//Week in review - 29 Apr 2022


Earlier this week, we released our eleventh episode of Share Today, Save Tomorrow.

Ethics, trust and collaboration form part of the discussion this month with Jeroen van der Ham and Shawn Richardson feature, providing their insights and sharing their experiences with this developing area within our industry.

Today, April 29 2022, is the 40th International Dance Day which has grown into a celebration for those who can see the value and importance in the art form that is dance.

Whether it’s toddlers bopping along to their favourite song or the perennial favourite ‘foot shuffle/shoulder shrug’ combo most often seen at weddings, we all have a move or routine that gets us moving when the moment and music is right!

To commemorate this occasion, there will be an online celebration featuring five dance productions, each from one region (Africa, Asia-Pacific, the Americas, Europe, and Arab Countries) that will be worth watching if you appreciate dance or, would like some tips!

Not to alarm people, but next week we see the arrival of May! Not only does this signify our approach towards the halfway point of 2022 but, also the imminent commencement of AusCERT2022!

A little over a week remains to register for Australia’s premier cyber security conference. We have a few surprises in store, along with the fantastic program that you can check out online, so be sure to register today as you won’t want to miss out!

Manage and monitor third-party identities to protect your organization
Date: 2022-04-26
Author: Help Net Security

SecZetta shared a research that demonstrates a clear misalignment between the strategies organizations currently use and what is actually required to protect them from cyberattacks due to third-party vulnerabilities.
At a time when cyberattacks are increasing in size, frequency, and impact, this research found most organizations are not taking the necessary steps to manage and monitor the lifecycle of their third-party identities, making them more vulnerable to cyber incidents. To strengthen cybersecurity programs and better manage identity lifecycles, including third-party and non-human workers, organizations need stronger third-party identity management strategies and solutions.

Quarterly Report: Incident Response trends in Q1 2022
Date: 2022-04-26
Author: Cisco Talos

Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021 year-in-review report, CTIR continues to deal with an expanding set of ransomware adversaries and major cybersecurity incidents affecting organizations worldwide.
The first quarter of 2022 also featured an increase in engagements involving advanced persistent threat (APT) activity. This included Iranian state-sponsored MuddyWater APT activity, China-based Mustang Panda activity leveraging USB drives to deliver the PlugX remote access trojan (RAT), and a suspected Chinese adversary dubbed “Deep Panda” exploiting Log4j.

Five Eyes nations reveal 2021’s fifteen most-exploited flaws
Date: 2022-04-28
Author: The Register

Security flaws in Log4j, Microsoft Exchange, and Atlassian’s workspace collaboration software were among the bugs most frequently exploited by “malicious cyber actors” in 2021 , according to a joint advisory by the Five Eyes nations’ cybersecurity and law enforcement agencies.
It’s worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years’ lists often found miscreants exploiting the older vulns for which patches had been available for years.

BlackCat Ransomware gang breached over 60 orgs worldwide
Date: 2022-04-25
Author: Security Affairs

The U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November.
“The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks involving BlackCat/ALPHV, a Ransomware-as-a-Service that has compromised at least 60 entities worldwide.” reads the flash advisory. “CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000167-MW and apply the recommended mitigations.”

How Industry Leaders Should Approach Open Source Security
Date: 2022-04-28
Author: Dark Reading

Security has long been a point of concern in the open source community. If not managed carefully, the same openness that allows innovative code contributions from global users can also present vulnerable attack surfaces for malicious actors. In fact, when asked about roadblocks preventing their organizations’ use of open source, respondents to Anaconda’s 2021 State of Data Science report cited “Fear of CVEs, potential exposures, or risks” (41%) and “Open source software is deemed insecure, so it’s not allowed,” (26%) among other concerns.
Yet open source drives innovation, and there are ways to dramatically decrease the potential risks that arise from the use of open source software. This is why many organizations take a “best of both worlds” approach, adopting open source while prioritizing security measures.

ESB-2022.1792 – Tenable.sc third party components: CVSS (Max): 9.8

Tenable has provided a patch to address multiple vulnerable third party software used by Tenable

ESB-2022.1870 – grafana: CVSS (Max): 9.8

Multiple vulnerabilities affecting Grafana has now been fixed under version 8.3.5 and 7.5.15

ESB-2022.1907 – Google Chrome: CVSS (Max): None

Google Chrome 101 is available for users as a stable version fixing several vulnerabilities

ASB-2022.0119 – Microsoft Edge (Chromium-based): CVSS (Max): 8.3*

Microsoft has also addressed Chrome’s CVE in Microsoft Edge and added 2 additional CVEs in its upstream product

Stay safe, stay patched and have a good weekend!

The AusCERT team