AusCERT Week in Review for 3rd September 2021

AusCERT Week in Review for 3rd September 2021

Greetings,

Last week, AusCERT alerted members regarding a remote code execution vulnerability present in certain versions of Atlassian Confluence (CVE-2021-26084).

Where it was possible to identify internet facing Confluence instances of our members, notifications were sent last Friday, August 27. We published ESB-2021.2901 on the same day. Read more in this Bleeping Computer article.

Members, we need you! AusCERT is always looking for ways to increase our value to you and would like your feedback. Specifically, your thoughts regarding AusCERT delivering Cyber Tabletop Exercises as a paid service, like we currently do for cyber security training.

If you’d like to get involved, please complete this survey so that we can evaluate the need for this service and what would suit your organisation.

A recent spate of unsolicited text messages has offered a timely reminder that SMS is often used by scammers.

Unidentified texts that don’t have an option to unsubscribe are key identifiers of potential scams, often seeking personal information and in some cases, containing electronic viruses that can compromise your phone’s security.

Scammers like to disguise their deceit by using shortened URLs that hide the original domain names and, in some instances, malware that can download and execute once the link has been clicked.

There are many ways this method is being used, with examples seen in this We Live Security article.

Have a great weekend!

NPM package with 3 million weekly downloads had a severe vulnerability
Date: 2021-09-03
Author: Ars Technica

Popular NPM package “pac-resolver” has fixed a severe remote code execution (RCE) flaw.
The pac-resolver package receives over 3 million weekly downloads, extending this vulnerability to Node.js applications relying on the open source dependency. Pac-resolver touts itself as a module that accepts JavaScript proxy configuration files and generates a function for your app to map certain domains to use a proxy.

Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported
Date: 2021-08-19
Author: Cloudflare

Earlier this summer, Cloudflare’s autonomous edge DDoS protection systems automatically detected and mitigated a 17.2 million request-per-second (rps) DDoS attack, an attack almost three times larger than any previous one that we’re aware of. For perspective on how large this attack was: Cloudflare serves over 25 million HTTP requests per second on average. This refers to the average rate of legitimate traffic in 2021 Q2. So peaking at 17.2 million rps, this attack reached 68% of our Q2 average rps rate of legitimate HTTP traffic.

ACSC cyber security challenge
Date: 2021-08-31
Author: Cyber.gov.au

The ACSC has released a simulated cyber incident challenge so anyone can test or improve their cyber response ability and forensic skills.
Organisations may wish to use the challenge as a group training exercise for cyber security staff.
The challenge was originally run at the BSides Canberra conference in April 2021.

Data privacy, governance and insights are all important obligations for businesses
Date: 2021-08-31
Author: TechRepublic

TechRepublic’s Karen Roby spoke with Kon Leong, CEO and co-founder of ZL Technologies, a data management company, about data privacy and governance.
[…] for the last seven decades or more, IT has focused on data that was primarily all siloed. Siloed applications generating siloed data. And now here comes a slew of legislative initiatives that say, “OK, we’re looking at privacy, and by the way, no data is exempt. Therefore, we don’t make exemptions for silos. So to manage it, you have to de-silo effectively.” And are you kidding me? You’re going to undo 70 years of IT infrastructure? So we’re still kind of scratching our heads and saying, how do we get this done?”

Maths, encryption, and quantum computing
Date: 2021-08-18
Author: COSMOS Magazine

“Factorisation, which is used for the current classical public key cryptography, is easy [to break] on quantum computers. Factorisation is simple. You can factor long integers and break RSA on Quantum. It’s quite easy. So now we are trying to design the cryptography, which will be resistant against quantum computing.”
Instead of using integer factorisation, other mathematical approaches need to be used to circumvent the sheer ‘brain’ power quantum computers will possess. One of mathematical tools that are being used to construct quantum-resistant encryption is Geometry of Numbers or Lattice Theory.

ASB-2021.0176 – Microsoft Security Update Release for Microsoft Edge (Chromium-based)

Fixes for multiple critical vulnerabilities for Microsoft Edge, most of which first appeared in Chrome a couple of days earlier.

ESB-2021.2981 – qemu security update

Various bugs in the qemu emulator leading to DoS and code execution from malicious guests.

ESB-2021.2968 – USN-5051-4: OpenSSL regression

OpenSSL on Ubuntu 14.04 ESM, and only 14.04, introduced a regression while fixing CVE-2021-3712.

ESB-2021.2953 – sssd security update

The System Security Services Daemon (SSSD) allowed shell command injection, permitting root escalation if a root user was tricked into running a specially crafted command.

ESB-2021.2949 – Security update for mysql-connector-java

This patch prevents unauthenticated attackers compromising the Java connector for MySQL.

Stay safe, stay patched and have a good weekend!

Bek, Tom & David