//Week in review - 28 Oct 2022


Episode 16 of our podcast has landed and features a chat between Anthony
Caruana and Alex Tilley of Secureworks about understanding and combatting cyberattacks –
timely given the recent spate of Australians impacted by several large-scale data breaches.

Later, the AusCERT team discuss the intangible nature of cyber threats and the need for
greater awareness of their relevance and potential impact.

To improve understanding of what can be done in this regard, the discussion then focuses
on education and learning, including AusCERT’s training courses.

The first of November of each year sees the culturally significant celebration Dia de los
Muertos, also known as the Day of the Dead, across Mexico. Unlike Halloween, Dia de los
isn’t about scaring or being frightened but celebrates
the lives of loved ones who have passed away.
Day of the Dead combines the ancient Aztec custom of celebrating ancestors with All Souls’
Day, a holiday that Spanish invaders brought to Mexico starting in the early 1500s and has
become a joyful time that helps people remember the deceased and celebrate their memory.

This time of year also typically sees shades of purple dominate streetscapes across
Australia with the Jacaranda trees flowering. The captivating and vibrant Jacaranda is an
iconic tree in Australia but is native to Central and South America. Here at The University of
Queensland, they’re even part of local lore, signifying the end-of-year exams and are
celebrated with the BLOOM Festival.

There’s a lot to see, including interactive exhibits, live music, pop-up picnics and indigenous

Gov invokes emergency coordination as Medibank breach worsens
Date: 2022-10-26
Author: IT News

The government has invoked a Covid-era response mechanism, bringing together federal, state and territory agencies to coordinate on the worsening Medibank data breach. Minister for cyber security Clare O’Neil said the national coordination mechanism (NCM) was activated on Saturday.
The activation came as Medibank announced that the attackers who breached its ahm and international student systems had provided a file which demonstrated compromise of customer records under its main brand as well.

Security experts targeted with malicious CVE PoC exploits on GitHub
Date: 2022-10-24
Author: Security Affairs

A team of researchers at the Leiden Institute of Advanced Computer Science (Soufian El Yadmani, Robin The, Olga Gadyatskaya) discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for multiple vulnerabilities.
The experts analyzed PoCs shared on GitHub for known vulnerabilities discovered in 2017-2021, some of these repositories were used by threat actors to spread malware.
The experts pointed out that public code repositories do not provide any guarantees that any given PoC comes from a trustworthy source.

Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn
Date: 2022-10-28
Author: Dark Reading

[Refer AusCERT Bulletin ASB-2022.0229 ]
Organizations have five days to prepare for what the OpenSSL Project on Oct. 26 described as a “critical” vulnerability in versions 3.0 and above of the nearly ubiquitously used cryptographic library for encrypting communications on the Internet.
On Tuesday, Nov. 1, the project will release a new version of OpenSSL (version 3.0.7) that will patch an as-yet-undisclosed flaw in current versions of the technology. The characteristics of the vulnerability and ease with which it can be exploited will determine the speed with which organizations will need to address the issue.

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime
Date: 2022-10-27
Author: Dark Reading

When we think about cybercrime and retail it is natural to focus on websites being targeted with attacks. Indeed, there has been a shocking rise in the number of cyberattacks perpetrated against online retailers in the past year. Dakota Murphey explains why store owners and security managers need to also protect their physical locations from the cyber threat, too, however.
Figures from SonicWall’s Biannual Report revealed that e-commerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.
However, for those retailers that have a physical store as well as an online presence, there might be an assumption that the cybersecurity in-store doesn’t need to be considered as a top priority. Well, doing so could be a big mistake.

Third quarter of 2022 reveals increase in cyberattacks and unexpected developments in global trends
Date: 2022-10-26
Author: Check Point

Global attacks increased by 28%in the third quarter of 2022 compared to same period in 2021. The average weekly attacks per organization worldwide reached over 1,130
The most attacked industry in the third quarter of the year was the Education/Research sector, with an average of 2,148 attacks per organization every week, an increase of 18% compared to third quarter of 2021
The Healthcare sector was the most targeted industry for ransomware during the third quarter of 2022, with one in 42 organizations impacted by ransomware, a 5% increase YoY

Australian Clinical Labs says patient data stolen in ransomware attack
Date: 2022-10-27
Author: Bleeping Computer

Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people.

ESB-2022.5278 – Apache Commons Text : CVSS (Max): 9.8

Apache Software Foundation has reported a vulnerability in Apache Commons Text and recommends the users to upgrade Commons Text to 1.10.0.

ESB-2022.5300 – ALERT macOS Ventura: CVSS (Max): 9.8*

Apple has released macOS Ventura 13 which fixes a number of issues across a range of products.

ASB-2022.0199.4 – UPDATE Medibank Cyber Security Incident

Medibank announced a further development in the Medibank data breach incident. AusCERT continues to keep its members updated as further information
is released.

ASB-2022.0228 – Energy Australia Data Breach

Energy Australia announced a cyber incident which involved unauthorised access to their online platform. AusCERT is aware of the incident and will share further information with members as they become available.

ASB-2022.0229 – OpenSSL

OpenSSL version 3.0.7 is scheduled for Tuesday, 1 November 2022 and includes a patch for a critical vulnerability. AusCERT strongly recommends the administrators to apply the patch when it is released.

Stay safe, stay patched and have a good weekend!

The AusCERT team