//Week in review - 5 Nov 2021

AusCERT Week in Review for 1st October 2021


Today is International Coffee Day, an opportunity to celebrate the tasty brew that provides a kickstart to get us going or provides a boost to sustain us when needed. How do you prefer your coffee?

Earlier in the week, it was revealed that almost 10 million Android devices globally had been infected with malware delivered via GriftHorse apps.

The Register reported on the Trojan code that has already netted millions of dollars.

ZDNet advised many experts, including VMware and CISA, have been begging people to address the CVE-2021-22005 issue, a vulnerability with VMware vCenter, by updating their systems as soon as possible.

Microsoft rolled out a new feature to Exchange that will automatically install temporary mitigations that block active security flaws until an official patch is released by Microsoft.

The Record wrote about the proactive move by Microsoft with its first-of-its-kind security feature.

Lastly, we wanted to advise of some upcoming training that is being held in the last quarter of 2021, delivered remotely via Zoom. The courses will focus on Cyber Security Risk Management and Introduction to Cyber for IT Professionals.

Dates and further information can be found on the online booking portal or, by contacting us via email at training@auscert.org.au

Emergency Google Chrome update fixes zero-day exploited in the wild
Date: 2021-09-24
Author: Bleeping Computer

Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild.
“Google is aware that an exploit for CVE-2021-37973 exists in the wild,” the browser vendor revealed in Friday’s security advisory.

Victoria launches five-year, AU$50 million cyber strategy
Date: 2021-09-20
Author: ZDNet

The Victorian government has launched a new five-year cyber strategy that will see over AU$50 million be allocated towards bolstering the state’s cybersecurity resilience.
The cyber strategy will focus on three core missions that government has described as providing safe and reliable delivery of government services, creating a cyber safe place, and creating a “vibrant” cyber economy.
The strategy will be implemented through the state’s chief information security officer releasing annual mission delivery plans that outline specific activities associated with the three core missions. The CISO will develop this plan in consultation with relevant stakeholders across government, industry, and the community.

Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes
Date: 2021-09-27
Author: The Record

Microsoft will soon roll out a new security feature for its Exchange email servers, which have been at the center of several hacking campaigns over the past two years.
Called the Microsoft Exchange Emergency Mitigation service, the new feature works by automatically installing temporary mitigations that block active exploitation of security flaws until Microsoft is ready to release official patches.
The Emergency Mitigation service will be enabled by default for all Exchange servers once they install the September 2021 Cumulative Updates for Exchange servers, which are shipping out soon, after Microsoft delayed their release last week to have more time to work on it.

Wide-ranging BEC scam underscores dangers of doing business with (un)trusted suppliers
Date: 2021-09-27
Author: SC Media

Such schemes, referred to as “business email compromise,” often don’t get nearly the amount of attention or public awareness as ransomware and other forms of cybercrime, but the cumulative losses to businesses and individuals every year often dwarf what is seen in almost all other areas of digital crime.
According to the latest annual internet crime report from the FBI, they helped fuel a record account of complaints reported to authorities by the American public in 2020, with 19,369 complaints and adjusted losses of $1.8 billion attributed to BEC schemes alone.

Govt cyber incident intervention powers likely to be rushed in
Date: 2021-09-30
Author: iTnews

‘Last resort’ powers that would allow the government to intervene to contain a cyber attack on critical infrastructure should be “swiftly legislated”, a parliamentary committee says.

ESB-2021.3226 – ALERT Google Chrome: Execute arbitrary code/commands – Remote with user interaction

Google Chrome has released updates to fix an actively exploited zero-day vulnerability tracked as CVE-2021-37973.

ASB-2021.0187 – Microsoft Edge (Chromium-based): Multiple vulnerabilities

Microsoft last week rolled out updates for its Chromium based Edge browser addressing multiple vulnerabilities including the zero day CVE-2021-37973.

ESB-2021.3214 – Traffix SDC: Denial of service – Remote/unauthenticated

F5 is yet to release the fix for Traffix SDC to address use-after-free vulnerability in glibc.

ESB-2021.3262 – GitLab Community Edition and GitLab Enterprise Edition: Multiple vulnerabilities

GitLab addresses numerous vulnerabilities in latest security release including stored XSS, DNS rebinding, and a bunch of permission mishaps.

ESB-2021.3162.2 – UPDATE ALERT VMware vCenter Server & Cloud Foundation : Multiple vulnerabilities

VMware has updated their security advisory to confirm that CVE-2021-22005 is being exploited in the wild.

Stay safe, stay patched and have a good weekend!

The AusCERT team