//Week in review - 12 May 2023


What an amazing week it’s been at AusCERT2023! Attending cyber security conferences can be wonderfully rewarding, but also quite daunting for first time attendees or those with a neuro-diverse background. This year at AusCERT2023 we once again featured an onsite psychologist for attendees to visit and discuss anything from mental wellbeing right through to life coaching. In addition, The University of Queensland’s Shelly Mills coordinated a panel discussion with Trinity McNicol from Sunshine Coast University on neurodiversity in the workplace, and how employers and team members can support these individuals.

With “Back to the Future” for our theme, past AusCERT team member Mark McPherson joined forces with present-day AusCERT Senior Analyst Eric Halil to present a wonderful trip down memory lane beginning in the late 1980s, when the seeds were planted to form the AusCERT we know today. If you missed this or any of the presentations, watch out for the YouTube uploads later on.

Organisations are realising that data governance is an extremely important mitigating control against breaches, and this shift has brought professionals from both the cybersecurity and data governance fields together. The AusCERT2023 Conference featured Troy Hunt, long-time cyber security expert and creator of the Have I Been Pwned website, Craig Rowlands, Director of Technology Data at Bupa, Kate Carruthers, Chief Data & Insights Officer for UNSW Sydney and The University of Queensland’s Sasenka Abeysooriya, Strategist and Data Governance Expert in a cross-discipline discussion on the importance of data governance and cyber security strategy.

At the heart of this week’s AusCERT2023 Conference was a strong theme of working together to achieve common goals. An amazing number of “hallway conversations” took place amongst the delegates, sharing ideas and comparing notes with other professionals from many disciplines. Next week delegates will return to their workplaces armed with a wealth of knowledge from those conversations, tutorials and the very latest content from the presentations. The coming weekend will hopefully give our delegates a chance to restore a healthy work-life balance and rest up, especially after celebrating last night at the Back to the Future themed gala dinner, featuring once again the amazing DJ Clariti and AusCERT Awards!

In case you missed this week’s cyber security news while attending AusCERT2023, here’s the top stories:

Western Digital says hackers stole customer data in March cyberattack
Date: 2023-05-07
Author: Bleeping Computer

Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack.
The company emailed the data breach notifications late Friday afternoon, warning that customers’ data was stored in a Western Digital database stolen during the attack.
“Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers,” Western Digital said.

Microsoft: Iranian hacking groups join Papercut attack spree
Date: 2023-05-08
Author: Bleeping Computer

Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.
These groups are tracked as Mango Sandstorm (aka Mercury or Muddywater and linked to Iran’s Ministry of Intelligence and Security) and Mint Sandstorm (also known as Phosphorus or APT35 and tied to Iran’s Islamic Revolutionary Guard Corps).

1 Million Impacted by Data Breach at NextGen Healthcare
Date: 2023-05-08
Author: Security Week

Healthcare solutions provider NextGen Healthcare has started informing roughly one million individuals that their personal information was compromised in a data breach. Headquartered in Atlanta, Georgia, the company makes and sells electronic health records software and provides doctors and medical professionals with practice management services.

FluHorse: New Android Threat Stealing 2FA Codes and Passwords
Date: 2023-05-08
Author: Cyware Hacker News

According to a recent report by Check Point Research, a new type of malware, named FluHorse, has been discovered. The malware comprises a cluster of Android apps that masquerade as genuine applications. Shockingly, the fake apps have already been downloaded by more than one million users.
FluHorse is created to pilfer personal information such as usernames, passwords, and 2FA codes. The distribution of the FluHorse malware occurs through email, and it targets various sectors in the Eastern Asian market.

NodeStealer: New Information-stealing Threat Terminated by Facebook
Date: 2023-05-09
Author: Cyware Hacker News

A new information-stealing malware, named NodeStealer, has been discovered by Facebook. It can steal browser cookies to hijack accounts on the platform, as well as Outlook and Gmail accounts. Furthermore, it allows its operator to bypass 2FA.
About the campaign
Facebook’s engineers spotted the NodeStealer malware first in late January and linked the attacks to Vietnamese threat actors.
Cybercriminals aim to hijack the Facebook account’s ability to run advertising campaigns and push misinformation or lead audiences to sites spreading malware.

ESB-2023.2521 – GitLab Community Edition and Enterprise Edition: CVSS (Max): 9.6

GitLab has released versions 15.11.2, 15.10.6, and 15.9.7 for Community Edition (CE) and Enterprise Edition (EE).

ASB-2023.0103 – ALERT Microsoft Windows: CVSS (Max): 9.8

Microsoft’s most recent patch update resolves 27 vulnerabilities across Windows, Windows Server, Remote Desktop and Av1 Video Extension.

ASB-2023.0105 – ALERT Microsoft ESU: CVSS (Max): 9.8

Microsoft has resolved 14 vulnerabilities with Windows Server 2008 variants.

ESB-2023.2691 – emacs: CVSS (Max): 9.8

Issues have been discovered in Emacs which, if exploited, could result in the execution of arbitrary shell commands. This has been fixed in a new version.

ESB-2023.2694 – Citrix ADC and Citrix Gateway: CVSS (Max): 6.3

Citrix reports vulnerabilities in ADC and Gateway, and advises its users to install relevant updated versions.

ESB-2023.2693 – Nessus Network Monitor: CVSS (Max): 9.8

Tenable has discovered vulnerabilities in Nessus Network Monitor, and released a critical patch to address these issues.

Stay safe, stay patched and have a good weekend!

The AusCERT team