//Week in review - 9 Dec 2022
Greetings,
It’s hard to ignore the biggest sporting spectacle of the year, especially following the Socceroos success in reaching the Round of 16 for only the second time!
But with these large-scale and popular events, comes an increase in cyber threats. As reported in The Register recently, tactics such as phishing are part of the social engineering tactics due to the more promising opportunities for an attack.
With the FIFA Women’s World Cup being held in Australia and New Zealand next year and, the Summer Olympics in Brisbane in 2032, greater awareness, education and support for individuals and organisations, should be sought out and provided to ensure a more protected and resilient environment exists.
At AusCERT, we’re already in the throes of enhancing our education and training portfolio for 2023. We will be providing updates when dates and course information is finalised so be sure to keep an eye on our Education page.
In the meantime, there is a broad range of topics and intriguing speakers featured in our podcast series, Share Today, Save Tomorrow that you can fill your spare time with these holidays – even if it’s to drown out the noise of everything that’s happening around you!
The AusCERT Conference team will soon be putting the call out for Tutorial and Presentation submissions for any and all interested in sharing their insights and experience with attendees at AusCERT2023 which will take place between May 9-12, 2023.
We believe that there is an abundance of potential speakers from far afield and close to home, even if they don’t know it! Should you wish to be inspired and motivated to make a submission, or if you just want to be entertained by our wonderful array of speakers at previous conferences, visit our YouTube channel.
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
Date: 2022-12-05
Author: The Hacker News
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.
Multiple government departments in New Zealand affected by ransomware attack on IT provider
Date: 2022-12-06
Author: The Record by Recorded Future
A ransomware attack on Mercury IT, a widely used managed service provider (MSP) in New Zealand, is feared to have disrupted dozens of organizations in the country, including several government departments and public authorities.
The Ministry of Justice and Te Whatu Ora (Health New Zealand) are among the public authorities that have announced being impacted by a cyberattack on a third-party IT support provider.
New Zealand’s privacy commissioner confirmed on Tuesday morning that “a cyber security incident involving a ransomware attack” was to blame, saying its upstream target was Mercury IT, which “provides a wide range of IT services to customers across New Zealand.”
Android malware apps with 2 million installs spotted on Google Play
Date: 2022-12-04
Author: Bleeping Computer
A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them.
The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation.
One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this.
Several Code Execution Vulnerabilities Patched in Sophos Firewall
Date: 2022-12-06
Author: Security Week
Sophos has informed customers that Sophos Firewall version 19.5, whose general availability was announced in mid-November, patches several vulnerabilities, including ones that can lead to arbitrary code execution.
In addition to resiliency improvements and a performance boost, the latest Sophos Firewall version brings patches for seven vulnerabilities.
According to a security advisory released on December 1, one of the vulnerabilities patched in version 19.5 is CVE-2022-3236, which has a ‘critical’ severity rating.
Amnesty International hit by China-sponsored cyber attack
Date: 2022-12-07
Author: Cyber Security Connect
Amnesty International has said that it has been targeted by a China-sponsored cyber attack.
The breach was first detected by the human rights organisation on 5 October, when hackers attempted to search for data specific to China, Hong Kong and several high-profile Chinese activists.
Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover
Date: 2022-12-07
Author: The Daily Swig
Steps towards building a defendable internet are possible, but to get there the industry needs to accept baseline security regulations and move away from a fixation about zero-day vulnerabilities.
Opening the Black Hat Europe conference on Tuesday, security researcher Daniel Cuthbert praised security improvements gained with the wider adoption of cloud computing, improvements in iOS, and tighter web security controls in Google Chrome, among other developments.
One problem, however, is that these improvements are not feeding down to provide improvements in security practices more generally.
Machine Learning Models: A Dangerous New Attack Vector
Date: 2022-12-07
Author: Dark Reading
Threat actors can hijack machine learning (ML) models that power artificial intelligence (AI) to deploy malware and move laterally across enterprise networks, researchers have found. These models, which often are publicly available, serve as a new launchpad for a range of attacks that also can poison an organization’s supply chain — and enterprises need to prepare.
Researchers from HiddenLayer’s SAI Team have developed a proof-of-concept (POC) attack that demonstrates how a threat actor can use ML models — the decision-making system at the core of almost every modern AI-powered solution — to infiltrate enterprise networks, they revealed in a blog post published Dec. 6. The research is attributed to HiddenLayer’s Tom Bonner, senior director of adversarial threat research; Marta Janus, principal adversarial threat researcher; and Eoin Wickens, senior adversarial threat researcher
ESB-2022.6363 – Android OS: CVSS (Max): 7.8*
Android released a security bulletin that contains details of security vulnerabilities affecting Android devices
ESB-2022.6333 – IBM Security QRadar SIEM: CVSS (Max): 8.2
IBM QRadar Wincollect agent is vulnerable to using components with known vulnerabilities
ESB-2022.6305 – chromium: CVSS (Max): 8.8
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure
ESB-2022.6359 – FortiOS and FortiProxy: CVSS (Max): 7.7
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server
Stay safe, stay patched and have a good weekend!
The AusCERT team
