//Week in review - 25 Jun 2021

AusCERT Week in Review for 25th June 2021


This week, we shared the final instalment of our blog articles highlighting the winners of our Annual AusCERT Awards. This time, we featured the AusCERT2021 Information Security Excellence Winner, Jacqui Loustau. Jacqui is a formidable figure in the Australian information security and cybersecurity community. Have a read of it here.

We’re also pleased to share the following blog piece by Sean McIntyre, one of our Analysts – “I got 99 problems but a vuln ain’t one”, it’s a bit of a tongue-in-cheek one! And cheesy (revised) lyrics aside, Sean shared his top 3 observations from assisting our membership audience.

For those of you based in the Greater Brisbane area and are wanting to hear more about the work done by colleagues at Baidam Solutions, come and join us at our upcoming NAIDOC Week 2021 luncheon on Friday 2 July, 12 – 2pm. For further details and to RSVP, visit the AusCERT website here.

And last but not least, a big thank you to our AusCERT2021 media partners at Source2Create for covering such a wide range of our talks and presentations from AusCERT2021 in Issue 3 of their Women in Security Magazine. To subscribe and download a copy, hop on to their website here.

Until next week everyone, have a great weekend.

Labor Bill would force Aussie organisations to disclose when they pay ransoms
Date: 2021-06-21
Author: ZDNet

The Australian federal opposition has introduced a Bill to Parliament that, if passed, would require organisations to inform the Australian Cyber Security Centre (ACSC) before a payment is made to a criminal organisation in response to a ransomware attack.
The Ransomware Payments Bill 2021 was introduced in the House of Representatives on Monday by Shadow Assistant Minister for Cyber Security Tim Watts.
According to Watts, such a scheme would be a policy foundation for a “coordinated government response to the threat of ransomware, providing actionable threat intelligence to inform law enforcement, diplomacy, and offensive cyber operations”.

MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework
Date: 2021-06-23
Author: The Record by Recorded Future

The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix.
The not-for-profit organization, which also runs the CVE database of known vulnerabilities, received funding to create the D3FEND framework from the US National Security Agency (NSA).
The basic idea behind D3FEND is that the framework will provide defensive techniques that system administrators can apply to counter the practices detailed in the ATT&CK matrix, a one-of-a-kind project that was set up in 2015 to catalog and index the most common offensive techniques used by threat actors in the real world.

Tony googled his investment options. Two weeks later, he’d been scammed out of $200,000
Date: 2021-06-24
Author: ABC News

It cost around $20 to set up and conned $200,000 from one victim alone. Here’s how investment scammers tricked Tony into handing over part of his life savings.

Google dishes out homemade SLSA, a recipe to thwart software supply-chain attacks
Date: 2021-06-18
Author: The Register

Google has proposed a framework called SLSA for dealing with supply chain attacks, a security risk exemplified by the recent compromise of the SolarWinds Orion IT monitoring platform.
SLSA – short for Supply chain Levels for Software Artifacts and pronounced “salsa” for those inclined to add convenience vowels – aspires to provide security guidance and programmatic assurance to help defend the software build and deployment process.

Former ASIO boss warns on energy sector cyber
Date: 2021-06-21
Author: InnovationAus

Energy experts and a former ASIO chief have warned that Australia’s critical energy infrastructure was growing in complexity and vulnerability to cyber-attacks, but a commensurate uplift in resilience has not occurred.
Former ASIO director general and current chair of the Foreign Investment Review Board David Irvine said energy was one of many Australian sectors lacking sufficient cyber resilience, and that most local organisations are not “caring enough” about the new “tool of warfare”.
Progress is being made but not quickly enough, and Australia is vulnerable to sophisticated cyber attacks, Mr Irvine told an Australia Israel Chamber of Commerce Business lunch on Friday.

ASB-2021.0121 – Microsoft Edge (Chromium-based): Execute arbitrary code/commands – Remote with user interaction

Microsoft released an update for Edge, the default internet browser for Windows 10. A vulnerability that could lead to remote code execution was addressed.

ESB-2021.2208 – wireshark: Multiple vulnerabilities

9 vulnerabilities were addressed in Wireshark, a commonly used packet analyser.

ESB-2021.2212 – Thunderbird: Multiple vulnerabilities

Multiple vulnerabilities were addressed in Mozilla Thunderbird, these could lead to cross-site scripting attacks and code execution.

Stay safe, stay patched and have a good weekend!

The AusCERT team