//Week in review - 9 Apr 2021

AusCERT Week in Review for 9th April 2021


Welcome back from the Easter long weekend.

This week we kicked things off by releasing a blog piece on the topic of the recent Facebook data leak of over five-hundred million of its users. We’d be remiss not to mention the good work done by the folks from Have I Been Pwned in this particular instance.

Tune in next week and join our Director, Dr. David Stockdale as he discusses the focus on securing remote access as a key step in the zero-trust journey. “Securing the people, systems, and assets in a higher education org is no small task. With over fifty-thousand students supported by over seven-thousand staff members, learn why UQ chose Duo Security as its 2FA solution.” For further details on the webinar and to register, please visit the AusCERT website here.

Members – another reminder that all nominated Primary and Organisation contact person(s) would have received details regarding your organisation’s member token(s), part of your AusCERT membership perks which allows you to attend our annual conference for free or as a partially subsidised delegate, please make sure you utilise the token(s) by midnight on Sunday 18 April! Conference registrations can be completed via our website here.

Until next week, have a good weekend everyone.

Cisco fixes bug allowing remote code execution with root privileges
Date: 2021-04-07
Author: Bleeping Computer

Cisco has released security updates to address a critical pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software’s remote management component.
The critical security flaw tracked a CVE-2021-1479 which received a severity score of 9.8/10. It allows unauthenticated, remote attackers to trigger a buffer overflow on vulnerable devices in low complexity attacks that don’t require user interaction.
“An attacker could exploit this vulnerability by sending a crafted connection request to the vulnerable component that, when processed, could cause a buffer overflow condition,” Cisco explained.
The company fixed two other high-severity security vulnerabilities in the user management (CVE-2021-1137) and system file transfer (CVE-2021-1480) functions of the same product allowing attackers to escalate privileges.
Successful exploitation of these two bugs could allow threat actors targeting them to obtain root privileges on the underlying operating system.

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof
Date: 2021-04-06
Author: CyberNews

Days after a massive Facebook data leak made the headlines, it seems like we’re in for another one, this time involving LinkedIn.
An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author.
The four leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more.

Too slow! Booking.com fined for not reporting data breach fast enough
Date: 2021-04-06
Author: Naked Security

The Dutch Data Protection Authority (DPA) – the country’s data protection regulator – has fined online travel and hotel booking company Booking.com almost half a million Euros over a data breach.
Interestingly, the fine was issued not merely because there was a breach, but because the company didn’t report the breach quickly enough.

Facebook data leak: How to know if your business has been affected, and what to do next
Date: 2021-04-06
Author: SmartCompany

The personal data of more than 533 million Facebook users has been leaked online. But, if you’re a business owner, there are a few things you can do to make sure your professional page is as safe as possible.

Contact books of Australian diplomats hacked in major ‘phishing’ scam
Date: 2021-04-07
Author: Sydney Morning Herald

Senior Australian diplomats, including United States ambassador Arthur Sinodinos, have been caught up in a sophisticated identity theft scam in which cyber attackers impersonated them on encrypted messaging services WhatsApp and Telegram in a bid to get sensitive information from their contacts.
Under the scam, senior politicians and diplomats are being sent messages asking them to validate new WhatsApp and Telegram accounts. Once they click on the link or download the app, the hacker then has access to their contact book and the ability to impersonate them on the new account.

ESB-2021.1131 – VMware Carbon Black Cloud Workload appliance: Administrator compromise – Remote/unauthenticated

VMWare addresses a critical vulnerability in Carbon Black Cloud.

ESB-2021.1163 – ALERT Cisco SD-WAN vManage Software: Multiple vulnerabilities

Multiple Vulnerabilities in Cisco SD-WAN vManage software can lead to arbitrary code execution.

ESB-2021.1165 – ALERT Cisco Small Business RV Series Router products: Execute arbitrary code/commands – Remote/unauthenticated

Cisco released an advisory on a critical RCE on End of Life RV Series routers.

ESB-2021.1183 – Jenkins (core) and plugins: Multiple vulnerabilities

Jenkins has released security updates for different Jenkins deliverables including Jenkins (core).

ESB-2021.1176 – Cisco Webex Meetings: Multiple vulnerabilities

Cisco addresses XSS vulnerability in Webex Meetings.

Stay safe, stay patched and have a good weekend!

The AusCERT team