//Week in review - 24 Dec 2020

AusCERT Week in Review for 24th December 2020


This week the SolarWinds attack continues to make headlines. A reminder to check out our blog on the topic “Sunburst – FireEye’s Discovery of Trojanised SolarWinds Software”. We will continue to update this with any important developments.

With that said, it comes as no surprise to everyone that 2020 has been a particularly challenging year. As the year comes to an end, we would like to thank each and every one of you for your support.

In a year where the basic tenets of the working world changed, YOU (our members) helped us get through it. We would like to share our reflections on the year through the following piece we wrote “The Year that was 2020”.

A reminder of our scheduled shutdown over the Christmas and New Year period: Membership Will be closed from Saturday 19th of December until Sunday 3rd of January 2021. We will reopen on Monday, 4th of January 2021. Operations Will be closed from Friday 25th of December until Sunday 3rd of January 2021. We will reopen on Monday, 4th of January 2021. The auscert@auscert.org.au mailbox will not be monitored during this period. However, we will staff the 24/7 member incident hotline as usual; so do call us for any urgent matters during this period.

And last but not least, don’t forget – our AusCERT2021 Call for Papers initiative is still open over the holiday season. Perhaps some writing to help break up the routine? Help us celebrate the 20th anniversary of Australia’s original and oldest information security conference.

Until next year folks. Have a wonderful and very well deserved break over the holiday season, you have all earned it.

Stay safe and let’s remember to keep washing our hands and practice those good Covid-safe habits!

NSW Health, Rio Tinto, Serco named as victims of massive global SolarWinds hack attack
Date: 2020-12-23
Author: ABC News

NSW Health has been named in a growing list of victims of a major global cyber attack by Russian hackers — although it says patient information was not stolen.
Key points:
– Australian organisations were named in a list of potential victims of a global attack by Russian hackers
– Dubbed the ‘SolarWinds’ attack, it has infected thousands of systems worldwide with malware
– NSW Health may have been infected since June
But while the health agency says its system was not “compromised”, cybersecurity experts said it appeared to be infected with malware.
In a worst-case scenario, this could have allowed the hackers to escalate the attack and steal information.

Cyber security left out of cabinet reshuffle
Date: 2020-12-18
Author: iTnews

Prime Minister Scott Morrison has not appointed a dedicated minister for cyber security in Friday’s cabinet reshuffle.
Last month, The Australian reported that Morrison planned to create a cyber security role in his cabinet that would be added to the Home Affairs­ portfolio.
There were no changes made to the Home Affairs portfolio in today’s announcement, meaning Home Affairs minister Peter Dutton will retain responsibility for Australia’s cyber security policy and coordination.

The Cybersecurity Stories We Were Jealous of in 2020
Date: 2020-12-22
Author: Vice Motherboard

The end of the year is usually a good time for retrospection and one of our favorite traditions: digging into the archives and recognizing the best cybersecurity stories of the year. Stories so good, we wish we had written them ourselves.
Without further ado, here’s the annual Motherboard’s Cyber Jealousy list.

2020: The year in malware
Date: 2020-12-21
Author: Cisco Talos

To recap this crazy year, we’ve compiled a list of the major malware, security news and more that Talos covered this year. Look through the timeline below and click through some of our other blog posts to get caught up on the year that was in malware.

Apple: Here’s how to secure an iPhone or Apple ID ‘when personal safety is at risk’
Date: 2020-12-19
Author: ZDNet

[Stalking is a crime in all states and territories in Australia. If you’re spending time with family and friends over the holidays and believe they might be victims of cyber-stalking, this guide may be of use.]
This document highlights the steps that an Apple user can work through if they believe that their Apple ID has been compromised, or they want to rescind someone’s access to information that they previously allowed to have access, such as an ex or a family member.

ESB-2020.4513 – Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update

Whilst only marked as moderate by Red Hat this advisory contained a whopping 121 CVEs, the most major of which included RCE.

ESB-2020.4537 – Security update for slurm_20_02

This advisory for the powerful Linux resource manager Slurm was marked as important by SUSE and contained a RCE vulnerability.

Stay safe, stay patched and have a good weekend!

The AusCERT team