsoft’s Patch Tuesday included fixes for multiple vulnerabilities

ASB-2020.0167 – Microsoft Dynamics 365 (on-premises): Multiple vulnerabilities

October 2020 patch by Microsoft resolves 3 vulnerabilities in Microsoft Dynamics 365 (on-premises)

ESB-2020.3511 – Adobe Flash Player: Multiple vulnerabilities

Adobe Flash Player updates for Windows, macOS, Linux and Chrome OS address a critical vulnerability in Adobe Flash Player

ESB-2020.3531 – chromium-browser: Multiple vulnerabilities

Update for chromium-browser fixes multiple vulnerabilities

Stay safe, stay patched and have a good weekend!

The AusCERT team