//Week in review - 6 Nov 2020

AusCERT Week in Review for 6th November 2020


This week, our team enjoyed participating in the Inaugural AHECS Cybersecurity Summit “Bridging the Gap”. Well done to all partners involved: AARNet, Australian Access Federation (AAF), REANNZ and especially to the team from CAUDIT. Several great takeaways from the presentations delivered over the 2.5 days which focussed on the various cybersecurity threats and safeguard measurements we should be adopting in order to protect the reputation of Australasia’s universities.

We also sat down with Sean, an analyst in our team, to put together a case study on AusCERT’s Incident Management service; one that is integral to our organisation as a CERT. Coincidentally, this week marks our 24th anniversary as part of FIRST, very proud of our rich history as a CERT!

Next week will see us celebrating NAIDOC Week 2020 with friends from Baidam Solutions. We are pleased to invite you to an online screening of the film “In My Blood It Runs” on Thursday 12 November. This film is an observational feature documentary following 10-yr-old Arrernte Aboriginal boy Dujuan as he grows up Alice Springs, Australia. Preceding this screening will be a 20-minute panel discussion. For further details and to RSVP, please visit our website here.

Last but not least, we must apologise – due to unforeseen circumstances, we have had to delay the launch of our AusCERT2021 Call for Papers initiative. We’re confident this will be announced early next week though. So please keep an eye out for details on this launch on our communication channels.

Until next week, have a wonderful weekend everyone.

UK cyber-threat agency confronts Covid-19 attacks
Date: 2020-11-03
Author: BBC News

[The NCSC Annual Review 2020 was released on 03 Nov; to find out more, please refer to their website directly.]
More than a quarter of the incidents which the UK’s National Cyber Security Centre (NCSC) responded to were Covid-related, according to its latest annual report.
The review covers the period from September 2019 to August 2020, so the pandemic occupied an even higher proportion of the agency’s efforts after the first lockdown began.
In total there were 723 incidents of all kinds, marking close to a 10% rise on the previous period.
Of those, 194 were Covid-related.

Sustained targeting of the health sector
Date: 2020-10-30
Author: ACSC (cyber.gov.au)

[Further resources can also be found on the AusCERT LinkedIn page]
The Australian Signals Directorate’s Australian Cyber Security Centre has identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector. We continue to see activity against the health sector similar to the increase of identified Emotet activity in Advisory 2020-17: Resumption of Emotet malware campaign.
This type of campaign is not limited to Australia, with the United States of America Cybersecurity and Infrastructure Security Agency (CISA) recently issuing a cyber security alert. This alert identifies a campaign, with Emotet and TrickBot being used to further deploy Conti or Ryuk ransomware variants. The alert also provides detection and mitigation advice.
While this campaign is targeted at the health sector, the ACSC recommends that all Australian organisations read the two documents linked above and follow their recommended mitigation advice.

Google patches second Chrome zero-day in two weeks
Date: 2020-11-02
Author: ZDNet

Google has released a security update today for its Chrome web browser that patches ten security bugs, including one zero-day vulnerability [identified as CVE-2020-16009] that is currently actively exploited in the wild.
In typical Google fashion, details about the zero-day and the group exploiting the bug have not been made public — as a way to allow Chrome users more time to install the updates and prevent other threat actors from developing their own exploits for the same zero-day.

Govt kicks off long-awaited Privacy Act review
Date: 2020-10-30
Author: iTnews

The federal government has kicked off its review of the Privacy Act, which will consider whether Australians should have the right to have their personal information erased like in the European Union, among other reforms.
Attorney-General Christian Porter on Friday released the terms of reference for the wide-ranging review that the government committed to undertake in response to the digital platforms inquiry in December 2019.
The review will consider whether the Privacy Act, which has not been amended since the introduction of the Australian Privacy Principles (APP) in 2012, remains fit for purpose in the digital economy.

The energy-sector threat: How to address cybersecurity vulnerabilities
Date: 2020-11-03
Author: McKinsey & Company

Electric-power and gas companies are especially vulnerable to cyberattacks, but a structured approach that applies communication, organizational, and process frameworks can significantly reduce cyber-related risks.

ESB-2020.3893 – gnome: Multiple vulnerabilities

Gnome vulnerabilities offered attackers opportunity to complete remote code execution, denial of service, cross-site scripting, and privileged & confidential data access.

ESB-2020.3833.2 – Cisco IOS XR Software: Multiple vulnerabilities

Cisco’s enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software allowed an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device.

ESB-2020.3818 – Cisco Identity Services Engine: Multiple vulnerabilities

Cisco Identity Services Engine (ISE) web-based management interface vulnerabilities allows an authenticated, remote attacker with administrative credentials to conduct cross-site scripting, remote code execution attacks, and compromise root.

ESB-2020.3598.2 – UPDATE VMware Products: Multiple vulnerabilities

VMware have updated patch version details associated with their earlier advisory after release of ESXi patches that completed the incomplete fix for CVE-2020-3992, which carries a 9.8 Critical CVSS3 score.

ESB-2020.3789 – ALERT wordpress: Multiple vulnerabilities

Multiple vulnerabilites reported against WordPress, permitting opportunity for remote code execution, privilege escalation, cross-site request forgery, denial of service and cross-site scripting attacks.

ESB-2020.3777 – BIG-IP Products: Multiple vulnerabilities

BIG-IP Products affected by Administrator compromise, remote code execution and cross-site Scripting vulnerabilities.

Stay safe, stay patched and have a good weekend!

The AusCERT team