//Week in review - 16 Jul 2021

AusCERT Week in Review for 16th July 2021


Well doesn’t time fly, Patch Tuesday (Wednesday) we meet again. Microsoft released patches for 117 vulnerabilities, 13 of these critical. We also saw patch updates from Adobe, Chrome and Firefox.

Of note this week, a new SolarWinds exploit was uncovered by Microsoft who discovered a remote code execution vulnerability in the SolarWinds Serv-U product. SolarWinds released updates for their Serv-U Managed File Transfer and Serv-U Secure FTP tools, CVE-2021-35211. Be sure to catch up on this alert via our highlighted AusCERT Security Bulletin details below.

Lastly, we are excited to share Episode 3 of the AusCERT “Share today, save tomorrow” podcast series. Episode 3 features Jacqui Loustau, AWSN Founder and Pip Jenkinson, CEO of Baidam Solutions and is titled “Passion led us here”. Be sure to check it out. Our podcast is also available via Spotify, Apple Podcast and Google Podcast.

Until next week everyone, have a great weekend.

SolarWinds patches critical Serv-U vulnerability exploited in the wild
Date: 2021-07-12
Author: Bleeping Computer

SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers.
“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company said in an advisory published on Friday.

Updated Essential Eight Maturity Model
Date: 2021-07-12
Author: Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) has further strengthened the implementation guidance for the Essential Eight through changes that reflect its experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight.
The Essential Eight Maturity Model now prioritises the implementation of all eight mitigation strategies as a package due to their complementary nature and focus on various cyber threats. Organisations should fully achieve a maturity level across all eight mitigation strategies before moving to achieve a higher maturity level.

Is Australia a sitting duck for ransomware attacks? Yes, and the danger has been growing for 30 years
Date: 2021-07-14
Author: The Conversation

Australian organisations are a soft target for ransomware attacks, say experts who yesterday issued a fresh warning that the government needs to do more to stop agencies and businesses falling prey to cyber-crime. But in truth, the danger has been growing worldwide for more than three decades.
Despite being a relatively new concept to the public, ransomware has roots in the late 1980s and has evolved significantly over the past decade, reaping billions of dollars in ill-gotten gains.
With names like Bad Rabbit, Chimera and GoldenEye, ransomware has established a mythical quality with an allure of mystery and fascination. Unless, of course, you are the target.

Strengthening Australia’s cyber security regulations and incentives
Date: 2021-07-13
Author: Department of Home Affairs

On 13 July 2021, the Australian Government opened consultation on options for regulatory reforms and voluntary incentives to strengthen the cyber security of Australia’s digital economy. Interested stakeholders are invited to provide a submission to the discussion paper, Strengthening Australia’s cyber security regulations and incentives.

Govts sign off on national data sharing agreement
Date: 2021-07-12
Author: itnews

Federal, state and territory leaders have signed off on an intergovernmental agreement aimed at making more data available across all jurisdictions for policy development and service delivery.
National cabinet agreed to the intergovernmental agreement (IGA) on data sharing on Friday, formalising a plan that was first endorsed in April, in part to lay the foundations for linked-up government services.

ESB-2021.2390 – ALERT HPE Edgeline Infrastructure Manager: Execute arbitrary code/commands – Remote/unauthenticated

HPE has addressed a critical RCE vulnerability in Edgeline Infrastructure Manager.

ESB-2021.2377 – Firefox and Firefox ESR : Multiple vulnerabilities

Multiple security vulnerabilities have been fixed in Firefox 90.

ASB-2021.0126 – ALERT Solarwinds Serv-U: Administrator compromise – Remote/unauthenticated

CVE-2021-35211 is being exploited in the wild. Patch it to not catch it.

ASB-2021.0135 – ALERT Microsoft Extended Security Update products: Multiple vulnerabilities

And here we go again. Microsoft has released its monthly security patch update for the month of July 2021.

ESB-2021.2374 – Adobe Acrobat and Reader: Multiple vulnerabilities

Microsoft: We have critical vulnerabilities. Adobe: Hold my beer.

Stay safe, stay patched and have a good weekend!

Bek & Narayan on behalf of
The AusCERT team