//Week in review - 21 May 2021

AusCERT Week in Review for 21st May 2021


To kick things off, we’d like to share the following wrap-up article on AusCERT2021 which concluded last week.

Again, heartfelt thanks to our colleagues, delivery partners, delegates, speakers and sponsors who came along to support our first ever hybrid endeavour. To those of you who registered to attend as a delegate, you can revisit the conference’s key learnings by re-watching the presentations on-demand.

A personalised link to access these recordings has been shared by team GEMS Events so please keep an eye out for it in your inbox. To those who didn’t register as an AusCERT2021 delegate, we will also be sharing these recordings via our YouTube channel in due time.

Last but not least, sharing a special request from our colleagues at UQ Cyber. See below:

Keen on helping the future generation of cyber and information security professionals? Here’s your chance!

“Vignette Survey on Effectiveness of Place Managers in Preventing Ransomware”

Folks from UQ Cyber are seeking assistance from the AusCERT membership audience to participate in a cyber security survey that is investigating factors which can influence the effectiveness of cyber security professionals in preventing cyber security incidents such as ransomware within their respective organisations.

The survey results will shed valuable insights and influence how organisations should channel their limited resources in preventing cyber security incidents more effectively.

The survey will take approximately 20 minutes to complete. To participate, please click here.

For further information, please feel free to get in touch with Heemeng Ho, the lead researcher of this project.

Until next week everyone, have a great weekend.

AFP using a squad of good boys to detect devices such as USBs and SIM cards
Date: 2021-05-20
Author: ZDNet

The Australian Federal Police (AFP) this week revealed some of its canine squad have been trained to sniff out devices, such as USBs and SIM cards, at crime scenes or during the execution of search warrants.
In a Facebook post showing a video of one dog, Georgia, finding a phone hidden in a vacuum cleaner, the AFP said since 2019, its three AFP technology detection dogs have located more than 120 devices in support of investigations ranging from child protection investigations to counter terrorism operations.

How to ‘Demystify’ Cybersecurity
Date: 2021-05-14
Author: BankInfoSecurity

[Jeremy Kirk was hosted at the AusCERT2021 conference as a media representative.]
To defend against cyberattacks, it’s important to “demystify” cybersecurity and break it into risks that can be managed by any organization, says Ciaran Martin, the former director of the U.K. National Cyber Security Center.
“It’s very easy to be terrified of cybersecurity,” Martin said. “It’s very easy to be infantilized by cyber risks and the hype around cybersecurity.”
In his keynote speech, Martin showed a slide listing key cybersecurity steps, including ensuring software is up to date, making sure partners and suppliers protect data and reviewing authentication methods used to access systems.
An essential step, he said, is making sure an organization knows what data it holds and who may most likely try to target it so the right security controls can be deployed. Most organizations, for example, are not going to be targeted by nation-states, he said.
“Just manage risk well enough,” Martin said. “You don’t need to have nation-state defenses.”
“So understand the harms, have a risk-bask based approach – a realistic approach, and work with partners,” Martin said. “We can get on top of this problem.”

Exploit released for wormable Windows HTTP vulnerability
Date: 2021-05-17
Author: Bleeping Computer

Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.
The bug, tracked as CVE-2021-31166, was found in the HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server as a protocol listener for processing HTTP requests.
Microsoft has patched the vulnerability during this month’s Patch Tuesday, and it impacts ONLY Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2.

Chrome now automatically fixes breached passwords on Android
Date: 2021-05-18
Author: Bleeping Computer

Google is rolling out a new Chrome on Android feature to help users change passwords compromised in data breaches with a single tap.
Chrome already helped you check if your credentials were compromised and, with the rollout of the new automated password change feature, it will also allow you to change them automatically.
Now, whenever checking for stolen passwords on supported sites and apps, Google Assistant will display a “Change password” button that will instruct Chrome to navigate to the website and go through the entire password change process on its own.

Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data
Date: 2021-05-17
Author: WIRED

Ransomeware groups have always taken a more-is-more approach.
If a victim pays a ransom and then goes back to business as usual—hit them again. Or don’t just encrypt a target’s systems; steal their data first, so you can threaten to leak it if they don’t pay up. The latest escalation?
Ransomware hackers who encrypt a victim’s data twice at the same time.
Double-encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other.
“The groups are constantly trying to work out which strategies are best, which net them the most money for the least amount of effort,” says Emsisoft threat analyst Brett Callow. “So in this approach you have a single actor deploying two types of ransomware. The victim decrypts their data and discovers it’s not actually decrypted at all.”

ASB-2021.0111 – Microsoft Edge (based on Chromium): Multiple vulnerabilities

Microsoft Edge, the default browser for Windows 10, contained multiple vulnerabilities that could lead to arbitrary code execution.

ESB-2021.1721 – GNOME: Multiple vulnerabilities

Patches were made available for GNOME to address multiple code execution vulnerabilities.

ESB-2021.1702 – sudo: Multiple vulnerabilities

Red Hat released patches for vulnerabilities that could lead to privilege escalation via sudo utilities.

Stay safe, stay patched and have a good weekend!

The AusCERT team