//Week in review - 15 Jul 2022


Last week in our blog, Staying aware this tax time, we looked at potential risks for individuals in relation to phishing and smishing, specific to Australian tax processes.
A recent article from The Conversation expands upon this growing trend, providing examples of methods used by scammers to gain an insight into the lives of potential targets, with their age and social status key data. It goes on to explain that information from social media is making it easier for scammers to create phishing attacks specifically targeting people, due to the abundance of personal information available about them.
Increasing global connectivity and our growing reliance on technology are factors that have fuelled the growth of IT/OT convergence.
This area is a perpetual work in progress and is discussed in the first episode of Season 2 of our podcast series. Episode 13, features a chat between Anthony Caruana and Lesley Carhart who discuss the intersection between cyber security and operational technology, including the increased risk and vulnerability throughout the industry.

Microsoft's July Patch Tuesday fixes actively exploited bug
Date: 2022-07-12
Author: The Register

[See also: ASB-2022.0137]
No, Windows Autopatch didn't kill the monthly patchapalooza
PATCH TUESDAY Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live — with a slew of caveats — the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit.
Let's start with the one that miscreants have already found and exploited. CVE-2022-22047 is an elevation of privilege vuln in Windows' Client Server Runtime Subsystem (CSRSS). Microsoft deemed it an "important" security issue, with low complexity and low privileges required to exploit. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the security advisory explained.

Ransomware gang now lets you search their stolen data
Date: 2022-07-11
Author: Bleeping Computer

Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data.
The new tactic consists in adding a search function on the leak site to make it easier to find victims or even specific details.
At least two ransomware operations and a data extortion gang have adopted the strategy recently and more threat actors are likely to do the same.

Deakin University reveals breach of 47,000 students' details
Date: 2022-07-13
Author: iTnews

Subset targeted with smish sent via officially-used SMS channel.
Deakin University has revealed a data breach impacting almost 47,000 current and past students, along with a ‘smishing’ attempt that compromised a legitimate communications channel to target 10,000 current students
The Victorian university said it had been “targeted in a cyber attack” where a single staff member’s login credentials were compromised.

Microsoft details massive phishing operation
Date: 2022-07-13
Author: IT News

A phishing campaign that has been active since September 2021 has so far attempted to target more than 10,000 organisations, Microsoft security researchers said.
The campaign uses what Microsoft calls Adversary in the Middle (AitM) attacks which involves setting up a proxy server that sits between victims and the websites they wish to visit.
With a proxy server that intercepts hyper text transfer protocol (HTTP) packets from users, attackers don't need create sites that impersonate legitimate ones, as per traditional phishing campaigns.

Australia's major banks look to dynamic CVV to combat payment fraud
Date: 2022-07-11
Author: IT News

Three of the 'Big Four' Australian banks have turned to dynamic card verification value (CVV) functionality to combat online payment fraud and boost digital consumer protections.
The CVC or CVV is traditionally a static, three-digit number found on the back of a physical debit or credit card that acts as an additional layer of verification or security when a customer is transacting online.

Vulnerability Spotlight: Adobe Acrobat DC use-after-free issues could lead to arbitrary code execution
Date: 2022-07-13
Author: Talos Website

[See also ESB-2022.3409]
Cisco Talos recently discovered two use-after-free vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code.
Acrobat is one of the most popular PDF reader software options available currently. It includes the ability to read and process JavaScript to give PDFs greater interactivity and customization options for users. This vulnerability exists in the way Acrobat Reader processes JavaScript.

1 in 3 untrained employees will click on a phishing link
Date: 2022-07-13
Author: Security Brief

One in three untrained employees will click on a phishing link, according to a new report from KnowBe4.
The security awareness training and simulated phishing platform has released the new 2022 Phishing by Industry Benchmarking Report, which measures an organisation’s Phish-proneTM Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or a social engineering scam.

Tech giants want to kill off passwords. Here's why they think passkeys will change the world, and what that means for you
Date: 2022-07-14
Author: ABC News

Last year, a password management company and a group of researchers found that the most common password in the world was 123456 — they said it showed up more than 103 million times.
Second was 123456789.
Third was 12345

ASB-2022.0139 – ALERT Windows 7 and Windows Server 2008: CVSS (Max): 8.8*

Microsoft's Patch Tuesday included fixes for Windows 7 and Windows Server 2008

ASB-2022.0137 – ALERT Windows: CVSS (Max): 8.8*

Microsoft Patch Tuesday updates included a fix for the CVE-2022-22047 actively exploited vulnerability

ESB-2022.3409 – Adobe Acrobat DC and Adobe Acrobat Reader DC: CVSS (Max): 7.8

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS which addressed multiple critical, and important vulnerabilities that could lead to arbitrary code execution and memory leak

ESB-2022.3381 – CVSS (Max): 9.8

An update was released for two security issues in the Debian PHP package which could result an denial of service or potentially the execution of arbitrary code

Stay safe, stay patched and have a good weekend!

The AusCERT team