//Week in review - 22 Apr 2022


The commemoration of ANZAC Day has become entrenched in Australia and New Zealand’s identity, marking the anniversary of the first major military action fought by members of the Australian and New Zealand Army Corps (ANZAC).

The Light Up The Dawn website, coordinated by RSL Australia, is the perfect place to learn about how you can commemorate those who are serving and those who have served. Lest We Forget.

Sadly, the presence of war remains today with the conflict in Ukraine showing no signs of easing. Although Easter is being observed in Russia this Sunday, April 24th, The Cyber Wire update earlier this week stated that governments in the west shouldn’t let their guard down concerning potential cyber attacks.

AusCERT has seen a surge in registrations for this year’s conference over the past few days which is exciting news! With just over two weeks to go until Australia’s premier information security conference gets underway, we encourage anyone interested in coming along to check out our sensational line-up of speakers and tutorials and Register Today for AusCERT2022!

Lastly, AusCERT is recruiting for two Software Developers with skills in Python on Linux platforms, and what an opportunity for developers with an interest in cyber security! As part of the AusCERT team, you'd work along side Analysts and Infrastructure Engineers and, speaking of the AusCERT Conference, you also get the chance to participate in the event too!

CISA warns of attackers now exploiting Windows Print Spooler bug
Date: 2022-04-19
Author: Bleeping Computer

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler.
This high severity vulnerability (tracked as CVE-2022-22718) impacts all versions of Windows per Microsoft's advisory and it was patched during the February 2022 Patch Tuesday.
The only information Microsoft shared about this security flaw is that threat actors can exploit it locally in low-complexity attacks without user interaction.

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021
Date: 2022-04-20
Author: The Hacker News

Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year.
The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020.
"The large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits," Google Project Zero security researcher Maddie Stone said.

US and allies warn of Russian hacking threat to critical infrastructure
Date: 2022-04-20
Author: Bleeping Computer

Today, Five Eyes cybersecurity authorities warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine's borders.
The warning comes from cybersecurity agencies in the United States, Australia, Canada, New Zealand, and the United Kingdom in a joint cybersecurity advisory with info on Russian state-backed hacking operations and Russian-aligned cybercrime groups.

Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?
Date: 2022-04-20
Author: Ars Technica

Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect.

Attacker Dwell Times Down, But No Consistent Correlation to Breach Impact: Mandiant
Date: 2022-04-19
Author: SecurityWeek.Com

The good news is that median intruder dwell time is down again – down from 24 days in 2020 to 21 days in 2021. The bad news is the figure gives little indication of the true nature of successful intruder activity across the whole security ecosphere.
Dwell time is the length of time between assumed initial intrusion and detection of an intrusion. The usual assumption is that the shorter the dwell time, the less damage can be done. This is not a valid assumption across all intrusions.
The figures come from Mandiant’s M-Trends 2022 report, which is based on the firm’s breach investigations between October 1, 2020, and December 31, 2021. They show that the median dwell time figure has consistently declined over the last few years: from 205 days in 2014 through 78 (2018), 56 (2019), 24 (2020) to 21 (2021). The problem is that the dwell time has no consistent correlation to the breach effect.

ESB-2022.1726 – Cisco Umbrella Virtual Appliance: CVSS (Max): 7.5

A vulnerability could allow an unauthenticated, remote attacker to impersonate a Virtual Appliance. One of many Cisco bulletins this week.

ASB-2022.0113 – Oracle Communications Applications: CVSS (Max): 10.0

It was Oracle's 3-monthly patch day this week (Critical Patch Update). Some of the CVSS ratings reached 10.0.

ASB-2022.0091 – Oracle Virtualization: CVSS (Max): 9.0

Another Oracle product affected was the popular VM VirtualBox.

ESB-2022.1714 – Siemens OpenSSL Vulnerabilities in Industrial Products: CVSS (Max): 5.9

ICS-CERT published many advisories this week for Industrial Control Systems (ICS) including SCADA (Supervisory Control and Data Aquisition) systems. This OpenSSL issue affects many systems and devices.

Stay safe, stay patched and have a good weekend!

The AusCERT team