//Week in review - 29 Oct 2021

AusCERT Week in Review for 29th October 2021


AusCERT is always looking for ways to increase our value to our members. We know that data governance is essential to cyber security. In order to protect against threats, organisations need to know what data to protect and how best to protect it. As part of this, we would like to hear your feedback on the idea of us delivering data governance advisory services.

We are seeking expressions of interest for services such as these and would welcome feedback via our online survey. All submissions are confidential and will assist us evaluate the need for this service to your organisation.

The Women in Security Magazine explores different journeys of women in security, gains career perspectives from industry experts, and offers different technology perspectives, includes insights from industry greats on diversity and inclusion, and so much more!

Issue 5 explores the misconception concerning the shortage of skilled women in the security industry which includes an interview with AusCERT team member, Vishaka, about her journey into the field of cyber security.

As we celebrate Cyber Security Awareness Month, it’s important to ensure you have access to the right information and tools you need to make informed decisions about your cyber risk tolerance.

Overview of Malware Hosted on Discord’s Content Delivery Network
Date: 2021-10-20
Author: RiskIQ

RiskIQ’s Research team has begun analyzing Discord’s Content Delivery Network links with files ending in certain extensions (like exe, dll, compressed and document file extensions) to identify malware files posted to Discord servers. Through this research, we can identify the Discord channel ID to pivot off of in the RiskIQ platform. Overall, since mid-September 2021, RiskIQ was able to identify over 100 Discord URLs delivering malicious content, such as AsyncRAT, Raccoon Stealer, Agent Tesla, and many other Backdoors, Password Stealers, and Trojans.

Australian Online Privacy Bill to make social media age verification mandatory for tech giants, Reddit, Zoom, gaming platforms
Date: 2021-10-25
Author: ZDNet

The federal government has released an exposure draft for what it has labelled an Online Privacy Bill that it hopes will enhance online privacy protections for Australians through an expansion of the nation’s Privacy Act.
“The goal of the Bill is to enhance privacy protections, particularly in the online sphere, without unduly impeding innovation within the digital economy,” the federal government wrote in the Bill’s explanatory paper.
Under current legislation, the federal government can only make two kinds of binding privacy codes, which are the Australian Privacy Principle code (APP) and a credit reporting code.
The Bill is seeking to expand the Privacy Act to allow government to create a third code specifically for regulating three classes of organisations: Social media platforms, data brokers, and large online platforms.

Mozilla Firefox cracks down on malicious add-ons used by 455,000 users
Date: 2021-10-26
Author: ZDNet

Mozilla’s Firefox browser team has cracked down on malicious add-ons, blocking software with a 455,000 user base.
On October 25, the development team said that in early June, Firefox discovered add-ons that were misusing the browser’s proxy API, used by software to manage how the browser connects to the internet.
Add-ons are software modules that can be installed to customize a user’s browsing experience and may include anti-tracking software, ad blockers, themes, and utilities.

These phishing emails use QR codes to bypass defences and steal Microsoft 365 usernames and passwords
Date: 2021-10-27
Author: ZDNet

Cyber criminals are sending out phishing emails containing QR codes in a campaign designed to harvest login credentials for Microsoft 365 cloud applications.
Usernames and passwords for enterprise cloud services like Microsoft 365 are a prime target for cyber criminals, who can exploit them to launch malware or ransomware attacks, or sell stolen login credentials onto other hackers to use for their own campaigns.
Cyber criminals are looking for sneaky new ways to dupe victims into clicking links to phishing websites designed to look like authentic Microsoft login pages, accidentally handing over their credentials.

1,000,000 Sites Affected by OptinMonster Vulnerabilities
Date: 2021-10-27
Author: Wordfence

On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities we discovered in OptinMonster, a WordPress plugin installed on over 1,000,000 sites. These flaws made it possible for an unauthenticated attacker, meaning any site visitor, to export sensitive information and add malicious JavaScript to WordPress sites, among many other actions.
Wordfence Premium users received a firewall rule to protect against any exploits targeting these vulnerabilities on September 28, 2021. Sites still using the free version of Wordfence will receive the same protection on October 28, 2021.

ESB-2021.3563 – ALERT macOS Big Sur: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in Apple macOS Big Sur, the most severe of which could allow root compromise

ESB-2021.3602 – Junos OS and Junos OS Evolved: Multiple vulnerabilities

Juniper has released new software versions for Juno OS to address multiple vulnerabilities which could lead to root compromise

ESB-2021.3605 – salt: Root compromise – Existing account

An issue was discovered in SaltStack Salt which allows a user who has control of the source, and source_hash URLs to gain full file system access as root

ESB-2021.3599 – Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD): Multiple vulnerabilities

Cisco has released updates for multiple vulnerabilities identified in Cisco ASA and Cisco FTD software

ESB-2021.3608 – GitLab Community Edition (CE) and GitLab Enterprise Edition (EE): Multiple vulnerabilities

Gitlab has released security updates to fix multiple vulnerabilities identified in Community Edition and Enterprise Edition

Stay safe, stay patched and have a good weekend!

The AusCERT team