//Week in review - 29 Jul 2022

Greetings,

Great ideas were delivered with enthusiasm and with a hint of competitiveness at the AusCERT Team Planning and Strategy Day earlier this week. It was a great opportunity for the teams to collaborate, brainstorm and put forward ideas and projects that focus on improving internal efficiencies and delivering the best service possible to our members.

Now, it’s up to all of us to turn the ideas into reality so, watch this space!

An idea that wasn’t popular was the controversial use of facial recognition technology in Bunnings and Kmart stores which was ‘paused’ earlier in the week following a significant public backlash.

Positioned as a means of preventing theft, the stores are insistent that the use of such technology is legitimate. However, as reported in a recent Choice article, the decision to use facial recognition technology in this manner will be a matter for the Office of the Australian Information Commissioner (OAIC) to decide.

Tomorrow, June 30, Is World Friendship Day. Originally developed by Hallmark as a means of creating another holiday in which to exchange cards, the concept of honouring friendship soon took over and it became a popular custom to reserve a day to celebrate friends.

With the growth in social media across the globe, the General Assembly of the United Nations declared in 2011 that June 30 shall be a day to celebrate, connect and bring together people from all backgrounds.


Atlassian Patches Servlet Filter Vulnerabilities Impacting Multiple Products
Date: 2022-07-21
Author: Security Week

[See also: ESB-2022.3575]
Servlet Filters are pieces of Java code designed to intercept and process HTTP requests sent between a client and a backend. Servlet Filters may offer security mechanisms such as auditing, authentication, logging, or authorization.
Tracked as CVE-2022-26136 and described as a Servlet Filter bypass, the first of the flaws could allow a remote, unauthenticated attacker to send specially crafted HTTP request and authenticate to third-party apps, or to launch a cross-site scripting (XSS) attack, to execute JavaScript code in a user’s browser.

Microsoft issues emergency fix for broken Windows 11 start menu
Date: 2022-07-25
Author: Bleeping Computer

Microsoft has addressed a known issue that was causing the start menu on some Windows 11 to malfunction after installing recent updates.
This known issue affects only devices running Windows 11, version 21H2, and it was acknowledged on Friday after Redmond received customer reports of start menu issues affecting some systems.
“A small number of devices are unable to open the Start menu after installing updates released June 23, 2022 or later,” the company explained in a recent update on the Windows health dashboard.

Hackers scan for vulnerabilities within 15 minutes of disclosure
Date: 2022-07-26
Author: Bleeping Computer

System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.
According to Palo Alto’s 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution.
However, the speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited.

Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware
Date: 2022-07-28
Author: Dark Reading

A cyber-weapons broker dubbed Knotweed has been outed, with Microsoft flagging it as being behind numerous spyware attacks on law firms, banks, and strategic consultancies in countries around the world.
To boot, Knotweed has made a habit of incorporating rafts of Windows and Adobe zero-day exploits into its spyware since at least 2021, according to Microsoft.

Hacker puts 5.4m Twitter account details on sale with $30k price tag
Date: 2022-07-26
Author: Cyber Security Connect

A hacker has put a database of phone numbers and email addresses belonging to 5.4 million Twitter accounts for sale on the dark web for $30,000.
Twitter is currently investigating the breach according to reports by CyberWire. The hack is linked with a cyber breach that occurred in January this year according to Restore Privacy, after tracking down HackerOne reports that observed the January incident “had potential of exposing user information even when hidden behind privacy settings”.
Restore Privacy has also found that Twitter paid a bug bounty to the researcher who had reported the breach, then enabled the short-form social media platform to close it, but that earlier vulnerability appears to have been “exploited to collect a very large tranche of user data”.

Ransomware Continues to Disrupt OT Operations
Date: 2022-07-28
Author: Cyber Security Connect

At the end of 2021, Dragos assessed with high confidence that ransomware would continue to disrupt OT operations into 2022. So far, that assessment holds true.
Although we don’t have substantive evidence that the quantity of ransomware incidents has increased year on year, a surge of ransomware initial access campaigns in 2022 shows specific ransomware groups like Conti are more active. Also, the political tension between Russia and western countries may only exacerbate this.

Bunnings and Kmart halt use of facial recognition technology in stores as privacy watchdog investigates
Date: 2022-07-25
Author: The Guardian

Kmart and Bunnings have paused the use of facial recognition technology in their stores, amid an investigation from Australia’s privacy regulator.
Consumer group Choice last month revealed Bunnings and Kmart were using the technology – which captures images of people’s faces from video cameras as a unique faceprint that is then stored and can be compared with other faceprints – in what the companies say is a move to protect customers and staff and reduce theft in select stores.
The two companies are now being investigated by the Office of the Australian Information Commissioner (OAIC) over their use of the technology and whether it is consistent with privacy laws.

Microsoft Edge now improves performance by compressing disk cache
Date: 2022-07-27
Author: Bleeping Computer

Microsoft says Microsoft Edge users will notice improved performance and a smaller disk footprint because the web browser now automatically compresses disk caches.
“Beginning with Microsoft Edge 102 on Windows, Microsoft Edge automatically compresses disk caches on devices that meet eligibility checks, to ensure the compression will be beneficial without degrading performance,” the Microsoft Edge Team said Wednesday.
“This ensures compression of these caches largely improves performance and overall user experience.”


ESB-2022.3656 – Firefox: CVSS (Max): None

Mozilla has updated Firefox to version 103 to patch multiple vulnerabilities

ESB-2022.3576 – Google Chrome: CVSS (Max): None

Multiple vulnerabilities have been fixed in Google Chrome version 103.0.5060.134

ESB-2022.3706 – Samba: CVSS (Max): 8.8

Samba has addressed a security vulnerability that allows Samba AD users to forge password change requests for any user including Admin

ESB-2022.3685 – Red Hat OpenShift Service Mesh 2.1.3: CVSS (Max): 10.0

Red Hat has released a critical security update for Red Hat OpenShift Service Mesh addressing a trivial bypass vulnerability

ASB-2022.0175.2 – Sonicwall GMS (Global Management System)and Analytics On-Prem products : CVSS (Max): None

SonicWall has released security advisories about an SQL Injection vulnerability affecting GMS (Global Management System) and Analytics On-Prem products


Stay safe, stay patched and have a good weekend!

The AusCERT team