//Week in review - 10 Sep 2021

AusCERT Week in Review for 10th September 2021


Earlier this week, Microsoft issued a warning to Windows 10 users about a previously unknown security vulnerability, CVE-2021-40444, potentially being exploited by cybercriminals.

Microsoft is advising users to execute mitigation action until an official patch becomes available.

An update on the situation in this Bleeping Computer article.

After reports this week that a threat actor had collected and published credentials for Fortinet’s SSL-VPN devices, we fetched a copy of the data set and yesterday we notified included members. Fortinet have today published an advisory which we’ve sent out as ASB-2021.0179. The exploited vulnerability was originally fixed in May 2019 – a sterling reminder to keep up with patching (or to ask your manager to allocate time for it!).

ZDNet reported on another recent Microsoft vulnerability, a bug in its Azure Container Instances. Microsoft confirmed it had mitigated the vulnerability and advised that there hadn’t been any indications of unauthorised access to customer data.

AusCERT released our latest podcast (Episode 5), ‘Creating a culture of care’ featuring Mental Well Being Consultant, Julie Gillespie.

Julie shares her insights and ideas, borne from her personal experiences, to help develop a culture that identifies and supports those experiencing challenges and difficulties that also benefits the workplace.

The podcast was timely as it preceded this year’s R U OK Day which took place on Thursday, September 9. This year’s message focused on asking friends, families and colleagues if they’re really ok.

Because of the volume of people experiencing isolation, frustration and helplessness, everyday is an opportunity to consider, “What can I do to make a positive influence on my own mental wellbeing and/or for the people in my life more often?”.

Here at AusCERT, we gathered in our HQ for a morning tea to reconnect and then took a stroll after lunch along some scenic walking paths nearby for a good chat and some fresh air.

If you’re feeling depressed, angry, stressed, fearful, anxious or alone, visit: ruok.org.au/findhelp

Hackers leak passwords for 500,000 Fortinet VPN accounts
Date: 2021-09-08
Author: Bleeping Computer

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.

Conti ransomware raiders exploit ‘ProxyShell’ Exchange bugs
Date: 2021-09-06
Author: iTnews

Affiliates of the Conti ransomware criminals are exploiting the ProxyShell vulnerabilities in Microsoft’s Exchange Server to attack and remotely take over organisations’ networks, security researchers warn.
ProxyShell is an attack chain that can be used to remotely run arbitrary commands on unpatched on-premises Exchange Servers, without authentication.

Cybersecurity is tough work, so beware of burnout
Date: 2021-09-06
Author: ZDNet

Working in cybersecurity can be challenging, but it’s important for information security professionals to maintain a healthy work/life balance – otherwise they risk burnout.
All parts of the technology industry have their own pressures, but the demand on security staff has certainly increased recently. Businesses of all sizes need a cybersecurity team to help keep users secure and the organisation safe from phishing, malware, ransomware, and other cyber threats. Defending the network against data breaches and cyber criminals was already tricky, but things have only got tougher in the past 18 months as many cybersecurity teams have needed to adapt to the rise of remote working, which has made keeping users safe from online threats even more difficult.

Ransomware: Take these three steps to protect yourself from attacks and make it easier to recover
Date: 2021-09-08
Author: ZDNet

Microsoft has shared three key steps organizations can take to ensure a ransomware attack doesn’t cripple their entire network in an attempt to extract a multimillion dollar ransom or leak sensitive corporate data on the internet.
Microsoft developed the three-step advice as part of its feedback to the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST)’s recent call for expert approaches to preventing and recovering from ransomware and other destructive cyberattacks.

Protecting yourself from phone porting and SIM card scams
Date: 2021-09-07
Author: ABC Everyday

To get around the increased restrictions on SIM porting, scammers may impersonate your telco to get the verification code.
“To port the number, for example, some telcos might require an authentication code. The criminal knows that. They also know the number of the person they’re trying to exploit.”
“They’ll arrange for that code to be sent via text, then the criminal will call the victim and impersonate the telco and say, ‘Look, I noticed that there has been some unauthorised access on your account. We’ve sent you a verification code, can you confirm that to me?”

ESB-2021-3048 – WordPress 5.8.1 Security and Maintenance Release

Plethora of security patches for new WordPress release.

ESB-2021.3045 – firefox-esr security update

Mozilla Firefox abritrary code execution vulnerabilities.

ASB-2021.0179 – FortiGate SSL-VPN Credentials Leaked by a Malicious Actor

SSL-VPN data leaked for FortiGate by malicious actor this week.

ASB-2021.0177 – Microsoft MSHTML Remote Code Execution Vulnerability

Actively exploited RCE vulnerability in MSHTML, with mitigation recommendations.

ESB-2021.2994 – squashfs-tools security update

Vulnerability in squashfs allowing attackers to overwrite arbitrary files.

Stay safe, stay patched and have a good weekend!

The AusCERT team