//Week in review - 8 Oct 2021

AusCERT Week in Review for 8th October 2021


The global outage of Facebook, Instagram and WhatsApp earlier in the week highlighted the impact a small error can have on an entire network.

It’s believed that the outage was caused by a routine maintenance job that unintentionally resulted in Facebook’s data centres being disconnected from the internet, making Facebook, WhatsApp and Instagram inaccessible.

With over 3.5 billion users around the planet, MIT Technology Review writes on how dependant people have become on one company’s data centre and the impact an outage on this scale has.

Earlier in the week, AusCERT team members participated in a multi-national drill that saw their skills tested with a simulated malware attack.

Of the eight tasks they were asked to complete, the most challenging required the duo to analyse, evaluate and re-assess their response to what they correctly deduced was a ransomware attack.

Fifteen teams took part with both AusCERT team members expressing they enjoyed the challenge that tested abilities from file decryption to port scanning to gain an understanding of how the attack occurred.

Exercises such as this provide our team with current, real-world scenarios that reinforce, add-to and enhance their skillset to ensure AusCERT remains at the forefront of cyber security defence.

Lastly, October is Cybersecurity Awareness Month, the perfect time to remind individuals and organizations of the importance of cybersecurity and to encourage active use of measures that foster vigilance and offer protection.

There are many ways to improve protection against common online threats and cybercrime. At AusCERT, we’re passionate about data security and keeping your information safe. That’s why we deliver 24/7 service to our members alongside a range of comprehensive tools to strengthen your cyber security strategy.

To stay up-to-date with the latest cyber information, security alerts and more, simply head to our website, scroll to the bottom and subscribe!

Legislation expanding digital identity scheme to private sector finally unveiled
Date: 2021-10-04
Author: Innovation Aus

The federal government has finally unveiled exposure legislation expanding its digital identity program to state governments and the private sector, with a whirlwind consultation period commencing before it is soon introduced to Parliament.
The legislation will introduce two voluntary schemes to accredit companies and governments as service providers or relying partners in the digital identity program, as well as enshrining extra privacy safeguards in law and establishing a permanent oversight authority for the scheme.
The digital identity scheme, a whole-of-government federal program aiming to provide identity verification across a range of government services and private sector offering, has been in the works for six years at a cost of more than $450 million, but legislation is required to expand it to the private sector.

Understanding How Facebook Disappeared from the Internet
Date: 2021-10-05
Author: Cloudflare

“Facebook can’t be down, can it?”, we thought, for a second.
Today at 1651 UTC, we opened an internal incident entitled “Facebook DNS lookup returning SERVFAIL” because we were worried that something was wrong with our DNS resolver But as we were about to post on our public status page we realized something else more serious was going on.
Social media quickly burst into flames, reporting what our engineers rapidly confirmed too. Facebook and its affiliated services WhatsApp and Instagram were, in fact, all down. Their DNS names stopped resolving, and their infrastructure IPs were unreachable. It was as if someone had “pulled the cables” from their data centres all at once and disconnected them from the Internet.

Why Windows 11’s security is such a big deal
Date: 2021-10-05
Author: TechRepublic

The hardware requirements for Windows 11 have led to a lot of debate about exactly what changes in newer PCs and processors; they’ve also led to enterprises thinking about what security features they need in hardware.
Microsoft’s second Security Signals report shows that enterprise security decision-makers are concerned about the security impact of hybrid work, and they expect PC hardware to help, said Dave Weston, director of OS security at Microsoft.

Twitch source code, creator earnings exposed in 125GB leak
Date: 2021-10-07
Author: Ars Technica

Live video broadcasting service Twitch has been hit by a massive hack that exposed 125GB of the company’s data. In a 4chan thread posted (and removed) Wednesday, an anonymous user posted a torrent file of the data dump. The dump contains the company’s source code and details of money earned by Twitch creators.

ESB-2021.3341 – Security update for apache2

Apache has another vulnerability! Here we have an SSRF via a specially crafted uri – not a fun combination. You also get a DoS for free as well. Patch your systems!

ESB-2021.3321 – firefox-esr security update

Extending the exhaustive list of Firefox memory corruption bugs, more have been discovered which were capable of resulting in execution of code. We use past tense, but if you don’t update, it could be present tense for you!

ESB-2021.3294 – USN-5104-1: Squid vulnerability

Black hat sharks have begun to encircle at-risk-squids, threatening them with DoS and confidential data disclosures. Update your systems to save the squids!

ESB-2021.3287 – Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)

Two for the price of one, an alert was put out for Apache systems this week, after a vulnerability allowing an attacker to link to urls outside of the expected document root was “fixed” (spoiler: not quite the first time around)… Needless to say, we recommend patching this immediately.

ESB-2021.3276 – USN-5101-1: MongoDB vulnerability

A DoS vulnerability discovered in MongoDB puts many home movie collections at risk. Probably some other more important services too, but think about the movies…

Stay safe, stay patched and have a good weekend!

The AusCERT team