11 Mar 2022

Week in review

Greetings,

We are excited to announce our second keynote speaker for AUSCERT2022, Lesley Carhart. Lesley, also known by her Twitter handle ‘Hacks4Pancakes’, is the Director of Incident Response for North America at the industrial cybersecurity company Dragos, Inc., leading response to and proactively hunting for threats in customers’ ICS environments.

You may find Lesley organizing resume and interview clinics at several cybersecurity conferences, lecturing, and blogging and tweeting prolifically about cybersecurity.

When not working, Lesley enjoys being a youth martial arts instructor. This is Lesley’s first time speaking in-person Down Under and we can’t wait to see them on the Gold Coast in May!

If you’d like to see Lesley in person or, perhaps one of our many other informative and engaging presenters, why not register today to ensure that you don’t miss out?

AUSCERT2022 will again be held at The Star Gold Coast and will be broadcast virtually, allowing you to attend in the format that suits you best.

As it enters the second week, the invasion of Ukraine continues to reveal risks, real and potential, for individuals and organisations the world over.

Harvard Business Review discusses possible preventative measures to take in order to be as safe as possible and, what a global cyberwar may look like.


New Linux bug gives root on all major distros, exploit released
Date: 2022-03-07
Author: Bleeping Computer

[Refer AUSCERT Security Bulletin: ASB-2022.0061]
A new Linux vulnerability known as ‘Dirty Pipe’ allows local users to gain root privileges through publicly available exploits.
Today, security researcher Max Kellermann responsibly disclosed the ‘Dirty Pipe’ vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.
The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.

Malware now using NVIDIA’s stolen code signing certificates
Date: 2022-03-05
Author: Bleeping Computer

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.
This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
The extortion group, known as Lapsus$, states that they stole 1TB of data during the attack and began leaking the data online after NVIDIA refused to negotiate with them.

Big tech decries Australia’s anti-trolling Bill for not allowing innocent dissemination defence
Date: 2022-03-07
Author: ZDNet

Meta, Twitter, and YouTube have all echoed the same concerns about Australia’s proposed anti-trolling laws, saying it would place an “unprecedented level” of defamation risk on social media platforms as it seeks to remove the defence of innocent dissemination.
The innocent dissemination defence allows entities, such as social media platforms, to not be liable for defamation if they had no knowledge of the defamatory material, and their failure to detect the material was not due to negligence.

Russia-Ukraine war: NYC on ‘ultra-high alert’ amid increased risk of Russian retaliatory cyberattack
Date: 2022-03-07
Author: Fox News

New York state is facing “increased risk” of cyberattack from Russian retaliators, while city agents have seen more breach attempts amid heightened tensions that have arisen from the Russian invasion of Ukraine, officials said Monday.
Sen. Kirsten Gillibrand, a New York Democrat, met with New York City and police department officials on Monday morning. The New York Police Department (NYPD) has found no specific credible cybersecurity threats to the city so far, but not for a lack of effort, officials have said.

Samsung confirms hackers stole Galaxy devices source code
Date: 2022-03-07
Author: Bleeping Computer

Samsung Electronics confirmed on Monday that its network was breached and the hackers stole confidential information, including source code present in Galaxy smartphones.
As first reported by BleepingComputer, the data extortion group Lapsus$ leaked at the end of last week close to 190GB of archives claiming to have been stolen from Samsung Electronics.

Smartphone malware is on the rise, here’s what to watch out for
Date: 2022-03-10
Author: ZDNet

There’s been a surge in mobile malware attacks as cyber criminals ramp up their attempts to deliver malicious text messages and applications to users in order to steal sensitive information including passwords and bank details.
Cybersecurity researchers at Proofpoint say they detected a 500% jump in attempted mobile malware attacks during the first few months of 2022, with significant peaks at the beginning and end of February.

Internet Backbone Giant Lumen Shuns .RU
Date: 2022-03-08
Author: Krebs on Security

Lumen Technologies, an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen’s decision comes just days after a similar exit by backbone provider Cogent, and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president’s war in Ukraine.


ASB-2022.0062 – ALERT Microsoft Windows, Windows Server, Remote Desktop Client and Image/Video Extensions: CVSS (Max): 8.8

Microsoft has released its monthly security patch update for the month of March 2022 and also noted that exploitation of CVE-2022-24508 is more likely to be targeted by threat actors

ESB-2022.0967 – Adobe After Effects: CVSS (Max): 7.8

Adobe has released an update for Adobe After Effects for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user

ASB-2022.0065 – ALERT Microsoft Exchange Server: CVSS (Max): 8.8

Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue in its monthly security patch update

ESB-2022.0991 – MozillaFirefox: CVSS (Max): 8.8

Mozilla released a security update for two new vulnerabilities in Mozilla Firefox


Stay safe, stay patched and have a good weekend!

The AUSCERT team