//Week in review - 7 May 2021

AusCERT Week in Review for 7th May 2021


This week, we’ve been elated to announce a couple of well-known speakers joining us at AusCERT2021. Troy Hunt will be doing an AMA session, hosted by MC Adam Spencer; and Kevin Mitnick will be joining us for the Speed Debate session.

A note to remind folks that in-person places for AusCERT2021 are selling fast, with very limited numbers remaining. The conference will be delivered in hybrid mode so you can still join us from the comfort of your own home/office. Don’t forget to register before we sell out!

Another busy week has gone past for our analyst team with alerts sent out for multiple products. On that note, be sure to review our highlighted security bulletins and articles below. Members, remember to keep your organisation’s IPs and domains up to date on the AusCERT member portal.

This week saw us supporting Privacy Awareness Week 2021, some really handy tips from the OAIC on the topics of protecting personal information, both at home and in the workplace. On that note, at AusCERT, we also offer a short course training session on the topic of “Practising good cyber hygiene for hybrid working” – to find out more, email us via training@auscert.org.au.

Last but not least, AusCERT will be taking over the @WeAreBrisbane Twitter account over the period of 10th-16th May (during conference week, we’re very excited!). We hope to highlight and amplify the topics of Internet safety, cyber and information security as well as the various personal work of sector focussed colleagues in the greater Brisbane area. Don’t forget to follow and re-Tweet our posts during this period.

Until next week everyone, have a good and restful weekend, and please remember to spoil your mums and mother figures on Sunday 9th May.

Apple hurries out fixes for WebKit zero-days
Date: 2021-05-03
Author: Search Security

Apple dropped updates on Monday for iOS, macOS, and watchOS in response to in-the-wild attacks on its WebKit browser engine.
The macOS Big Sur 11.3.1, iOS/iPadOS 14.5.1, and iOS 12.5.3 each include fixes for CVE-2021-30665 and CVE-2021-30663. Both flaws are present in WebKit, the engine Apple uses as the basis for its Safari desktop browser and multiple components of iOS.

Critical 21Nails Exim bugs expose millions of servers to attacks
Date: 2021-05-04
Author: Bleeping Computer

Newly discovered critical vulnerabilities in the Exim mail transfer agent (MTA) software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations.
The security flaws (10 remotely exploitable and 11 locally) found and reported by the Qualys Research Team are collectively known a 21Nails.
Exim 4.94.2 are vulnerable to attacks attempting to exploit the 21Nails vulnerabilities.
“Some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and gain root privileges on the Exim Server,” as Qualys senior Manager Bharat Jogi noted.

UnitingCare cyber attack claimed by notorious ransom gang REvil/Sodin
Date: 2021-05-06
Author: ABC News

Hackers claiming responsibility for an attack on health and community care provider UnitingCare Queensland have been revealed as one of the most notorious cyber ransom gangs in the world.
Last week, the Queensland healthcare provider fell victim to the cyber attack, which affected its hospitals and aged care homes.
It runs the Wesley and St Andrew’s Hospitals in Brisbane, St Stephen’s Hospital in Hervey Bay and the Buderim Private Hospital on the Sunshine Coast, and dozens of aged care and disability services throughout the state.
UnitingCare on Wednesday confirmed the hack had been claimed by REvil/Sodin.
The gang that has been linked to multiple attacks on high-profile targets across the globe and is thought to have named itself after apocalyptic science fiction horror video game-turned movie, Resident Evil.
UnitingCare Queensland’s corporate affairs director Matthew Cuming said as a result, some of the organisation’s digital and technology systems had been left inaccessible.
But Mr Cuming said at this time there was no evidence the health and safety of patients, residents or clients had been compromised as a result of the cyber incident.

NSW Labor takes a hit from Windows Avaddon ransomware
Date: 2021-05-05
Author: iTWire

The NSW branch of the Labor Party appears to have suffered a Windows ransomware attack, with the Avaddon strain having been used to attack the party’s network.

Cybersecurity is too big for governments or firms to handle alone
Date: 2021-05-03
Author: World Economic Forum

The recent hack of network management company SolarWinds, which enabled bad actors to compromise a range of US government agencies and major corporations, has revealed a troubling truth: Business and government expose each other to significant cyber-risks because they are interconnected and rely on the same network of software vendors.
That’s why the strategic response must involve more intense collaboration. Simply put, the threat of cyberattacks is too big a job for either government or business to tackle alone.
• Business and government are exposing each other to an increasing range of cyber-risks.
• Current efforts to pool cybersecurity resources are limited in scope.
• Sharing threat intelligence is the first step to provide a clear cyberthreat picture.

ESB-2021.1499 – ALERT Apple iOS products: Execute arbitrary code/commands – Remote with user interaction

Apple reveals two iOS zero-day vulnerabilities that allow attackers to access fully patched devices.

ASB-2021.0101 – ALERT exim: Multiple vulnerabilities

Qualys researchers uncover 21 bugs in Exim mail servers.

ESB-2021.1528 – ALERT HyperFlex HX Software: Multiple vulnerabilities

Multiple vulnerabilities in Cisco HyperFlex could allow arbitrary code execution.

ESB-2021.1529 – ALERT Cisco SD-WAN vManage: Multiple vulnerabilities

Cisco released patches to address critical vulnerabilities in SD-WAN vManage software.

ESB-2021.1563 – ALERT vRealize Business for Cloud: Execute arbitrary code/commands – Remote/unauthenticated

VMWare addresses critical remote code execution vulnerability in vRealize Business for Cloud.

Stay safe, stay patched and have a good weekend!

The AusCERT team