//Week in review - 19 Feb 2021

AusCERT Week in Review for 19th February 2021


This week we hosted our very first event for the year! We hosted a joint webinar session which took place yesterday (Thursday 18th February) with the folks from Digital Shadows. The topic of this webinar was “Automation when you can’t automate – the human process journey”, a copy of the recording can be viewed here.

We are also pleased to announce that our AusCERT2021 Call for Speakers panel managed to review and score all of the submissions for this year. Congratulations to all speakers whose submissions were accepted and thank you to everyone else who submitted. As always, we were lucky to receive an overwhelming number of submissions and the decision making process wasn’t easy. A big shout-out to our panel which comprised of AusCERT internal staff and colleagues from a range of external organisations and roles who assisted us along the process. We couldn’t have done it without you! We look forward to sharing the details regarding our speakers and program in the coming days. To stay up to date on our conference details, please visit our website.

Last but not least, a reminder to all members that you can join us at the AusCERT – Members Slack space by logging in with your member portal credentials. The space is a safe and quick way to stay engaged with the AusCERT team. If you’re having any issues with the process, drop us a line and we’ll be able to assist. What is Slack? Find out more about it here.

Until next week, have a good weekend everyone.

Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites
Date: 2021-02-16
Author: ZDNet

A cybercrime group specialized in showing malicious ads has abused an unpatched zero-day vulnerability in WebKit-based browsers to break security restrictions and redirect users from legitimate portals to shady sites hosting online gift card scams.
The attacks were first spotted in June 2020 and are still active today; however, patches for the WebKit zero-day have been released at the start of the month.

2021 EDUCAUSE Horizon Report: Information Security Edition
Date: 2021-02-16

[EDUCAUSE is a nonprofit higher education technology association that helps higher education elevate the impact of IT. They are based in the USA.]
This report profiles important trends and key technologies and practices shaping the future of information security, and envisions a number of scenarios and implications for that future.
It is based on the perspectives and expertise of a global panel of leaders from across the higher education landscape.

How Australian cyber experts got comms back up in PNG tribal war
Date: 2021-02-16
Author: Australian Financial Review

A Canberra-based cyber-security firm has helped a multi-organisation operation get critical communications back up for a hospital in Papua New Guinea in the midst of an outbreak of tribal fighting.
Local media reported at least 19 people were killed during the tribal violence outbreak in the country’s Hela province, many more injured and around 6000 people, mainly women and children, fleeing into the surrounding forests due to the violence.
Robert Potter, security adviser and chief executive at Canberra-based cyber defence consultancy Internet 2.0, said the firm was invited to help with the relief effort, co-ordinated by the Papua New Guinea Police and security firm Black Swan, along with the United Nations and Internet 2.0’s partner on the ground Astrolab PNG.

Microsoft will alert Office 365 admins of Forms phishing attempts
Date: 2021-02-15
Author: Bleeping Computer

Microsoft is adding new security warnings to the Security and Compliance Center default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants.

This cybersecurity threat costs business millions. And it’s the one they often forget about
Date: 2021-02-16
Author: ZDNet

While ransomware is the cyberattack most feared by businesses, another form of cybercrime is slipping under the radar, one that is proving highly lucrative for internet fraudsters – and costly to business.
A business email compromise (BEC) attack sees cyber criminals use social engineering to trick an employee at a business into transferring a large sum of money to an account controlled by the crooks.

ESB-2021.0542 – SUSE Manager Client Tools: Multiple vulnerabilities

SUSE Security Update fixes four vulnerabilities in SUSE Manager Client Tools.

ESB-2021.0555 – McAfee Endpoint Security: Multiple vulnerabilities

The update for McAfee Endpoint Security for Windows fixes five vulnerabilities.

ESB-2021.0581 – Google Chrome: Multiple vulnerabilities

The Stable channel update for Windows, Mac and Linux fixes multiple vulnerabilities.

ESB-2021.0602 – Cisco Webex Meetings Desktop App & Webex Productivity Tools: Access confidential data – Existing account

Cisco has released software updates that address a vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows.

ESB-2021.0609 – McAfee Web Gateway: Root compromise – Existing account

Security updates fix sudo vulnerability in the Linux-based appliances and virtual machines.

Stay safe, stay patched and have a good weekend!

The AusCERT team