31 Mar 2023
Week in review
Greetings,
As data breaches and cyber attacks are progressively becoming more prevalent, organisations and individuals are now under threat more than ever. As a result it is increasingly important to properly equip yourself with the correct tools and training to ensure you and your organisation are prepared for the growing possibility of an attack.
The recent threat on 3CX is a cause for concern for most people – and for good reason! The Voice Over Internet Protocol (VoIP) software development company’s system caters to more than 12 million daily users and 600,000 companies worldwide, including some very high-profile organisations. Hackers reportedly compromised the app to target the company’s customers which could have exposed sensitive personal and financial data for all users and organisations involved.
As these data threats and breaches are increasingly becoming more common, organisations and individuals must do all they can to avoid the negative repercussions that can result. It's important for individuals and organizations to take steps to protect themselves against cyber attacks, such as using strong authentication, keeping software up to date, avoiding suspicious links and emails, and backing up important data. Additionally, organisations should invest in their people, to empower them to be an active part of cyber security risk reduction.
Resources like IDCare’s fact sheets are great information sources to educate yourself and colleagues on the appropriate measures to take against common threats. Scam watch can keep you updated with the latest threats and statistics. Also, something practical most people can do to help protect themselves and their loved ones is to employ Multi Factor Authentication (MFA), here’s some helpful information on how to enable it for a variety of services – https://2fa.directory/au/
Before we finish up for the week I would like to do a final reminder that Early Bird Offers and Member tokens are expiring today, March 31, for our 2023 AUSCERT conference. There’s never been a better time to further you and your organisation’s knowledge and expertise in cyber security, make sure to register today!
Google finds more Android, iOS zero-days used to install spyware
Date: 2023-03-29
Author: Bleeping Computer
Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices.
The attackers targeted iOS and Android users with separate exploit chains as part of a first campaign spotted in November 2022.
They used text messages pushing bit.ly shortened links to redirect the victims to legitimate shipment websites from Italy, Malaysia, and Kazakhstan after first sending them to pages triggering exploits abusing an iOS WebKit remote code execution zero-day (CVE-2022-42856) and a sandbox escape (CVE-2021-30900) bug.
Crown Resorts confirms ransom demand after GoAnywhere breach
Date: 2023-03-28
Author: Bleeping Computer
Crown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability.
The Blackstone-owned company has an annual revenue that surpasses $8 billion and operates complexes in Melbourne, Perth, Sydney, Macau, and London.
This data breach was conducted by the Clop ransomware gang, which has shifted over the past year from encrypting files to performing data extortion attacks.
In February, the threat actors claimed to have stolen data from 130 organizations over ten days utilizing a GoAnywhere zero-day vulnerability.
This is the most detailed portrait yet of data breaches in Australia
Date: 2023-03-28
Author: ABC News
Every bubble in the chart [below] is a data breach that put Australians at likely risk of “serious harm”. It shows a total of 2,784 recorded breaches since the start of 2020 — covering everything from the Optus and Medibank breaches, which exposed the personal information of millions, to mistakenly sent emails only affecting a single unlucky person.
The chart is based on the official record of data breaches reported to the Office of the Australian Information Commissioner (OAIC), obtained and published for the first time by the ABC.
Hotel and property giant Meriton hit by data hack, personal documents may be at risk
Date: 2023-03-29
Author: ABC News
One of Australia's biggest property giants has been hit by cybercriminals who may have made off with highly sensitive personal data including birth certificates and bank details, as well as information about salaries and disciplinary proceedings.
Guests and staff members employed by Meriton were affected by the data breach when hackers struck the luxury developer on January 14 this year.
NGS Super says 'limited data' stolen in cyber attack – Security
Date: 2023-03-28
Author: iTnews
NGS Super, an industry superannuation fund serving the education and community sectors, said an attacker had stolen “limited data” from its systems.
The fund said it detected and shut down an incident on March 17, but not before the attacker was able to exfiltrate some data.
The stolen data was stored on “internal drives”, according to the fund; why it was stored there is a matter for investigation.
“For our members we know that data was accessed, which for a group of members included their primary identifiers,” NGS Super said.
Home Affairs to set up cyber and infrastructure security group
Date: 2023-03-27
Author: iTnews
Home Affairs will set up a new cyber and infrastructure security group from May that will lead industry partnerships and support the implementation of the next nation cyber security strategy.
Secretary Michael Pezzullo told a Home Affairs cyber and infrastructure security conference that the new group would be led by Hamish Hansford in a new deputy secretary position.
ESB-2023.1834 – macOS Ventura: CVSS (Max): 7.8*
Apple has released the macOS Ventura 13.3 update which includes more than 30 security updates.
ESB-2023.1847 – Tenable.sc: CVSS (Max): 9.8
Tenable has released updates for multiple vulnerabilities in third party software leveraged by Tenable.sc
ESB-2023.1860 – OpenShift Container Platform 4.10.55: CVSS (Max): 7.8
Red Hat Openshift Container Platform is now updated to address multiple vulnerabilities.
ESB-2023.1861 – Mozilla Thunderbird: CVSS (Max): None
Mozilla has fixed denial of service attack in Thunderbird 102.9.1 for users who use the Matrix chat protocol.
Stay safe, stay patched and have a good weekend!
The AUSCERT team