23 Dec 2022

Week in review

Greetings,

With a little over a week left for the year, many people look towards the year ahead, often making resolutions focused on their health, finance or perhaps an overseas trip. Whilst we can’t help on those fronts, we thought it might be beneficial and a little fun to look at what might be in store for 2023.

Two of the predictions which popped up in a few publications centred on the new social engineering ‘battleground’ following the growing trend of social media scams and building a security-aware society. Articles in Forbes and the Australian Cyber Security Magazine provide an insight into what to look out for and how to prepare for what possibly awaits.

Earlier in the week, it was revealed that Australia was the most hacked nation in the world during the last quarter of 2023. Many of us hope that we’ve seen the end of attacks like those still impacting customers of Medibank and Optus, however, many within the cybersecurity industry are anticipating a large-scale incident to occur during the Festive Season.

With many out-of-office replies being sent and Christmas closure notices posted on social media and websites, it’s easy for potential attackers to know which organisations may be softer targets.

To help individuals and organisations to prepare, cybersecurity expert Alistair MacGibbon recently spoke to the team at Today and provided some tips on how we can all take steps to better protect ourselves.

Lastly, a reminder of our scheduled shutdown over the Christmas and New Year period: AUSCERT will be closed from 5:00 pm Friday, December 23rd, 2022, until Monday, January 2nd 2023. We will reopen on Tuesday, January 3rd, 2023.

The auscert@auscert.org.au mailbox will not be monitored during this period. However, we will staff the 24/7 member incident hotline as usual; so do call us for any urgent matters during this period.

To log an incident or for further information, log in via the Member Portal.

We would like to wish everyone a safe and happy Christmas and all the very best for 2023.


5 Recommendations to Improve Wholesale and Retail Cybersecurity Over the Holidays
Date: 2022-12-16
Author: Security Intelligence

It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches.
The risk of data breaches and other cyber crimes can make this shopping season feel pretty perilous. It makes sense to learn about the types of cyberattacks aimed at this sector, particularly at this time of year, and what retailers and wholesalers can do to protect themselves.

Google announces client-side encryption for Gmail is now in beta
Date: 2022-12-19
Author: Cyber Security Connect

Google revealed last week that it is expanding client-side encryption access on a range of its web-based platforms. The encryption is in its beta phase and is now available for Google Workspace Enterprise Plus, Education Plus, and Education Standard.
Sign-ups are open now and until 20 January 2023. The beta program is not yet available for individual accounts.
“Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities,” Google said in its announcement. “Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs.”

Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks
Date: 2022-12-19
Author: Security Week

Cisco has updated multiple security advisories to warn of the malicious exploitation of severe vulnerabilities impacting its networking devices.
Many of the bugs, which carry severity ratings of ‘critical’ or ‘high’, have been addressed 4-5 years ago, but organizations that haven’t patched their devices continue to be impacted.
Last week, the tech giant added exploitation warnings to more than 20 advisories detailing security defects in Cisco IOS, NX-OS, and HyperFlex software.

Cybercrime (and Security) Predictions for 2023
Date: 2022-12-19
Author: The Hacker News

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it’s up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs.
Here’s a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead.

Ransomware Attackers Bypass Microsoft’s ProxyNotShell Mitigations With Fresh Exploit
Date: 2022-12-22
Author: Dark Reading

The operators of a ransomware strain called Play have developed a new exploit chain for a critical remote code execution (RCE) vulnerability in Exchange Server that Microsoft patched in November.
The new method bypasses mitigations that Microsoft had provided for the exploit chain, meaning organizations that have only implemented those but have not yet applied the patch for it need to do so immediately.
The RCE vulnerability at issue (CVE-2022-41082) is one of two so-called “ProxyNotShell” flaws in Exchange Server versions 2013, 2016, and 2019 that Vietnamese security company GTSC publicly disclosed in November after observing a threat actor exploiting them. The other ProxyNotShell flaw, tracked as CVE-2022-41040, is a server-side request forgery (SSRF) bug that gives attackers a way to elevate privileges on a compromised system.


ESB-2022.6617 – VMware vRealize Operations (vROps): CVSS (Max): 7.2

VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities

ESB-2022.6630 – Nessus Network Monitor: CVSS (Max): 9.8

Nessus Network Monitor 6.2.0 updates moment.js to version 2.29.4 and handlebars to version 4.7.7 to address the identified vulnerabilities

ESB-2022.6657 – Mozilla Thunderbird: CVSS (Max): 6.1

Mozilla has released updates to Thunderbird to address malicious code execution vulnerability

ESB-2022.6631 – Citrix Hypervisor: CVSS (Max): 6.3

Several security issues have been identified in Citrix Hypervisor 8.2 LTSR CU1, each of which may allow a privileged user in a guest VM to cause the host to become unresponsive or crash


Stay safe, stay patched and Merry Christmas!

The AUSCERT team