//Week in review - 5 Aug 2022


It’s been three years since the smell of dagwood dogs filled the air along with the screams and laughter from people on rides at Sideshow Alley but, the Ekka is back in full swing for 2022!

An event that brings the country and the city together, the Ekka is much loved in Brisbane and sees over 400,000 people attend each year. So, if you’re visiting the River City between August 6 – 14, perhaps a trip to the RNA Showgrounds is in order? There’s plenty to see, do and eat – including the popular and delicious strawberry sundaes!

Another audible array that may delight, is the sound of discussing topics that inform, entertain and perhaps, make you think! Such a treat can be found in the latest episode of our podcast, Share Today, Save Tomorrow that focuses on Diversity and Culture in Cyber Security.

The episode features chats with Sasenka Abeysooriya, about changing behaviours and influencing organisational culture and Jasmine Woolley, a proud First Nations woman, on how she utilises Indigenous knowledge to provide a fresh perspective on emerging threats to Australia’s security.

If you’re new to the world of cyber or, you have a curious mind and would like to learn more about information security principles, the next round of AusCERT’s Intro to Cyber for IT Professionals training is taking place in late August.

Facilitated by our Principal Analyst and a guest industry trainer, our two half-day courses are aimed at engaging attendees with interactive content and a focus on delivering effective training outcomes. You can view the full list of our 2022 training schedule HERE.

New Traffic Light Protocol standard released after five years
Date: 2022-08-04
Author: Bleeping Computer

The Forum of Incident Response and Security Teams (FIRST) has published TLP 2.0, a new version of its Traffic Light Protocol (TLP) standard, five years after the release of the initial version. The TLP standard is used in the computer security incident response team (CSIRT) community to facilitate the greater sharing of sensitive information.

Students at top universities in Australia, the US and UK at risk of fraud
Date: 2022-08-02
Author: Cyber Security Connect

Proofpoint’s new research has found that the top universities in Australia, the United States and the United Kingdom are lagging on basic cyber security measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks.
According to Proofpoint’s analysis, universities in the United States are most at risk with the poorest levels of protection, followed by the United Kingdom, then Australia.

Australia charges dev of Imminent Monitor RAT used by domestic abusers
Date: 2022-07-31
Author: Bleeping Computer

​An Australian man was charged for developing and selling the Imminent Monitor remote access trojan, used to spy on victims’ devices remotely.
A remote access trojan is a type of malware that allows full remote access to an infected device, including the ability to execute commands, log keystrokes, steal files and data, install additional software, take screenshots, and even record video from the device’s webcam.
These types of malware are very popular among hackers due to its cheap price and the unfettered access it provided to infected devices. However, they are also popular with domestic abusers who use them to spy on their victims.

Decentralized IPFS networks forming the ‘hotbed of phishing’
Date: 2022-07-29
Author: The Register

Threat groups are increasingly turning to InterPlanetary File System (IPFS) peer-to-peer data sites to host their phishing attacks because the decentralized nature of the sharing system means malicious content is more effective and easier to hide.
Threat analysts with cybersecurity vendor Trustwave this week said the InterPlanetary File System (IPFS) is becoming the “new hotbed of phishing” after seeing an increase in the number of phishing emails that contain IPFS URLs.
At the same time, Atif Mushtaq, founder and chief product officer at anti-phishing company SlashNext, told The Register that his company is detecting phishing hosted on ipfs.io, cloudflare-ipfs.com and other vendor systems.

LockBit Ransomware Abuses Windows Defender for Payload Loading
Date: 2022-08-01
Author: Security Week

A LockBit ransomware operator or affiliate has been abusing Windows Defender to decrypt and load Cobalt Strike payloads during attacks, according to endpoint security firm SentinelOne.
In April, SentinelOne reported that, in an attack involving LockBit ransomware, threat actors had leveraged a legitimate VMware command-line utility named ‘VMwareXferlogs.exe’ to side-load a Cobalt Strike payload.
In a different attack observed by the cybersecurity firm, the attacker leveraged a command-line tool associated with Windows Defender. Specifically, the hackers used ‘MpCmdRun.exe’ to decrypt and load post-exploitation Cobalt Strike payloads.

ESB-2022.3764 – ALERT VMware products: CVSS (Max): 9.8

VMware has released patches to address multiple vulnerabilities in affected VMware products

ESB-2022.3793 – OpenJDK 17.0.4: CVSS (Max): 7.5

Redhat build of OpenJDK is now available for portable linux fixing several vulnerabilities

ESB-2022.3837 – Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers: CVSS (Max): 9.8

Cisco has released software updates to address several vulnerabilities affecting small business RV series routers

ESB-2022.3876 – BIG-IP (all modules): CVSS (Max): 8.7

A bypass restriction vulnerability with a CVSS of 8.7 has been fixed on BIG-IP

Stay safe, stay patched and have a good weekend!

The AusCERT team