//Week in review - 18 Jun 2021
AusCERT Week in Review for 18th June 2021
This week, we shared our June 2021 edition of The Feed – the AusCERT membership newsletter. Members, be sure to check your inbox(es) for a copy of this newsletter to catch up on all things related to your AusCERT membership.
We’re pleased to share the following blog piece by our AusCERT2021 Diversity and Inclusion Champion – Phillip “Pip” Jenkinson from Baidam Solutions. Congratulations Pip, a well-deserved win! For those of you based in the Greater Brisbane area and are wanting to hear more about Pip and the work he does at Baidam Solutions, come and join us at our upcoming NAIDOC Week 2021 luncheon on Friday 2 July, 12 - 2pm. For further details and to RSVP, visit the AusCERT website here.
Last but not least, we’re proud to announce that there are currently 11 NEW Member Security Incident Notifications (MISNs) reports generated in the pipeline by our team of analysts - all drawn from the expertise of our various threat intelligence partners and resources. This is a pertinent reminder for members to keep your organisation's IPs and domains up to date on the AusCERT member portal to make sure you're able to receive these relevant MSINs as they come through! A recap of how this particular AusCERT service assists our members with mitigating cyber-attacks can be found here "How AusCERT helped its members tackle the recent Microsoft Exchange server critical ProxyLogon vulnerabilities and exploits."
Until next week everyone, have a great weekend.
Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet
Author: Dark Reading
[See related ALERT bulletin ESB-2021.1805 which AusCERT published on the 26th May]
Thousands of instances of VMware vCenter Servers with two recently disclosed vulnerabilities in them remain publicly accessible on the Internet three weeks after the company urged organizations to immediately patch the flaws, citing their severity.
The flaws, CVE-2021-21985 and CVE-2021-21986, basically give attackers a way to take complete control of systems running vCenter Server, a utility for centrally managing VMware vSphere virtual server environments. The vulnerabilities exist in vCenter Server versions 6.5, 6.7, and 7.0.
Nationally-known Australian company lawyered up to resist ASD help
The Secretary of the Department of Home Affairs, Mike Pezzullo, has spoken out against hacked organisations that refuse assistance from the Australian Signals Directorate, likening it to refusing to cooperate with an air crash investigation.
One such example was discussed in evidence to the Parliamentary Joint Committee on Intelligence and Security on Friday.
"It was a nationally-known case involving a nationally-known company that [ASD director-general Rachel Noble] and I are declining to name at this point," he said.
[...] However the unnamed company lawyered up, and it took a week for the ASD to get even basic network information.
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
Author: Microsoft Security Intelligence
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.
Qld govt stumps up $40m for cyber security, digital
The Queensland government will invest almost $40 million in cyber security and digital service delivery over the next five years as the state’s Covid-19 recovery gets underway.
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk.
34 vulnerabilities were addressed in ImageMagick, some of which could lead to code execution.
Tenable released an update to address privilege escalation vulnerabilities in their Nessus Agent for Windows.
Another week, another zero-day in Google Chrome. Google reports that this been exploited in the wild so this should be patched as soon as possible.
Stay safe, stay patched and have a good weekend!
The AusCERT team