//Week in review - 11 Dec 2020

AusCERT Week in Review for 11th December 2020


Well done to all who’ve implemented the latest set of patches from the last batch of Patch Tuesday of 2020! Be sure to read our concise list of our most notable security bulletins below.

With two weeks remaining until the Christmas and New Year holidays, we would like to inform you of the scheduled shutdown of our membership and operations teams:

Membership: Will be closed from Saturday 19th of December until Sunday 3rd of January 2021. We will reopen on Monday, 4th of January 2021.

Operations: Will be closed from Friday 25th of December until Sunday 3rd of January 2021. We will reopen on Monday, 4th of January 2021. The auscert@auscert.org.au mailbox will not be monitored during this period. However, we will staff the 24/7 member incident hotline as usual; so do call us for any urgent matters during this period.

This week saw us releasing a joint Cyber Threat Signal 2021 publication with fellow CERT colleagues: KrCERT/CC, CERT-In and Sri Lanka CERT|CC. This publication is a joint prediction of the most pertinent cyber threats that 2021 may deliver. Perhaps to no one’s surprise, ransomware attacks is expected to dominate the sector in 2021 in both volume and its impact. Be sure to read up on how to protect yourselves, as the publication contains a summary list of observations from 2020 that is extended into 2021 along with point-form mitigation advice.

And last but not least, don’t forget – our AusCERT2021 Call for Papers initiative is still open with exactly one month to go to the first initial deadline for our committee feedback. Help us celebrate the 20th anniversary of Australia’s original and oldest information security conference. Do you or someone you know have a great story to tell? We would like to hear it, help us spread the word on Cyber Security!

Until next week, have a wonderful and restful weekend everyone.

Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities
Date: None
Author: ZDNet

[AusCERT ASBs 2020-0216 through 224 relate to this Patch Tuesday, member portal login required. 217 and 219 are related to RCE vulnerabilities.]

Microsoft has published today 58 security fixes across 10+ products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.

There’s a smaller number of fixes this December compared with the regular 100+ fixes that Microsoft ships each month, but this doesn’t mean the bugs are less severe.

More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network.

Pfizer/BioNTech vaccine docs hacked from European Medicines Agency
Date: None
Author: BBC News

The European Medicines Agency (EMA) says it has been hit by a cyber-attack and documents relating to a Covid-19 vaccine have been accessed.
BioNTech, which makes one of the vaccines in partnership with Pfizer, said its regulatory submission was accessed during the attack.

The EMA is working on approval of two Covid-19 vaccines, which it expects to conclude within weeks.

The cyber-attack was not expected to impact that timeline, BioNTech said.

The EMA did not provide any details on the nature of the cyber-attack in a brief statement on its website, beyond saying a full investigation had been launched.

A spokesperson for the agency said it was still “functional”.

National interest plan could drive local cyber sector
Date: None
Author: InnovationAus

The launch of an Australian national interest strategy could help propel the growth of the local cybersecurity sector and assist the economic recovery from COVID-19, according to AustCyber chief executive Michelle Price.

Ms Price, along with Australian National University National Security College head Professor Rory Medcalf, delivered a National Press Club address on Wednesday on the need for a national interest strategy, and the crucial role cybersecurity will play in the coming years.

There have been a number of government policies this year focused on national security and interest, Professor Medcalf said, and now a more cohesive strategy is needed around this.

U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools
Date: None
Author: Reuters

FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that it has been hacked, possibly by a government, leading to the theft of an arsenal of internal hacking tools typically reserved to privately test the cyber defenses of their own clients.

The hack of FireEye, a company with an array of business contracts across the national security space both in the United States and its allies, is among the most significant breaches in recent memory.

Cyber attack could bring down entire financial system: IMF
Date: None
Author: Sydney Morning Herald

The world’s financial system could collapse and create an economic downturn as disastrous as the coronavirus recession or the global financial crisis if growing fears of a devasting cyber-security hack are realised.

Research from the International Monetary Fund released on Tuesday found the reliance of the financial system and consumers on digital services was increasingly at risk from cyber attacks that were being fuelled by falling prices for hacking tools and a target-rich environment.

ESB-2020.4347 – Adobe Acrobat and Reader: Access confidential data – Remote with user interaction

A vulnerability for multiple Adobe Acrobat products was patched. If successfully exploited it could lead to remote information disclosure. Adobe marked this as important.

ASB-2020.0217 – ALERT Windows: Multiple vulnerabilities

Microsoft patch Tuesday was this week and 23 vulnerabilities across Windows operating systems were patched.

ASB-2020.0220 – Microsoft Office, Microsoft Office Services and Web Apps: Multiple vulnerabilities

Another Microsoft patch Tuesday release, 15 vulnerabilities were patched across the Microsoft Office suite of applications.

Stay safe, stay patched and have a good weekend!

The AusCERT team