//Week in review - 28 May 2021

AusCERT Week in Review for 28th May 2021


To kick things off, in conjunction with National Reconciliation week 2021, AusCERT would like to take this opportunity to acknowledge the First Nations people as the Traditional Owners of the land on which we are on today. We acknowledge all Elders past, present and emerging. The theme this year is “More than a word. Reconciliation takes action.” To find out more about the week and what it means to our First Nations people, please visit the NRW website here.

Our team issued an alert re: VMWare earlier this week, be sure to catch up on it below.

For those of you keen to check out photos from the recent AusCERT2021 conference, we’ve uploaded several albums to the AusCERT Facebook page.

We’re also pleased to announce that our podcast series “Share today, save tomorrow” is now listed on Spotify. Episode 2 will be released in mid-June.

Last but not least, sharing a special request from our colleagues at UQ Cyber one final time. See below:

Keen on helping the future generation of cyber and information security professionals? Here’s your chance!

“Vignette Survey on Effectiveness of Place Managers in Preventing Ransomware”

Folks from UQ Cyber are seeking assistance from the AusCERT membership audience to participate in a cyber security survey that is investigating factors which can influence the effectiveness of cyber security professionals in preventing cyber security incidents such as ransomware within their respective organisations. The survey results will shed valuable insights and influence how organisations should channel their limited resources in preventing cyber security incidents more effectively.

The survey will take approximately 20 minutes to complete. To participate, please click here. Surveys close on Monday 31 May.

For further information, please feel free to get in touch with Heemeng Ho, the lead researcher of this project.

Until next week everyone, have a great weekend.

This massive phishing campaign delivers password-stealing malware disguised as ransomware
Date: 2021-05-24
Author: ZDNet

A massive phishing campaign is distributing what looks like ransomware but is in fact trojan malware that creates a backdoor into Windows systems to steal usernames, passwords and other information from victims.
Detailed by cybersecurity researchers at Microsoft, the latest version of the Java-based STRRAT malware is being sent out via a large email campaign, which uses compromised email accounts to distribute messages claiming to be related to payments, alongside an image posing as a PDF attachment that looks like it has information about the supposed transfer.

Apple fixes macOS zero-day abused by XCSSET malware
Date: 2021-05-24
Author: The Record

Apple has released today security updates for several of its products, including a patch for its macOS desktop operating system that includes a fix for a zero-day vulnerability that has been abused in the wild for almost a year by the XCSSET malware gang.
Tracked as CVE-2021-30713, the zero-day was discovered by researchers at security firm Jamf during an analysis of XCSSET, a malware strain that was spotted in the wild in August 2020, hidden inside malicious Xcode projects hosted on GitHub.

VMware says critical vCenter Server bug needs ‘immediate attention’
Date: 2021-05-26
Author: iTnews

[See related bulletin ESB-2021.1805]
VMware said three versions of its vCenter Server management software for controlling vSphere environments are susceptible to a critical security flaw that should be immediately patched.
The vendor said in a blog post that the issue needs the “immediate attention” of administrators.
“Given the severity, we strongly recommend that you act,” VMware said.

Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
Date: 2021-05-25
Author: FireEye

Mandiant has observed an increase in compromises of internet-accessible OT assets over the past several years.
In this blog post we discuss previously undisclosed compromises and place them in context alongside publicly known incidents. Although none of these incidents have appeared to significantly impact the physical world, their increasing frequency and relative severity calls for analysis on their possible risks and implications.ols and techniques.

Oracle Peddled Software Used for Spying on U.S. Protesters to China
Date: 2021-05-26
Author: The Intercept

[Context: In early May 2021, Twitter temporarily suspended an Oracle executive from posting after he used the social network to publicise the e-mail address and Signal phone number of the journalist who wrote this article – whose reporting he had personally found to be biased and inaccurate. This research-based article has been produced to counter this claim by Oracle.]
Chicago police used CIA-backed Oracle software to surveil protesters and mine their Twitter feeds. Oracle then peddled that same software for police work in China.
This is an article on global surveillance.

ESB-2021.1794 – Big Sur, Catalina and Mojave: Multiple vulnerabilities

Apple’s latest security updates include a patch for its macOS desktop operating system that fixes a zero-day vulnerability by the XCSSET malware gang.

ESB-2021.1805 – ALERT VMWare Products: Multiple vulnerabilities

VMware vCenter Server updates address remote code execution and authentication vulnerabilities.

ASB-2021.0112 – Microsoft Edge (Chromium-based): Multiple vulnerabilities

Microsoft’s Security Update released on 27 May 2021 fixes multiple vulnerabilities in Microsoft Edge (Chromium-based).

ESB-2021.1819 – linux kernel: Multiple vulnerabilities

An update for the Linux Kernel 4.12.14-150_66 fixes three vulnerabilities.

Stay safe, stay patched and have a good weekend!

The AusCERT team