//Week in review - 4 Nov 2022


This week saw trick-or-treaters and people of all ages flock to the streets in ‘spooky’ costumes in celebration of Halloween. The history of trick-or-treating goes back to Scotland and Ireland, where the tradition began as people would go door to door staging performances that were rewarded with food and sweets.

Speaking of candy, today is the National Candy Day! Of course, this is mostly celebrated in the US, but why not make it into an excuse to dig into the leftover Halloween treats? Whether it is chewy, gummy, hard, fruit-flavoured or the ones that melt in your mouth, candy has always been a source of universal happiness.

On a more serious topic, The OpenSSL Project released OpenSSL 3.0.7 to address two high-severity security flaws in its cryptographic library amid a big storm of hype in the Cyber Security world. These flaws were initially listed as “critical” but were downgraded to “high” following additional testing. The vulnerabilities affect OpenSSL versions 3.0.0 to 3.0.6.

AusCERT strongly recommends the deployment of OpenSSL 3.0.7 as soon as possible to impacted applications and servers to avoid potential Denial of Service or Remote Code Execution attacks.

In other news this week, Australia took part in the Counter Ransomware Initiative (CRI) Summit hosted by the White House on 31 October to 1 November 2022. The participating governments released a set of planned actions including the establishment of the Voluntary International Counter Ransomware Task Force, led by Australia that will encourage threat information sharing and better coordination of the international actions aimed at tracking ransomware criminals' financial activities.

Last but not least, AusCERT would like to remind everyone to be mindful of current threats and vulnerabilities, with the recent spate of data breaches and ransomware attacks targeting Australian organisations.

Have a good weekend!

Microsoft releases out-of-band updates to fix OneDrive crashes
Date: 2022-10-29
Author: Bleeping Computer

Microsoft has released out-of-band updates to address a known issue causing OneDrive and OneDrive for Business to crash after installing recent Windows 10 updates.
The issue occurs when signing out or unlinking OneDrive accounts or sites and folders from Microsoft Teams and SharePoint.
"After installing KB5018410 or later updates, OneDrive might unexpectedly close," Redmond explained in a Windows health dashboard update on Friday.

OpenSSL fixes two high severity vulnerabilities
Date: 2022-11-01
Author: Bleeping Computer

The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections.
The vulnerabilities (CVE-2022-3602 and CVE-2022-3786) affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7.
CVE-2022-3602 is an arbitrary 4-byte stack buffer overflow that could trigger crashes or lead to remote code execution (RCE), while CVE-2022-3786 can be exploited by attackers via malicious email addresses to trigger a denial of service state via a buffer overflow.

Australian Defence Department caught up in ransomware attack
Date: 2022-10-31
Author: ABC News

A communications platform used by military personnel and Defence Department public servants has been hit by a ransomware attack. Hackers have targeted the ForceNet service, which is run by an external ICT provider, but Defence has been told no data of current or former personnel appears to have been compromised.

Dropbox discloses breach after hacker stole 130 GitHub repositories
Date: 2022-11-01
Author: Bleeping Computer

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.
The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent.
"To date, our investigation has found that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers," Dropbox revealed on Tuesday.

Govt counter-ransomware taskforce in works
Date: 2022-11-02
Author: FST Media

Minister for Home Affairs and Cyber Security, Clare O’Neil, said the taskforce will be convened by the Department of Home Affairs Cyber and Critical Technology Coordination Centre after members of the international initiative agreed to establish a unit at the Counter Ransomware Summit in Washington earlier this week.
“The cyber incident involving Medibank Private is a blunt reminder that we need a globally focused capability to combat cyber threats, including ransomware,” Minister O’Neil said.

ESB-2022.5595 – Red Hat Single Sign-On 7.6.1 security update on RHEL 9

Multiple security fixes introduced with the latest version of Red Hat Single Sign On address remote code execution, denial of service and XSS vulnerabilities.

ASB-2022.0229.2 – OpenSSL Critical Patch Update for 3.0.x

It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

ESB-2022.5303.2 – APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16

Multiple security updates were released by Apple for iOS 16.1 and IPadOS 16 that addressed vulnerabilities relating to arbitrary code execution, app privilege levels and disclosure of user information.

Stay safe, stay patched and have a good weekend!

The AusCERT team