//Week in review - 6 Aug 2021

AusCERT Week in Review for 6th August 2021


A hot topic at the moment is the announcement from Apple about their new technology for scanning individual users’ iCloud photos for Child Sexual Abuse Material (CSAM) content.

There is a lot of concern in the industry about the potential for misuse as well as mission creep; the team at Stanford Internet Observatory have a great discussion on the topic and The Register has a great article if you’d like to learn more.

The next episode of our podcast “Share Today, Save Tomorrow” will launch soon; this is a great time to jump on and listen to our first 3 episodes. Great stories from our cyber community as well as up to date news from the AusCERT team. The AusCERT podcast can be found on Spotify, Apple Podcasts and Google Podcasts.

With so much of the country in lockdown (including the AusCERT team) we hope everyone is keeping well and finding ways to keep spirits up. Our team has been sharing their coping techniques as well music and book recommendations which is keeping us all connected as well as entertained.

Have a great weekend everyone.

ACSC survey for Australian critical infrastructure organisations
Date: 2021-08-02
Author: cyber.gov.au

The Australian Cyber Security Centre is asking Australian critical infrastructure providers and operators to take part in a confidential survey to help identify operational technologies used by their organisation.

Cisco fixes critical, high severity pre-auth flaws in VPN routers
Date: 2021-08-04
Author: Bleeping Computer

[See ESB-2021.2626 and 2627.]
Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices.
The two security flaws tracked as CVE-2021-1609 (rated 9.8/10) and CVE-2021-1602 (8.2/10) were found in the web-based management interfaces and exist due to improperly validated HTTP requests and insufficient user input validation, respectively.

How the Dark Web enables access to corporate networks
Date: 2021-07-28
Author: TechRepublic

The Dark Web is home to a thriving marketplace for cybercriminals who want to buy or sell illegal and malicious goods and services. Advertisements and forum messages hawk everything from credit cards and bank accounts to medical records to account credentials to fake IDs to counterfeit products. But one of the most lucrative items up for sale is network access.
Getting the keys to an organization’s entire network can easily pave the way for a host of attacks, including malware, data exfiltration, corporate espionage, and ransomware. A report released Wednesday by security provider Positive Technologies looks at the selling of network access on the Dark Web and examines how this threat continues to grow.

How data-driven patch management can defeat ransomware
Date: 2021-08-02
Author: VentureBeat

Ransomware attacks are increasing because patch management techniques lack contextual intelligence and historical data needed to model threats based on previous breach attempts. As a result, CIOs, CISOs, and the teams they lead need a more data-driven approach to patch management that can deliver adaptive intelligence reliably at scale. Ivanti’s acquisition of RiskSense, announced today, highlights the new efforts to close the data-driven gap in patch management.

What covid apps can teach us about privacy, utility and trust in app design
Date: 2021-08-03
Author: Salinger Privacy

The release last week of the report into the first 12 months of the federal government’s beleaguered ‘COVIDSafe’ app got me thinking about the importance of Privacy by Design – and in particular, how the ‘design’ part of the equation is not just about the technology.
With the release of the evaluation report – months late and only after a heavily redacted version was released after a concerted FOI push – we now know that the COVIDSafe app has been a terribly expensive flop.

ASB-2021.0166 – Microsoft Edge (Chromium-based): Multiple vulnerabilities

Microsoft Edge has been updated to 92.0.902.67 that addresses multiple vulnerabilities.

ESB-2021.2607 – Google Chrome: Multiple vulnerabilities

The stable channel update for Google Chrome has been released to address multiple vulnerabilities.

ESB-2021.2626 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers: Multiple vulnerabilities

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business Dual WAN Gigabit VPN Routers could lead to Remote Code Execution.

ESB-2021.2640 – wordpress: Multiple vulnerabilities

Object injection vulnerability in PHPMailer affects WordPress.

Stay safe, stay patched and have a good weekend!

The AusCERT team