//Week in review - 27 Aug 2021

AusCERT Week in Review for 27th August 2021


Hot topic of the week is the recently passed bill which will allow the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC) to access the computers and networks of those suspected of conducting criminal activity online, which raises the question: ‘How do we as a CERT tell the difference between a hacked system and a legally compromised one?’ You can read more through these articles from ZDNet and InnovationAus.

This week AusCERT joined teams from 21 other countries to take part in the annual APCERT Drill, designed to improve regional responses to emerging cyber security threats. The theme of this year’s APCERT Drill was “Supply Chain Attack Through Spear-Phishing – Beware of Working from Home”. This exercise reflected real incidents and issues that exist on the Internet. The participants handled a case of a supply chain attack triggered by spear phishing. Narayan and Vishaka represented team AusCERT and did an outstanding job, especially considering it was their first time. We are proud of the contribution by Geoffroy Thonon, our Operations Manager who was part of the planning committee who worked tirelessly to deliver the drill.

Great news for Members! You can now opt to receive AusCERT Bulletins as a daily digest issued at the end of each business day. Subscribe now through the Member Portal, instructions can be found here. Alternatively, you can send an email to the membership team.

Today is Wear it Purple Day which is a way to show young LGBTIQ+ members of the community that they have a right to be proud of who they are. The aim is to create safe spaces in schools, universities, workplaces and public areas to show LGBTIQ+ they are supported and belong.

Have a great weekend!

T-Mobile breach hits 53 million customers
Date: 2021-08-23
Author: iTnews

Cellular operator T-Mobile US said an ongoing investigation into a data breach revealed that hackers accessed personal information of an additional 5.3 million customers, bringing the total number of people affected to more than 53 million.
The third largest US wireless carrier had earlier said that personal data of more than 40 million former and prospective customers was stolen along with data from 7.8 million existing T-Mobile wireless customers.

COVID vaccine certificates can be forged within 10 minutes due to ‘obvious’ security flaw
Date: 2021-08-23
Author: ABC News

Near-perfect forgeries of the federal government’s COVID-19 vaccine digital certificate can be made in 10 minutes using free software, a member of the public has discovered.
Richard Nelson, a software engineer in Sydney, has found an “obvious” security flaw in the Express Plus Medicare app allowing him to make vaccine certificates with any name and date of birth and featuring the background animations meant to prevent forgery.
The Prime Minister has previously said the certificates are a “credible and effective” way for states to administer exemptions from aspects of lockdowns.

Australian businesses stop reporting ransomware attacks over exfiltration doubts
Date: 2021-08-23
Author: iTnews

Australian businesses are incorrectly relying on what they think is a loophole in notifiable data breach laws to avoid reporting ransomware infections.
The Office of the Australian Information Commissioner (OAIC) warned that “a number of entities” in the six months to June 2021 didn’t report ransomware attacks because they could not prove whether or not data was accessed or stolen.

38 million records exposed by misconfigured Microsoft Power Apps. Redmond’s advice? RTFM
Date: 2021-08-23
Author: The Register

Forty-seven government entities and privacy companies, including Microsoft, exposed 38 million sensitive data records online by misconfiguring the Windows giant’s Power Apps, a low-code service that promises an easy way to build professional applications.
Security biz UpGuard said that in May one of its analysts found that the OData API for a Power Apps portal offered anonymously accessible database records that included personal details. That led the security shop to look at other Power Apps portals and its researchers found over one thousand apps configured to make data available to anyone who asked.

Microsoft warns thousands of cloud customers of exposed databases
Date: 2021-08-27
Author: Reuters

Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.
The vulnerability is in Microsoft Azure’s flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies.
[NB: This is separate from the Power Apps issue above.]

Atlassian warns of critical Confluence flaw
Date: 2021-08-26
Author: The Register

Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw.
The company’s not saying a lot about CVE-2021-26084, besides describing it as a “Confluence Server Webwork OGNL injection vulnerability … that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.”
The bug scores 9.8 on the ten-point Common Vulnerability Scoring System.

ASB-2021.0175 – Microsoft Edge (Chromium-based): Reduced security – Remote with user interaction

Please update Microsoft Edge to 92.0.902.78 to address multiple CVEs.

ESB-2021.2865 – F5 BIG-IP Products: Multiple vulnerabilities

Multiple vulnerabilities in BIG-IP Products have been patched by F5.

ESB-2021.2871 – Application Policy Infrastructure Controller: Multiple vulnerabilities

Cisco has released multiple advisories to patch against different vulnerabilties.

ESB-2021.2901 – Atlassian Confluence Server and Data Center: Execute arbitrary code/commands – Remote/unauthenticated

Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw.

Stay safe, stay patched and have a good weekend!

The AusCERT team