//Week in review - 27 Jan 2023


The latest episode of AusCERT’s Share Today, Save Tomorrow podcast is available for download, featuring Jess Dodson (@girlgerms) chatting with Anthony Caruana about her Zero Trust journey. Frameworks or ideas like Zero Trust often emerge in fast-paced industries like cyber security, however they’re sometimes unfairly overlooked as a “buzz phrase” or “passing trend”. Jess’s excellent presentation at the AusCERT2022 Cyber Security Conference gives a great, no nonsense explanation of what Zero Trust actually is and how you can implement it within your organisation.

Speaking of the AusCERT Cyber Security Conference, the AusCERT2023 Call For Presentations CLOSES this evening! If you haven’t submitted your idea yet there’s still time, and remember we’re very keen to support first time presenters with additional mentoring. Many professionals have imposter syndrome, but remember your experiences are uniquely yours and quite likely very interesting to others! If you’re still stuck for ideas, listen to our joint presentation with Lidia Giuliano (@pink_tangent) and AusCERT's Mark Carey-Smith, Bek Cheb and Mike Holm from Tuesday this week, “How to prepare a speaking topic and submit to a conference CFP”. Some additional resources are available on the Call for Presentations page, such as the padlet coordinated by Mark containing crowd-sourced ideas on “What makes a great conference presentation?”.

In amongst imposter syndrome, too-much-compliance fatigue, not-enough-resources burnout, rising costs and other such worries, it’s easy to lose sight of the real goals of your organisation or business unit. At this time, your professional network and trusted partners can significantly contribute towards your success. Why not discuss cyber security topics with peers on AusCERT’s Member Slack or other communities like the JCSC Slack, use free resources like this blog and AusCERT Daily Intelligence Report to help you keep up to date and plan your year?

Here's the top stories from this week, in case you missed any of them:

QUT alerts staff, students to data breach – Security
Date: 2023-01-23
Author: iTnews

Queensland University of Technology has alerted 2500 staff and 67 students that their personal information was breached in a late December incident.
Most of the university’s IT systems were taken offline, some of them for weeks, when the breach was first detected.
The university said most have been restored, in an announcement posted last week to its website.

Authorities shut down HIVE ransomware infrastructure, provide decryption tools
Date: 2023-01-26
Author: Help Net Security

Europol supported the German, Dutch and US authorities in taking down the infrastructure of the prolific HIVE ransomware. This international operation involved authorities from 13 countries in total. Law enforcement identified the decryption keys and shared them with many victims, helping them regain access to their data without paying the cybercriminals.

PayPal Warns 35,000 Users of Credential Stuffing Attacks
Date: 2023-01-20
Author: Security Week

Online payments system PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.
“On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials,” the company said in the notification letter sent to the impacted individuals.
According to PayPal, between December 6 and 8, 2022, a third party accessed user accounts using login credentials obtained elsewhere. The unauthorized access was eliminated on December 8.

Suspected Chinese hackers exploit vulnerability in Fortinet devices
Date: 2023-01-21
Author: The Record

[See AusCERT Security Bulletin 13 December 2022 ESB-2022.6458.2]
Suspected Chinese hackers have been targeting a European government entity and African managed service provider with new custom malware.
According to a report released by Mandiant on Thursday, hackers exploited a recently patched vulnerability — CVE-2022-42475 — in FortiOS, an operating system developed by U.S. cybersecurity company Fortinet, as a zero-day.

IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
Date: 2023-01-24
Author: The Daily Swig

IoT vendors are making slow progress in making it easy for security researchers to report security bugs, with only 27.1% of suppliers offering a vulnerability disclosure policy.
The figure, based on the latest annual report from the IoT Security Foundation (IoTSF), compares to the 9.7% of IoT (Internet of Things) vendors that were reported to have a disclosure policy in the 2018 edition of the same study.
Vulnerability management ought to be a cornerstone of connected product security, widely recommended in 30 cybersecurity guidance initiatives including the IoTSF’s IoT Security Assurance Framework.

Universities offered software to sniff out ChatGPT-written essays
Date: 2023-01-23
Author: The Register

Turnitin, best known for its anti-plagiarism software used by tens of thousands of universities and schools around the world, is building a tool to detect text generated by AI.
Large language models have gained traction since the commercial release of OpenAI's GPT-3 in 2020. Now multiple companies have built their own rival machine learning systems, kickstarting a new wave of startups developing products powered by generative AI. These models operate like general-purpose chatbots. Users type instructions, and they will respond with passages of coherent, convincing text.

ESB-2023.0391.2 – ALERT iOS: CVSS (Max): 8.8

Apple released additional updates that may have been actively exploited against versions of iOS released before iOS 15.1

ESB-2023.0398 – ALERT VMware vRealize Log Insight and Cloud Foundation (VMware vRealize Log Insight) : CVSS (Max): 9.8

VMware released the latest updates for vRealize Log Insight which addresses multiple security vulnerabilities

ESB-2023.0428 – MySQL: CVSS (Max): 9.8

Ubuntu reports several security issues in the MySQL and advises their clients to apply the most recent patches

ESB-2023.0462 – PAM: CVSS (Max): 9.8

Ubuntu released an update that fixes PAM vulnerability which would allow unintended access to the machine over the network

ESB-2023.0466 – Linux kernel (Raspberry Pi): CVSS (Max): 10.0

Ubuntu released an update to fix Linux kernel (Raspberry Pi) vulnerabilities which could potentially result in the execution of arbitrary code and denial of service attack

Stay safe, stay patched and have a good weekend!

The AusCERT team