8 Apr 2022

Week in review

Greetings,

Late yesterday, VMware confirmed that it had patched eight bugs in an array of its products. Many news sources, including The Hacker News, have advised that the vulnerabilities could be exploited with five of the bugs identified as critical.

The five products affected are Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager.

It is advised that the vulnerabilities should be patched as soon as possible with a bulletin issued by AUSCERT yesterday with further information: ESB-2022.1488.

If you weren’t already aware, each of the remaining working weeks in April are just four days long courtesy of some well-placed public holidays!

Whilst that ensures consecutive long weekends, it also means that time is running out to book your spot at our 21st Annual AUSCERT Cyber Security Conference, AUSCERT2022.

There are also limited booths remaining for our exhibition is full! If you’re interested in Sponsorship, contact our team via email: conference@auscert.org.au


Feds slay dark-web souk Hydra: Servers and $25m in crypto-coins seized
Date: 2022-04-05
Author: The Register

US and German federal agencies came down hard on Hydra, the longest-running known dark-web marketplace trafficking in illegal drugs and money-laundering services, with a multi-pronged attack that aimed to cut off multiple heads of the nefarious online beast.
First, German federal police in coordination with US law enforcement seized Hydra servers and cryptocurrency wallets containing $25 million in Bitcoin, thus shutting down the online souk.
Later on Tuesday, the US Justice Department announced criminal charges against one of the alleged Hydra operators and system administrators, 30-year-old Dmitry Olegovich Pavlov of Russia.

Borat RAT: Multiple threat of ransomware, DDoS and spyware
Date: 2022-04-04
Author: The Register

A new remote access trojan (RAT) dubbed “Borat” doesn’t come with many laughs but offers bad actors a menu of cyberthreats to choose from.
RATs are typically used by cybercriminals to get full control of a victim’s system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this and also delivers features to enable hackers to run ransomware, distributed denial of service attacks (DDoS) and other online assaults and to install spyware, according to researchers at cybersecurity biz Cyble.

ASD to create cyber security hubs in three states using REDSPICE budget funding.
Date: 2022-04-06
Author: iTnews

The Australian Signals Directorate will create cyber security hubs in Melbourne, Brisbane and Perth after receiving $9.9 billion in the federal budget to boost its offensive and defensive capabilities.
Amid criticism over its plan to double in size over the next decade, director-general Rachel Noble told senate estimates the new hubs would allow the cyber spy agency to tap into a wider talent pool.

This new malware targets AWS Lambda environments | ZDNet
Date: 2022-04-06
Author: zdnet

A new malware variant that targets AWS Lambda has been discovered.
On Wednesday, researchers from Cado Security published their findings on Denonia, malware currently being used in targeted attacks against Lambda.
Lambda is a scalable compute service offered by Amazon Web Services (AWS) for running code, server and OS maintenance, capacity provisioning, logging, and operating numerous backend services.

VMware admins asked to patch eight vulnerabilities – Security – iTnews
Date: 2022-04-07
Author: itnews

VMware has patched eight bugs in five of its products that were uncovered by Qihoo 360 security researcher Steven Seeley.
An advisory notes the eight vulnerabilities affect five different products: Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager.
Workspace ONE Access is impacted by two critical authentication bypass vulnerabilities, denoted as CVE-2022-22955 and CVE-2022-22956.
They would allow an attacker to “bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework”, the advisory says.


ESB-2022.1418.2 – UPDATE GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 9.1

GitLab released fixed versions for Community Edition and Enterprise Edition to address multiple vulnerabilities including a critical vulnerability which could allow account takeover.

ESB-2022.1444.4 – UPDATE Cisco Products: CVSS (Max): 9.8

Acknowledging the recent Spring Framework vulnerability, Cisco has been updating its advisory identifying multiple affected products

ESB-2022.1480 – Firefox: CVSS (Max): 7.5*

Mozilla has updated Firefox version to 99 which fixes multiple vulnerabilities

ESB-2022.1484.2 – UPDATED ALERT Tenable.sc: CVSS (Max): 9.8

Tenable has released patch for Tenable.sc addressing 2 vulnerabilities including a critical CVE-2022-23943

ESB-2022.1488 – ALERT VMware products: CVSS (Max): 9.8

VMware released patches to address critical vulnerabilities in several products


Stay safe, stay patched and have a good weekend!

The AUSCERT team