//Week in review - 19 Aug 2022


This Sunday, August 21, marks the final day of this year’s National Science Week. An annual celebration of science and technology, it’s a great opportunity to imbue curious minds with knowledge and insights into a plethora of areas.

Everything from agriculture, health and medicine, technology and the great expanse of space is available to explore, analyze, experience and challenge as we seek to understand, innovate, and transform. Learn more about what others are doing and what you can do by visiting the National Science Week website.

The realm of cyber is one area that is constantly evolving and something that we here at AusCERT like to maintain awareness of which, we then share with our members.

A fantastic way to gain insights and understanding on an array of topics is through our podcast series, Share today, save tomorrow.

With fourteen episodes currently available, you can select from several areas that may pique your interest including ‘ITOT Convergence’, ‘Strategic Resilience and Psychology in Cyber Security’ and our latest edition, ‘Diversity and Culture in Cyber Security’.

Another means of seeking to understand is through the tried-and-true method of simply asking.

The team at RMIT University are doing just that in their survey that seeks to gain a more accurate picture of the security industry in Australia.

You can share your insights and experience to help expand and diversify the workforce and help understand and prepare for future challenges.

Apple releases Safari 15.6.1 to fix zero-day bug used in attacks
Date: 2022-08-18
Author: Bleeping Computer

[See AusCERT Security Bulletin ESB-2022.4103 for more information]

Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs.

The zero-day patched today (CVE-2022-32893) is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” warns Apple in a security bulletin released today.

Google Chrome Zero-Day Found Exploited in the Wild
Date: 2022-08-18
Author: Dark Reading

[See AusCERT Bulletins ESB-2022.4128 & ESB-2022.4102 for more information]

A zero-day security vulnerability in Google’s Chrome browser is being actively exploited in the wild.

The Internet behemoth released 11 security patches for Chrome this week, which are now being pushed out in stages to those with automatic updates enabled for Windows, Mac, and Linux; however, everyone can manually update now.

The zero-day (CVE-2022-2856) is rated as high severity and involves “insufficient validation of untrusted input in Intents,” according to Google’s advisory.

Intents, where the bug resides, are used by Chrome to process user input; if the browser doesn’t validate this input properly, an attacker is able to specially craft an input (say, a post in the comments section of a website) that’s not expected by the application.

Twilio phish sees Signal users’ numbers at risk of re-registering
Date: 2022-08-16
Author: IT News

Locally stored user information can’t be compromised, company says.

Fallout from the recent phising attack on communications company Twilio has spilt over to encrypted messaging app Signal, with users reporting bogus number re-registration attempts.

Twilio provides Signal with phone number verification services, meaning the attacker may have been able to learn that some numbers were associated with Signal users.

Digital Ocean dumps Mailchimp after attack leaked customer email addresses
Date: 2022-08-16
Author: The Register

Junior cloud Digital Ocean has revealed that some of its clients’ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp.

This story starts last week when some of the blockheads in crypto-land noticed that email marketing service Mailchimp had suspended service for some of their fellow travellers. Reports such as this missive noted that Mailchimp has previously ditched crypto clients for generating more abuse reports than other customers, and the company’s Acceptable Use Policy therefore warns it may decide not to serve companies that offer “Cryptocurrencies, virtual currencies, and any digital assets related to an Initial Coin Offering.”

How a spoofed email passed the SPF check and landed in my inbox
Date: 2022-08-16
Author: WeLiveSecurity

According to one study published in 2022, around 32% of the 1.5 billion domains investigated had SPF records. Out of these, 7.7% had invalid syntax and 1% were using the deprecated PTR record, which points IP addresses to domain names. Uptake of SPF has been slow and flawed indeed, which might lead to another question: how many domains have overly permissive SPF records?

Zoom Patches Serious macOS App Vulnerabilities Disclosed at DEF CON
Date: 2022-08-16
Author: Security Week

[See AusCERT Security Bulletin ESB-2022.4080 for more information]

Zoom informed customers last week that macOS updates for the Zoom application patch two high-severity vulnerabilities. Details of the flaws were disclosed on Friday at the DEF CON conference in Las Vegas by macOS security researcher Patrick Wardle.

Wardle, who is the founder of the Objective-See Foundation, a non-profit that provides free and open source macOS security resources, showed at DEF CON how a local, unprivileged attacker could exploit vulnerabilities in Zoom’s update process to escalate privileges to root.

Thousands of VNC Instances Exposed to Internet as Attacks Increase
Date: 2022-08-15
Author: Security Week

Dark web intelligence firm Cyble reports seeing an increase in cyberattacks targeting virtual network computing (VNC).

The VNC graphical desktop-sharing system relies on the Remote Frame Buffer (RFB) protocol to provide control of a remote machine over a network.
Exposing VNC to the internet has long been deemed a security risk, yet Cyble has identified over 8,000 internet-accessible VNC instances that have authentication disabled.

ESB-2022.4080 – Zoom Client for Meetings for macOS: CVSS (Max): 8.8

Zoom reported Local Privilege Escalation in Zoom Client for Meetings for macOS. Applying current updates or downloading the latest Zoom software is recommended.

ESB-2022.4077 – Splunk Enterprise: CVSS (Max): 7.4

A vulnerability in Splunk Enterprise that affects connections between Splunk Enterprise and Ingest Actions Destination
has been reported. Splunk customers are advised to upgrade Splunk Enterprise 9.0.0 to 9.0.1 or higher.

ESB-2022.4102 – ALERT Google Chrome: CVSS (Max): None

Google Chrome released an update for Stable Channel and Extended Stable Channel. Google advised that this update will be rolled out over the coming days/weeks.

ESB-2022.4103 – Safari 15.6.1: CVSS (Max): None

Safari 15.6.1 has been released to address an issue in WebKit and is available for macOS Big Sur and macOS Catalina. Apple has reported that this issue
may have been actively exploited.

ESB-2022.3992.2 – UPDATE PAN-OS: CVSS (Max): 8.6

Palo Alto Networks has identified a vulnerability in URL Filtering, which , if exploited could allow a network-based
attacker to conduct reflected and amplified TCP denial-of-service (RDoS)attacks.

Stay safe, stay patched and have a good weekend!

The AusCERT team