//Week in review - 5 Feb 2021

AusCERT Week in Review for 5th February 2021


This week we’re thrilled to announce our 2nd keynote for AusCERT2021 – Maddie Stone from Google’s Project Zero. Maddie will be joining us virtually from the USA. Her work as a Security Researcher where she focuses on 0-days actively exploited in-the-wild will be of tremendous value to our conference delegates. We look forward to welcoming her to our stage in May!

A reminder that we will be hosting our very first event for the year, a joint webinar session with the folks from Digital Shadows. The topic of this webinar will be “Automation when you can’t automate – the human process journey”, further details and the link to register can be found here.

Members, look out for a copy of our membership newsletter aka The Feed landing in your inbox early next week. Our first edition for the year will be a bumper one with updates on our strategy for the year, how to optimise your engagement with our team, an update on the AusCERT2021 conference and a section featuring AusCERT in the media.

Last but not least, be sure to catch up on our summary of critical vulnerabilities and patches affecting SonicWall and Apple. The list of relevant bulletins and further details can be found below.

Until next week, have a good weekend.

SonicWall fixes actively exploited SMA 100 zero-day vulnerability
Date: 2021-02-03
Author: Bleeping Computer

SonicWall has released a patch for the zero-day vulnerability used in attacks against the SMA 100 series of remote access appliances.
On January 22nd, SonicWall disclosed that their internal systems were attacked using a zero-day vulnerability in the SMA 100 series of SonicWall networking devices.
A little over a week later, cybersecurity firm NCC Group discovered a zero-day vulnerability for the SonicWall SMA 100 that was actively being exploited in the wild.
SonicWall later confirmed the zero-day vulnerability and announced that owners could use the built-in Web Application Firewall (WAF) to neutralize the vulnerability.
As WAF requires a paid license, SonicWall has added a free 60 day WAF license to all registered SMA 100 series devices with 10.X code.
Today, SonicWall has released an SMA 100 series firmware update that fixes the actively exploited zero-day vulnerability in the SMA 100 series of devices.

Apple releases macOS Big Sur 11.2 plus security updates for Catalina and Mojave
Date: 2021-02-02
Author: iTWire

[See related AusCERT Security Bulletin ESB-2021.0349.]
Apple has released macOS Big Sur 11.2 along with corresponding security updates for Catalina and Mojave. Two of the security issues they address are reportedly being actively exploited.
Between them, Big Sur 11.2 and this year’s first security updates for Catalina and Mojave address more than 60 vulnerabilities. Apple’s notes state that two of the vulnerabilities are reportedly being actively exploited. One allows arbitrary code execution, the other enables privilege escalation.

Emotet, now neutralised, may have friends you’ll want to clean off your systems.
Date: 2021-02-01
Author: AusCERT

News broke last week regarding an internationally coordinated action against Emotet, known as the “world’s most dangerous malware”.
Via Europol: “This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust. This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT). “
Our team has written a blog piece and shared our thoughts on the initiative.

A Second SolarWinds Hack Deepens Third-Party Software Fears
Date: 2021-02-02
Author: Wired

It’s been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack.
It now appears that Russia wasn’t alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture’s National Finance Center.

Ransomware gangs made at least $350 million in 2020
Date: 2021-02-02
Author: ZDNet

Ransomware gangs made at least $350 million in ransom payments last year, in 2020, blockchain analysis firm Chainalysis said in a report last week.
The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks.
Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due.
The company blamed this on the fact that not all victims disclosed their ransomware attacks and subsequent payments last year, with the real total being many times larger than what the company was able to view.

ESB-2021.0349 – ALERT macOS Big Sur, macOS Catalina & macOS Mojave: Multiple vulnerabilities

Apple released new updates for macOS. Quite a few vulnerabilities this time around including possible exploits in the wild.

ESB-2021.0352 – ALERT iOS & iPadOS: Multiple vulnerabilities

The possible active exploits mentioned above were also present in Apple’s iOS and iPadOS advisory. Get those mobile devices updated as well.

ASB-2021.0037.2 – SonicWall Confirms SMA 100 Series 10.X Zero-Day Vulnerability

SonicWall have released firmware updates to fix the zero-day vulnerability in its SMA 100 product. It is recommended that users patch ASAP.

Stay safe, stay patched and have a good weekend!

The AusCERT team