//Week in review - 2 Dec 2022
Greetings,
The Medibank breach here in Australia and another recent attack on the Colombian healthcare provider, Keralty. support a 2014 Reuters article, which claimed that “your medical information is worth 10 times more than your credit card number on the black market”.
For those in the healthcare industry, there are resources available to help keep sensitive information safe. From individuals to large health providers, digitalhealth.gov.au has a range of services and resources to help promote cyber security awareness and better protect individual’s data and the people tasked with safeguarding it.
Additionally, the Cyber and Tech Risk Team at WTW, will look at the most recent cyber events across Australia, during an education session on Thursday 8 December from 12:00 pm that will examine key learnings that can be taken from the incident, governance impacts and analysis of the current state of cyber and technology risk insurance market. For more information and to register, click here.
For companies that fail to provide satisfactory protection of their customers’ data in Australia, new laws recently passed may act as a motivator to review practices.
The Privacy Legislation Amendment Bill 2022 will see an increase in fines for serious or repeated privacy breaches that currently have a maximum of $2.2 million, to upwards of $50 million.
Despite the current weather in a lot of the country, Summer has arrived in Australia! It coincides with International Volunteer Day on December 5.
With so many Aussies flocking to the beach each year, perhaps it’s the perfect time to consider volunteering with your local Surf Lifesaving club. There are numerous ways to get involved, just click on your state for more info:
Medibank breach prompts “intensifying” APRA scrutiny
Date: 2022-11-28
Author: IT News
The Australian Prudential Regulation Authority (APRA) is intensifying its supervision of Medibank Private, and is widening its investigations into financial services security more broadly.
The move comes in the wake of the Medibank data breach, which APRA said in a statement “raised concerns about the strength of [Medibank’s] operational risk controls”.
Twitter Data Breach Bigger Than Initially Reported
Date: 2022-11-28
Author: Security Week
A massive Twitter data breach disclosed a few months ago appears to be bigger than initially reported.
In August, Twitter admitted that a vulnerability affecting its systems had been exploited to obtain user data. The issue, introduced in June 2021, could have been exploited to determine whether a specified phone number or email address was tied to an existing Twitter account, even for accounts where the information should have been private.
The vulnerability was reported to the social media giant in January and it was quickly fixed, but not before it was exploited by malicious actors.
LastPass Suffers Another Breach, and This Time Customer Data Is Affected
Date: 2022-12-01
Author: PC Mag Australia
The data breach LastPass suffered in August enabled a hacker to infiltrate the company again and steal customer information.
On Wednesday, LastPass announced it was investigating the breach, which involved a third-party cloud storage service connected to company systems.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” the company wrote in a blog post.
Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework
Date: 2022-11-30
Author: SecurityWeek.Com
[Refer AusCERT Bulletin ESB-2022.6037]
Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution.
Available since 2019, Quarkus is an open source Kubernetes-native Java framework designed for GraalVM and HotSpot virtual machines.
Tracked as CVE-2022-4116 (CVSS score of 9.8), the security defect was identified in the Dev UI Config Editor and can be exploited via drive-by localhost attacks.
“Exploiting the vulnerability isn’t difficult and can be done by a malicious actor without any privileges,” Contrast Security researcher Joseph Beeton, who discovered the bug, explains.
Chrome fixes 8th zero-day of 2022 – check your version now
Date: 2022-11-28
Author: Naked Security
[This article refers to AusCERT Security Bulletin ESB-2022.6163]
Google has just patched Chrome’s eighth zero-day hole of the year so far.
Zero-days are bugs for which there were zero days you could have updated proactively…
…because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and published.
So, the quick version of this article is: go to Chrome’s Three-dot menu (⋮), choose Help > About Chrome, and check that you have version 107.0.5304.121 or later.
Gov’s new privacy breach penalties pass parliament
Date: 2022-11-28
Author: iTnews
The government has secured passage of a sizable increase in civil penalties for organisations that experience “serious” or “repeated” privacy breaches.
The new penalties will come into effect a day after Royal Assent by the Governor-General.
The bill passed the senate on Monday with only one minor wording amendment, and was then approved by the lower house later in the afternoon.
ESB-2022.6282 – Moodle: CVSS (Max): 9.1
Moodle’s LTI provider library did not utilise Moodle’s inbuilt cURL helper, which resulted in a blind SSRF risk.
ESB-2022.6260 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 7.7
Github released important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately.
ESB-2022.6259 – Thunderbird: CVSS (Max): 7.5*
Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. This vulnerability has fixed in Thunderbird 102.5.1.
ESB-2022.6163 – Google Chrome: CVSS (Max): None
Google released a security update on Chrome and Google is aware that this exploit exists in the wild.
Stay safe, stay patched and have a good weekend!
The AusCERT team
