//Week in review - 11 Jan 2021

AusCERT Week in Review for 08th January 2021


Welcome to 2021.

We hope all our readers enjoyed a well-deserved break over the Christmas and New Year period.

We would like to highlight the following article from colleagues at Data @ UQ “What’s your (cyber and data safety) New Year’s resolution” – a relevant read to kick off the year!

This week we’re thrilled to announce the first keynote speaker at our annual conference AusCERT2021. Ciaran Martin, founding CEO of the National Cyber Security Centre and now a Professor at the University of Oxford will be joining us virtually from the UK. We look forward to hearing him speak at the conference and his thoughts on the future of our sector and conference theme “SOARing with cyber.”

Don’t forget – our AusCERT2021 Call for Papers initiative is still open until the end of this month. Those wanting feedback from our committee are encouraged to submit by Monday 11 January. Help us celebrate the 20th anniversary of Australia’s original and oldest information security conference!

And last but not least, keep your eyes peeled as we announce our Strategic Plans for 2021. The team is also working hard on our 2020 Year in Review document and look forward to sharing this in the next few weeks.

Until next week folks, have a good weekend.

Stay safe and let’s remember to keep washing our hands and practise those good Covid-safe habits.

Set up your own malware analysis pipeline with Karton – CERT Polska
Date: 2020-12-30
Author: CERT Polska

[CERT Polska is a fellow member of the international forum of response teams – FIRST – and is the first Polish computer emergency response team.]
What is Karton?
Karton is a robust framework for lightweight and flexible analysis backends. It can be used to connect malware analysis systems into a robust pipeline with very little effort.

CISA Releases Free Detection Tool for Azure/M365 Environment
Date: 2020-12-24
Author: Cybersecurity and Infrastructure Security Agency (CISA)

CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.

China’s APT hackers move to ransomware attacks
Date: 2021-01-04
Author: Bleeping Computer

Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.
Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse.

ANU uses new security capabilities to help other Unis fend off attacks
Date: 2021-01-05
Author: iTnews

The Australian National University says it has been able to help other unnamed universities “fend off attacks” using new capabilities it set up in the early part of a five-year information security program.
The program, described at a high level in a parliamentary submission released at the end of last year, comes after ANU was targeted by an advanced persistent threat (APT) actor that led to two data breaches.

Beware: PayPal phishing texts state your account is ‘limited’
Date: 2021-01-03
Author: Bleeping Computer

A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft.
When PayPal detects suspicious or fraudulent activity on an account, the account will have its status set to “limited,” which will put temporary restrictions on withdrawing, sending, or receiving money.

WhatsApp: Share your data with Facebook or delete your account
Date: 2021-01-06
Author: Bleeping Computer

After WhatsApp updated its Privacy Policy and Terms of Service on Monday with additional info on how it handles users’ data, the company is now notifying users through the mobile app that, starting February, they will be required to share their data with Facebook.

ESB-2021.0024 – chromium: Multiple vulnerabilities

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

ESB-2021.0011 – MozillaThunderbird: Multiple vulnerabilities

A security update for MozillaThunderbird fixes 9 vulnerabilities in Mozilla Thunderbird 78.6 and Mozilla Thunderbird 78.5.1.

ASB-2021.0001 – Google Android devices: Multiple vulnerabilities

Multiple vulnerabilities have been identified in Google Android devices which can be fixed by updating to the latest versions.

ESB-2021.0067 – Firefox & Firefox ESR: Multiple vulnerabilities

Multiple security vulnerabilities fixed in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1

ESB-2021.0064 – pacemaker: Multiple vulnerabilities

Several security vulnerabilities were addressed in pacemaker, a cluster resource manager

Stay safe, stay patched and have a good weekend!

The AusCERT team