//Week in review - 13 Nov 2020

AusCERT Week in Review for 13th November 2020


This week we launched our AusCERT2021 Call for Papers initiative. Help us celebrate the 20th anniversary of Australia’s original and oldest information security conference. AusCERT members, we would love to see YOUR submissions containing stories – whether they’re of success or failure! The “heart” of our conference has always been about knowledge sharing and collaboration, so if you’ve got a story to share, AusCERT may be able to provide you a stage. Feel free to share this with your network.

This week we also celebrated NAIDOC Week 2020 with friends from Baidam Solutions. We were proud to host a panel session and an online screening of the film “In My Blood It Runs”. This film is an observational feature documentary following 10-yr-old Arrernte Aboriginal boy Dujuan as he grows up in Alice Springs, Australia. The work we do in terms of reconciliation in this country is ongoing, the producers of this film have shared a resource of First Nations-led solutions we can all explore here.

With November 2020’s Patch Tuesday taking place this week, be sure to note our Security Bulletins highlighted below. And last but not least, we would like to quickly highlight the following alert issued by the ACSC (cyber.gov.au) just this morning on the SDBBot targeting our country’s health sector.

For those of you who celebrate – Happy Diwali, may it be filled with light despite the year we’ve all had.

Until next week, have a wonderful weekend everyone.

Intel fixes 95 vulnerabilities in November 2020 Platform Update
Date: 2020-11-11
Author: Bleeping Computer

[AusCERT issued an alert on CVE-2020-12321 and 12322 yesterday, please refer to ESB-2020.3962]
Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology (AMT).
The issues were detailed in the 40 security advisories published by Intel on its Product Security Center, with the company having delivered security and functional updates to users through the Intel Platform Update (IPU) process.

Microsoft, Amazon, Cisco, Salesforce alarmed at security incident response takeover by govt
Date: 2020-11-09
Author: iTnews

Microsoft, AWS, Telstra, Cisco and Salesforce reacted with alarm at the prospect of direct administrative intervention by Australian authorities to counter cyber security threats against certain customers.
Draft laws proposed by Home Affairs include “last resort” government assistance powers that, in “exceptional circumstances”, would allow the government to intervene in a particularly threatening attack scenario.
The powers are broad – allowing the government to install programs, “access, add, restore, copy, alter or delete data”, alter the “functioning” of hardware or remove it entirely from premises, according to an exposure draft of the bill published today.

IoT security is a mess. These guidelines could help fix that.
Date: 2020-11-10
Author: ZDNet

The supply chain around the Internet of Things (IoT) has become the weak link in cybersecurity, potentially leaving organisations open to cyber attacks via vulnerabilities they’re not aware of. But a newly released set of guidelines aims to ensure that security forms part of the entire lifespan of IoT product development.
New guidelines from European Union Agency for Cybersecurity (ENISA) recommend that all stages of the IoT device lifecycle need to be considered to help ensure devices are secure.

Chinese hacking competition cracks Chrome, ESXi, Windows 10, iOS 14, Galaxy 20, Qemu, and more
Date: 2020-11-09
Author: The Register

VMware has taken the unusual step of warning about an imminent security advisory after a Chinese team successfully popped its flagship product.
News of the crack came from Tianfu Cup, a hacking contest staged in China over the weekend and modelled on events like “Pwn2Own” where vendors allow teams to take down their wares under controlled conditions.
The targets for the competition included the iPhone 11 running the new iOS 14, and the big four browsers – Chrome, Safari, Firefox and Edge. Cup organisers said 11 of the attacks succeeded.

Play Store identified as main distribution vector for most Android malware
Date: 2020-11-11
Author: ZDNet

The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study — considered the largest one of its kind carried out to date.
Using telemetry data provided by NortonLifeLock (formerly Symantec), researchers analyzed the origin of app installations on more than 12 million Android devices for a four-month period between June and September 2019.
In total, researchers looked at more than 34 million APK (Android application) installs for 7.9 million unique apps.

ESB-2020.4051 – Apache OpenOffice: Execute arbitrary code/commands – Remote with user interaction

A malicious document can contain links to any executable on the system triggered via a single click.

ESB-2020.4043 – MISP: Multiple vulnerabilities

An important SSRF vulnerability fixed, and numerous improvements.

ESB-2020.3962 – Intel Wireless Bluetooth products: Multiple vulnerabilities

One of around 40 Intel advisories released this week. This wireless issue is remotely exploitable.

ASB-2020.0206 – Microsoft Windows: Multiple vulnerabilities

Microsoft released numerous fixes for many products this week as part of its monthly ‘Patch Tuesday’.

Stay safe, stay patched and have a good weekend!

The AusCERT team