//Week in review - 22 Oct 2021

AusCERT Week in Review for 22nd October 2021


With the announcement of the new slate of Apple products this week that include MacBooks and AirPods, which now looks to be an annual occurrence, questions arise as to whether some of the newer versions are a needed evolution of technology or simply a tactic to increase sales.

A recent article from ZDNet discusses if the drive to incorporate new and untested elements (with the goal to create the need for consumers to upgrade) come at the cost of functionality.

Red Teaming, social engineering and stolen identities – war stories from the field is the topic of Episode 6 of AusCERT’s podcast series, “Share today, save tomorrow”.

It features co-Founder and CEO of Hacktive, Chris Gatford who has been responsible for delivering Attack and Penetration and Technical Security Assessments and reviewed countless IT environments and has directed and been responsible for numerous security assessments for a variety of corporations and government departments.

Mike Holm returns to discuss a recent Apache Vulnerability and AusCERT’s response, notifying member’s that were potentially susceptible to the vulnerability in a very timely manner as well as the expansion of services to include advisory on Data Governance and running Tabletop exercises.

Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know!

The AusCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.

We’re excited to announce the release a snapshot of our service stats for Quarter 3, 2021 in an overview of the cyber security incidents reported by members, from 1 July – 30 September 2021 and includes a summary of other key achievements this quarter.

We would like to take this opportunity to thank you for your continued support and share with you the following snapshot of our services stats for Quarter 3 2021.

Microsoft asks admins to patch PowerShell to fix WDAC bypass
Date: 2021-10-18
Author: Bleeping Computer

Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.
Redmond released PowerShell 7.0.8 and PowerShell 7.1.5 to address these security flaws in the PowerShell 7 and PowerShell 7.1 branches in September and October.

ACCC warns phone users to be aware of evolving Flubot scams
Date: 2021-10-17
Author: ABC News

A text message scam that contacts thousands of Australians a day has evolved to entice phone users to install software security — to protect against its own malicious malware.
Since August, Australians have received text messages purporting to be an unopened voicemail notification, with a link encouraging users to download the scam “voicemail”.
Cyber security experts are warning the scam has morphed into an elaborate scheme that plays on users’ security fears. In a strange twist, the scam is enticing phone users to download extra security to protect their phone — from their own scam.

Australia’s Ransomware Action Plan – What does it mean for you?
Date: 2021-10-14
Author: Willis Towers Watson

Will Australia introduce a mandatory ransomware incident reporting regime? The government’s Ransomware Action Plan seeks to create a cultural shift in the way Australia responds to this cyber threat.
On 13 October 2021, the Minister for Home Affairs Karen Andrews announced the Ransomware Action Plan which is intended to support Australian individuals, businesses, and critical infrastructure.
The plan responds to significant public concern around rising losses to business and the community caused by malicious cyber extortion attacks and the worrying increase in financial and identity frauds perpetrated following ransomware attacks. It also provides key insights into the Australian Government’s wider cyber security objectives.

Supply chain attacks are the hacker’s new favourite weapon. And the threat is getting bigger
Date: 2021-10-20
Author: ZDNet

Compromising a business supply chain is a key goal for cyber attackers, because by gaining access to a company that provides software or services to many other companies, it’s possible to find a potential way into thousands of targets at once.
Several major incidents during the past 12 months have demonstrated the large-scale consequences supply chain attacks can have. In one of the biggest cybersecurity incidents in recent years, cyber attackers working for the Russian foreign intelligence service compromised updates from IT services provider SolarWinds that were downloaded by 18,000 customers, with the attackers then going on to target around 100 of those customers including several US government agencies.

Female Cybersecurity Leaders: Who Wants Them?
Date: 2021-10-20
Author: LinkedIn

[Spoilers: many organisations can benefit from the female CISO’s point of view.] Last year, the world witnessed one of the greatest industrial changes in living memory with the pandemic igniting rapid, exponential growth. Caught off guard, and now in our post-pandemic reflective reality, one thing has become crystal clear. The world seeks a new kind of leader – one who must not only embrace change but become an instigator of it and renown for it.
The era of the fast follower – a company that quickly imitates the innovations of its competitors – is over. Thanks to technology, continual rapid change is here to stay. For years we’ve known it was coming, what with Industry 4.0 on the horizon. And that’s why effective leaders must become experts of change. The first mover advantage is back!

Google unmasks two-year-old phishing & malware campaign targeting YouTube users
Date: 2021-10-21
Author: The Record by Recorded Future

Almost two years after a wave of complaints flooded Google’s support forums about YouTube accounts getting hijacked even if users had two-factor authentication enabled, Google’s security team has finally tracked down the root cause of these attacks.
In a report published today, the Google Threat Analysis Group (TAG) attributed these incidents to “a group of hackers recruited in a Russian-speaking forum.”
TAG said the hackers operated by reaching out to victims via email with various types of business opportunities.
YouTubers were typically lured with potential sponsorship deals. Victims were asked to install and test various applications and then publish a review.

ASB-2021.022 – ALERT Oracle Insurance Applications: Multiple vulnerabilities

Oracle has released a critical patch update that fixes multiple vulnerabilities in Oracle Insurance Applications

ASB-2021.0212 – ALERT Oracle Communications products: Multiple vulnerabilities

Oracle’s most recent patch update includes fixes for 71 new security patches and additional third party patches for Oracle Communication products

ASB-2021.0203 – ALERT Oracle Fusion Middleware Products: Multiple vulnerabilities

Oracle released 38 new security patches for multiple vulnerabilities in Oracle Fusion Middleware. 30 of these vulnerabilities may be exploited over a network without requiring user credentials

ASB-2021.0198 – ALERT MySQL products: Multiple vulnerabilities

Multiple vulnerabilities identified in Oracle MySQL have been addressed by Oracle’s October patch update

ASB-2021.0225 – Microsoft Surface Pro 3: Reduced security – Existing account

Microsoft encourages its customers to practice good security habits to address bypass vulnerability that affects Microsoft Surface Pro 3

Stay safe, stay patched and have a good weekend!

The AusCERT team