//Week in review - 30 Oct 2020

AusCERT Week in Review for 30th October 2020


This week, our team enjoyed participating in the range of initiatives that took place for AU CyberWeek2020, well done to colleagues from AustCyber for their wonderful work in pulling this event off.

Next week sees us supporting the Inaugural AHECS Cybersecurity Summit “Bridging the Gap”. Coby Prior, our infrastructure Engineer Lead will be presenting on the topic of Honeypots of Threat Intelligence. We look forward to connecting with you at this Summit.

Keep an eye out for the launch of our AusCERT2021 Call for Papers initiative by following AusCERT on social media Twitter, LinkedIn and Facebook. Do YOU or someone YOU KNOW have a great story to tell? We would like to hear it! At AusCERT2021, we want to see you dusting off your playbooks: Security, Orchestration, Automation, and Response will see us SOARing with cyber.

Last but not least, don’t forget to complete the 2020 BDO in Australia and AusCERT Cyber Security Survey by COB today! Do not miss your chance to gain insight into the maturity of your organisation’s cyber security approach. This annual survey will allow you to benchmark your organisation’s current cyber security efforts with industry trends and determine ways to improve its cyber security culture, planning and response measures.

Until next week, have a wonderful weekend everyone. Don’t dose up on too much Halloween sugar and Queenslanders – enjoy the state election weekend and last but not least, congratulations again to our friends in Melbourne and the wider Victorian region for their tremendous effort in tackling the Covid curve!

Emotet malware now wants you to upgrade Microsoft Word
Date: 2020-10-24
Author: Bleeping Computer

Emotet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature.
Emotet is a malware infection that spreads through emails containing Word documents with malicious macros. When opening these documents, their contents will try to trick the user into enabling macros so that the Emotet malware will be downloaded and installed on the computer

Attackers finding new ways to exploit and bypass Office 365 defenses
Date: 2020-10-26
Author: Help Net Security

Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways (SEGs), an Area 1 Security study reveals.
Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise to evade traditional email defenses, which are based on already-known threats.
Attackers also often use Microsoft’s own tools and branding to bypass legacy defenses and email authentication (DMARC, SPF, DKIM).

Business Email Compromise
Date: 2020-10-27
Author: ACSC (cyber.gov.au)

[Members, feel free to reach out via our 24/7 Incident Hotline for any BEC related assistance]
The Australian Cyber Security Centre (ACSC) has released a new publication – Protecting Against Business Email Compromise (BEC) – to help Australians defend against these deceptive and expensive scams.

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo
Date: 2020-10-28
Author: Krebs on Security

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.

Massive Nitro data breach impacts Microsoft, Google, Apple, more
Date: 2020-10-26
Author: Bleeping Computer

A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.
Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents.

ESB-2020.3750 – Junos OS: Multiple vulnerabilities

Appliances running Junos OS affected by serious Administrator Compromise and Cross-site Scripting vulnerabilities.

ESB-2020.3709 – python-django: Multiple vulnerabilities

Contained multiple vulnerabilities which would grant attackers abilities to modify arbitrary files, cause denial of service and access confidential data.

ESB-2020.3701 – thunderbird: Multiple vulnerabilities

Thunderbird hosted multiple vulnerabilities including remote code execution and denial of service.

ESB-2020.3669 – linux kernel: Multiple vulnerabilities

World-wide user of the Linux kernel were affected by multiple vulnerabilities including Root Compromise.

ESB-2020.3662 – ALERT phpmyadmin: Multiple vulnerabilities

Popula phpmyadmin contained remote code execution, cross-site scripting and confidential data access vulnerabilities.

Stay safe, stay patched and have a good weekend!

The AusCERT team