//Week in review - 23 Apr 2021

AusCERT Week in Review for 23rd April 2021


Another busy week has gone past for the folks in our sector, with Oracle’s quarterly patch releases, two separate notable announcements from FireEye, an exploited Chrome zero-day and two vulnerabilities in the QNAP NAS products for good measure!

On that note, be sure to review our highlighted security bulletins and articles below.

Thank you to those who’ve registered to attend the AusCERT2021 conference with your organisation’s member tokens, part of your AusCERT membership perks which allows you to attend our annual conference for free or as a partially subsidised delegate. Not long to go until we kick things off in mid-May!

Members, keep an eye out for a copy of our membership newsletter The Feed landing in your inbox early next week. It will be a bumper edition in the lead up to AusCERT2021.

Last but not least, please come and join us on our next webinar session, Thursday 29th April at 10:00AM AEST with colleagues from BDO Australia as we discuss the 2020 BDO and AusCERT Cyber Security Survey insights. Details on how to register for this session can be found here.

Lest we forget, we would like to take this opportunity to commemorate the men and women who have served our nation in all wars, conflicts, and peacekeeping operations.

AusCERT will maintain minimal coverage for the Anzac Day long weekend. Our staff will be on-call for emergencies only and email will not be monitored during this time. Any AusCERT member with an emergency may contact on-call AusCERT staff on the AusCERT Incident Hotline, details available here.

Until next week, have a good and restful weekend everyone.

AirDrop bugs expose Apple users’ email addresses, phone numbers
Date: 2021-04-21
Author: The Record by Recorded Future

A team of academics from a German university said it discovered two vulnerabilities that can be abused to extract phone numbers and email addresses from Apple’s AirDrop file transfer feature.
The two bugs reside in the authentication process during the initial phase of an AirDrop connection, where devices try to discover one another and determine if they belong to users who know each other (by checking if a device/user’s phone number is in the other device’s contacts list).

Google issues Chrome update patching seven security vulnerabilities
Date: 2021-04-20
Author: ZDNet

[See related bulletin ESB-2021.1363]
Google on Wednesday released version 90.0.4430.85 of the Chrome browser for Windows, Mac, and Linux. The release contains seven security fixes, including one for a zero-day vulnerability that was exploited in the wild.
The zero-day, which was assigned the identifier of CVE-2021-21224, was described as a “type confusion in V8”.

Google Alerts continues to be a hotbed of scams and malware
Date: 2021-04-19
Author: Bleeping Computer

Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites.
While Google Alerts has been abused for a long time, BleepingComputer has noticed a significant increase in activity over the past couple of weeks.
To deceive Google into thinking they are legitimate sites rather than scams, threat actors use a black hat search engine optimization (SEO) technique called ‘cloaking.’
Cloaking is when a website displays different content to visitors than it does search engine spiders. This cloaking allows the website to look like a plain text or a typical blog post when Google’s search engine spiders visit the page but perform malicious redirects when a user visits the site from a Google redirect.

Linux bans University of Minnesota for committing malicious code
Date: 2021-04-21
Author: Bleeping Computer

In a rare, groundbreaking decision, Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project.
The move comes after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux codebase, as a part of their research activities.

ASB-2021.0098 – ALERT QNAP NAS: Execute arbitrary code/commands – Remote/unauthenticated

Widespread attacks on QNAP products resulting in Qlocker and eCh0raix ransomware infections. Attacks are being carried out through exploitation of vulnerabilities allowing unauthenticated takeover of Internet-facing hosts.

ESB-2021.1363 – ALERT Google Chrome: Multiple vulnerabilities

Chrome contained a multitude of vulnerabilties causing reduced security including remote code execution and denial of service. Google is aware of reports that exploits for CVE-2021-21224 exist in the wild.

ASB-2021.0074 – ALERT MySQL Products: Multiple vulnerabilities

Various MySQL products contained multiple vulnerabilities which granted attackers abilities to execute remote code, cause denial of service, and root compromise.

ESB-2021.1330 – sudo: Root compromise – Existing account

Any local user could exploit a flaw in sudo and cause a heap-based buffer overflow, which allowed privilege escalation to root.

Stay safe, stay patched and have a good weekend!

The AusCERT team