//Week in review - 5 Nov 2021

AusCERT Week in Review for 15th October 2021


This week’s image, the captivating and vibrant Jacaranda, is an iconic tree in Australia but is in fact, native to Central and South America. Here at The University of Queensland, they’re even part of local lore, signifying the end of year exams, colloquially known as ‘purple panic’.

The idea of panic, isolation and anxiety has been an all too common one of late with this year’s Mental Health Week (October 9 – 17) reminding us of the need to ‘Take time – for mental health’. We can all take steps to promote better health for ourselves and others by engaging in the building blocks of wellbeing.

Just remember PERMA:

  • Positive emotion

  • Engagement

  • Relationships

  • Meaning

  • Accomplishments

Earlier in the week, the Australian Cyber Security Centre released an update to the Essential 8 (or, E8) which are key mitigation strategies that can save organisations considerable time, money, effort, and reputational damage.

The most recent evolution of the E8 has been assessed by CyberSecurity Connect as heightening the baseline for cyber security in Australia.

With the growing sophistication of malicious events that target individuals and corporates through phishing, SMS malware, trojan viruses and more, it’s important to understand the value of cyber security.

CyberExperts.com delves into the impact a cyber-attack can have. In an ever-changing technological landscape that sees growing inter-connectivity with more Internet of Things (IoT) devices connected globally and cybercrime becoming more sophisticated, cyber security is increasingly important to defend against hackers and other online threats.

Microsoft October 2021 Patch Tuesday: 71 vulnerabilities, four zero-days squashed
Date: 2021-10-13
Author: ZDNet

Microsoft has released 71 security fixes for software including an actively-exploited zero-day bug in Win32k.
The Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, includes fixes for a total of four zero-day flaws, three of which are public.
Products impacted by October’s security update include Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge browser.

150 Million Google Users To Get 7 Days’ Notice Before Bold Security Change
Date: 2021-10-09
Author: Davey Winder

Google has confirmed that it will be pushing forward, on an ‘automatic enrollment’ basis, with a bold security update for some 150 million users before the year-end.
The confirmation from Google came by way of an official safety and security blog posting this week.
Yes, we are talking about two-factor authentication (2FA) here, or two-step verification (2SV) in the case of Google. What matters most here is that Google is bringing additional protection to your login credentials. Important because, as recent research into credential stuffing showed, the use of compromised login details is on the up. One significant report even pegs 61% of data breaches as involving credential misuse.

Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks
Date: 2021-10-11
Author: Bleeping Computer

Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads.
This vulnerability, tracked as CVE-2021-30883, is a critical memory corruption bug in the IOMobileFrameBuffer allowing an application to execute commands on vulnerable devices with kernel privileges.

Microsoft Azure fends off huge DDoS Attack
Date: 2021-10-13
Author: ZDNet

Distributed Denial of Service attacks are happening ever more often and growing ever bigger. At 2.4 terabits per second, the DDoS attack Microsoft just successfully defended European Azure cloud users against could be the biggest one to date.
What we know for certain is it’s the biggest DDoS attack on an Azure cloud customer. It was bigger than the previous high, 2020’s Azure 1 Tbps attack, and Microsoft reported it was “higher than any network volumetric event previously detected on Azure.”
Who was targeted? We don’t know. Microsoft isn’t talking.
The attack itself came from over 70,000 sources.

Student finds zero-days in Exterity devices while rick-rolling school district
Date: 2021-10-13
Author: The Record

An Illinois teenager has found a zero-day vulnerability in Exterity IPTV systems during a rick-roll prank he pulled off on his school district before graduation.
On April 30, this year, Minh Duong and a group of close friends took over all networked TVs and other displays inside the six high-schools part of the Illinois Township High School District 214 to play Rick Astley’s infamous “Never Gonna Give You Up” song disguised as an important announcement.
The hack, detailed in a step-by-step blog post published last week, involved scanning the school network for connected devices, analyzing their firmware for bugs, and deploying a payload for a carefully timed attack that took over school TV and displays during a recess to prevent interfering with classes or other exams.

ASB-2021.0193 – Microsoft Patch Tuesday update for Microsoft Extended Security Update (ESU) products for October 2021

It’s that time of month where Microsoft scare us again – there is the usual assortment of serious vulnerabilities worthy of updates. Keep your systems up to date!

ESB-2021.3357 – apache2 security update

Apache2 living up to its name, in that the denial of service and data leak risks should be enough for you to, uh, patch it too.

ESB-2021.3364 – firefox security update

Firefox fraught with fire after felonious fellows find fatal flaw with various flagshi… Actually code execution, DoS and information disclosure are no joking matter, you should pay attention to this one.

ESB-2021.3401 – MFSA 2021-46 and MFSA 2021-47 Security Vulnerabilities fixed in Thunderbird

Do you like computers? How would you like to use emails to gain control of someone else’s computer? Wait, no, we’re the good guys… If you DON’T want to lose your servers, we recommend checking these vulnerabilities out.

ESB-2021.3415 – wordpress security update

Word press cross site scripting sending you cross eyed this week, which won’t help the double vision you get when your users are impersonating each other as well. Patch time!

Stay safe, stay patched and have a good weekend!

The AusCERT team