//Week in review - 20 Nov 2020

AusCERT Week in Review for 20th November 2020


This week saw us supporting a couple of initiatives. We attended the 32nd Annual FIRST Conference which was held virtually. Despite the time difference, we were able to catch up on a number of presentations delivered at the conference on-demand. Most if not all of you would be familiar with FIRST which is the global Forum of Incident Response and Security Teams. As a proud member of FIRST for the past 24 years, AusCERT is grateful to have been able to participate again in 2020.

The other initiatives we supported this week were the International Fraud Awareness Week campaign which is an initiative run by the International Association of Certified Fraud Examiners (ACFE) – mainly on our social media platforms.

We also supported the Australian Security Intelligence Organisation (ASIO) information campaign called Think Before You Link. The aim of the campaign is to raise awareness of the threat of foreign spies that are actively undertaking espionage and foreign interference in Australia, as well as to provide advice on how to reduce risk and respond to suspicious approaches. We shared this through our ADIR earlier in the week, please feel free to share it with colleagues.

And last but not least, don’t forget – we’ve launched our AusCERT2021 Call for Papers initiative. Help us celebrate the 20th anniversary of Australia’s original and oldest information security conference. AusCERT members, we would love to see YOUR submissions containing stories, whether it be one of success or failure! The “heart” of our conference has always been about knowledge sharing and collaboration, so if you’ve got a story to share, AusCERT may be able to provide you a stage. Feel free to share this with your network

Until next week, have a wonderful weekend everyone.

Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted
Date: 2020-11-14
Author: Bleeping Computer

[Egregor continues to make waves in the sector, the AusCERT team recently presented a case study on our Incident Management service which can be found on our website under Blogs & Publications. Be sure to note our 3-takeaways.]
Chilean-based multinational retail company Cencosud has suffered a cyberattack by the Egregor ransomware operation that impacts services at stores.
Cencosud is one of the largest retail companies in Latin America, with over 140,000 employees and $15 billion in revenue for 2019. Cencosud manages a wide variety of stores in Argentina, Brazil, Chile, Colombia, and Peru, including Easy home goods, Jumbo supermarkets, and the Paris department stores.

Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation
Date: 2020-11-17
Author: ZDNet

[Refer to AusCERT security bulletin ESB-2020.4090.]
Google has released today version 87 of its Chrome browser, a release that comes with a security fix for the NAT Slipstream attack technique and a broader deprecation of the FTP protocol.
Chrome 87 also comes with a fix for a new attack disclosed at the end of October by Samy Kamkar, a famous security researcher and computer hacker.

Cisco fixes WebEx bugs allowing ‘ghost’ attackers in meetings
Date: 2020-11-18
Author: Bleeping Computer

[Refer to AusCERT security bulletin ESB-2020.4095.2 on our website.]
Cisco has fixed today three Webex Meetings security vulnerabilities that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.
Cisco Webex is an online meeting and video conferencing software that can be used to schedule and join meetings. It also provides users with presentation, screen sharing, and recording capabilities.
Threat actors abusing the now patched flaws could become ‘ghost’ users capable of joining a meeting without being detected as IBM researchers discovered while analyzing Cisco’s collaboration tool for vulnerabilities.

Cyberattacks targeting health care must stop
Date: 2020-11-13
Author: Microsoft On The Issues Blog

[We are sharing this as an additional read to the alert issued by the ACSC (cyber.gov.au) on Friday 13 Nov regarding the observed increased activity by threat actors using the SDBBot Remote Access Tool (RAT) against the Australian health sector.]
Two global issues will help shape people’s memories of this time in history – Covid-19 and the increased use of the internet by malign actors to disrupt society. It’s disturbing that these challenges have now merged as cyberattacks are being used to disrupt health care organizations fighting the pandemic. We think these attacks are unconscionable and should be condemned by all civilized society. Today, we’re sharing more about the attacks we’ve seen most recently and are urging governments to act.

Ticketmaster Scores Hefty Fine Over 2018 Data Breach
Date: 2020-11-13
Author: Threatpost

Ticketmaster’s UK division has been slapped with a $1.65 million fine by the Information Commissioner’s Office (ICO) in the UK, over its 2018 data breach that impacted 9.4 million customers.
The fine (£1.25million) has been levied after the ICO found that the company “failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page” – a failure which violates the E.U.’s General Data Protection Regulation (GDPR).

ESB-2020.4090 – Google Chrome: Multiple vulnerabilities

Multiple fixes for the world’s most popular browser

ESB-2020.4082 – Mozilla Firefox: Multiple vulnerabilities

Multiple fixes for another popular browser

ESB-2020.4095.2 – UPDATE Cisco Webex Meetings and Cisco Webex Meetings Server: Multiple vulnerabilities

Fixes released to address ‘ghost’ attackers in webex meetings

ESB-2020.4128 – postgresql12: Multiple vulnerabilities

PostgreSQL database issues patched

Stay safe, stay patched and have a good weekend!

The AusCERT team