//Week in review - 23 Jul 2021

AusCERT Week in Review for 23rd July 2021

Hi Folks

Patch fatigue is definitely setting in, another big week for our analysts issuing bulletins from Adobe and Oracle particularly.

This week we released our Quarter 2, 2021 Report with some great stats and updates for the period from 1 April to 30 June 2021.

Reminder, there are only 8 days left to nominate for the Australian Women in Security Awards, such a great opportunity to recognise the amazing women in our industry.

Hope everyone is keeping safe in these crazy times, have a great weekend.

Shriro Hacked, Feds Cyber Security Called In
Date: 2021-07-19
Author: channelnews

Sydney based appliance distributor Shriro Holdings has been hacked with the business impacted claims management.
CEO Tim Hargraves claims that the distributor of Casio, Blanco, Omega and Everdure barbecues was subject to a cyber security incident involving unauthorised access to its operating systems last week.

Microsoft takes down domains used to scam Office 365 users
Date: 2021-07-19
Author: Bleeping Computer

Microsoft’s Digital Crimes Unit has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s customers.
The domains taken down by Microsoft were so-called “homoglyph” domains registered to resemble those of legitimate business. This technique allowed the threat actors to impersonate companies when communicating with their clients.

This password-stealing Windows malware is distributed via ads in search results
Date: 2021-07-21
Author: ZDNet

A newly discovered form of malware delivered to victims via adverts in search results is being used as a gateway to stealing passwords, installing cryptocurrency miners and delivering additional trojan malware.
Detailed by cybersecurity company Bitdefender, the malware – which targets Windows – has been dubbed MosaicLoader and has infected victims around the world as those behind it attempt to compromise as many systems as possible.

HiveNightmare aka SeriousSAM — anybody can read the registry in Windows 10
Date: 2021-07-21
Author: Double Pulsar

This is the story of how all non-admin users can read the registry — and so elevate privileges and access sensitive credential information — on various flavours of Windows 10. It appears this vulnerability has existed for years, and nobody noticed. In this post I made an exploit to test it.

Australian organisations are quietly paying hackers millions in a ‘tsunami of cyber crime’
Date: 2021-07-16
Author: ABC News

It’s an open secret within the tight-lipped world of cybersecurity.
For years, Australian organisations have been quietly paying millions in ransoms to hackers who have stolen or encrypted their data.
This money has gone to criminal organisations and encouraged further attacks, creating a vicious cycle.
Now experts say Australia and the rest of the world is facing a “tsunami of cyber crime”.

MITRE – 2021 CWE Top 25 Most Dangerous Software Weaknesses
Date: 2021-07-22
Author: MITRE

The [CWE Top 25] is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working. The CWE Top 25 is a valuable community resource that can help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security weaknesses.

ASB-2021.0138 – ALERT MySQL products: Multiple vulnerabilities

Oracle’s July Patch Update includes 41 new security patches to address multiple vulnerabilities in Oracle MySQL

ASB-2021.0139 – ALERT PeopleSoft Enterprise products: Multiple vulnerabilities

Oracle releases fixes to address multiple vulnerabilities in PeopleSoft Enterprise products

ASB-2021.0140 – ALERT Oracle Systems: Multiple vulnerabilities

The Critical Patch Update contains 11 new security patches for Oracle Systems

ESB-2021.2515 – ALERT Tenable.sc Products: Multiple vulnerabilities

Multiple third-party vulnerabilities identified in Tenable .sc 5.19.0

ASB-2021.0156 – ALERT Oracle Financial Services Applications: Multiple vulnerabilities

Multiple vulnerabilities in Oracle Financial Services Applications are addressed in the Oracle’s most recent Patch Update

ESB-2021.2463 – Google Chrome: Multiple vulnerabilities

The Chrome team releases Chrome 92.0.4515.107 with a number of fixes and improvements

ESB-2021.2447 – Adobe Photoshop: Multiple vulnerabilities

Adobe’s updates for Photoshop for Windows and macOS resolve a critical and a moderate vulnerability

Stay safe, stay patched and have a good weekend!

The AusCERT team