//Week in review - 5 Nov 2021

AusCERT Week in Review for 5th November 2021


Last year’s BDO and AusCERT Cyber Security Survey found that data breaches doubled and organisations were overconfident in their cyber controls. To challenge this trend, now is the time to review your approach to cyber security.

The annual BDO and AusCERT Cyber Security Survey identifies the current cyber security trends, issues and threats facing organisations across Australia and New Zealand.

We invite you to take our 10-minute survey which provides the opportunity to sense check your organisation’s approach to cyber risk. By taking part, you will gain access to valuable data, allowing you to benchmark your organisation’s cyber security efforts and gain insights into the cyber threats faced by your industry peers.

Survey respondents will go in the draw to win an Apple Watch. The survey closes at midnight on Friday, 3 December 2021.

A recent article by ZDNet revealed that a significant number of people have accepted that remote working may be accompanied by being monitored by the companies they work for.

Based on a survey of 11,000 consumers across eleven countries, the article also points out that only a small number of respondents were familiar with cyber security issues or, where to report scams should they be targeted, highlighting the potential risk for organisations in a hybrid working environment.

It’s Movember again, a global campaign which quite simply asks you to pay attention to, talk about, raise funds and, most importantly, raise awareness for men’s cancers and other men’s health issues.

The traditional way to get involved is to “Grow a Mo” but anyone can show their support by taking part in “Move for Movember”, “Host a Mo-ment” and “Mo Your Own Way”. The campaign runs for the entire month so there’s plenty of time to get involved and create your very own mo-ments to support men’s health issues.

Building sovereign resilience into Australian technology supply chains
Date: 2021-10-28
Author: Cyber Security Connect

Proofpoint threat researchers have identified a new, highly active cyber criminal threat actor TA2722, and have colloquially named the cyber threat group as the ‘Balikbayan Foxes’.
The cyber criminal group impersonates Philippine health, labour and customs organisations as well as other entities based in the Philippines. A series of campaigns impersonated multiple Philippine government entities including the Department of Health, the Philippine Overseas Employment Administration and the Bureau of Customs.

‘Trojan Source’ Bug Threatens the Security of All Code
Date: 2021-11-01
Author: Krebs on Security

Researchers with the University of Cambridge discovered a bug that affects most computer code compilers and many software development environments. At issue is a component of the digital text encoding standard Unicode […].
Specifically, the weakness involves Unicode’s bi-directional or “Bidi” algorithm, which handles displaying text that includes mixed scripts with different display orders, such as Arabic — which is read right to left — and English (left to right).
“By placing Bidi override characters exclusively within comments and strings, we can smuggle them into source code in a manner that most compilers will accept. Our key insight is that we can reorder source code characters in such a way that the resulting display order also represents syntactically valid source code.”

Microsoft: This macOS flaw could have let attackers install undetectable malware
Date: 2021-11-01
Author: ZDNet

Apple has patched a security flaw in macOS that Microsoft researchers found could be used to install a malicious kernel driver, otherwise known as a ‘rootkit’.
The flaw resided within macOS System Integrity Protection (SIP). The glitch allowed a potential attacker to install a hardware interface that allows them to “overwrite system files, or install persistent, undetectable malware”.

FBI: Ransomware groups tying attacks to ‘significant financial events’
Date: 2021-11-03
Author: ZDNet

The FBI has released a new report saying ransomware groups are increasingly using “significant financial events” as leverage during their attacks.
According to the FBI, ransomware groups are using events like mergers and acquisitions to target companies and force them into paying ransoms.
“Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material non-public information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash,” the FBI wrote.

EU to adopt new cybersecurity rules for smartphones, wireless, IoT devices
Date: 2021-11-01
Author: The Record

The European Commission has ordered an update to the Radio Equipment Directive in order to introduce new cybersecurity guidelines for radio and wireless equipment sold on the EU market, such as mobile phones, tablets, fitness trackers, and other smart IoT devices.
The new standards, which are currently scheduled to enter into effect by mid-2024, were adopted following a delegated act to the Radio Equipment Directive, a piece of 2014 EU legislation that acts as the regulatory framework that equipment vendors must follow in order to sell electronic equipment on the EU market.

Google wants every account to use 2FA, starts auto-enrolling users
Date: 2021-11-04
Author: Ars Technica

Google announced earlier this year that it is planning to forcefully transition as many of its users as possible to two-factor authentication. The company elaborated further in October, saying it was planning to auto-enroll 150 million Google accounts in 2FA by the end of the year. Now, with just two months left in the year, Android Police has found a few reports showing that the process has started, with some users finally being auto-enrolled in 2FA.

ESB-2021.3668 – ALERT Catalyst Passive Optical Network (PON) Series Switches: Multiple vulnerabilities

Cisco has released software updates that address vulnerabilities in Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT)

ESB-2021.3667 – ALERT Policy Suite: Root compromise – Remote/unauthenticated

Cisco has released free software updates that address the vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite which could lead to root compromise

ASB-2021.0229.2 – UPDATED ALERT Unicode Directional Formatting: Multiple Vulnerabilities

An attacker could exploit Unicode Standards to deceive a human code reviewer and hide unexpected and potentially dangerous behavior

ESB-2021.3666 – GitLab: Multiple vulnerabilities

This critical vulnerability is the result of improper validation of image files by a 3rd-party file parser, resulting in a remote command execution vulnerability

ESB-2021.3684 – Firefox: Multiple vulnerabilities

Firefox could be made to crash or run programs as your login if it opened a malicious website

Stay safe, stay patched and have a good weekend!

The AusCERT team