AUSCERT Week In Review for January 6th 2023

Greetings,

With Australia taking out the unenviable title of the most hacked nation in the world during the last quarter of 2022, it shouldn’t be a surprise that spending on cybersecurity has grown in parallel and, shows no sign of slowing.

Following the spate of cyber-attacks impacting millions of Australians in 2022, organisations are looking to increase their cyber resilience. Cyber Security Connect recently reported that businesses are re-evaluating cyber practices, including working together, to combat the increasing cyber threats.

Although many of us have had some time off during the festive season, cybercriminals seem to have been hard at work with several ransomware attacks impacting organisations across the globe.

QUT, The Guardian UK and SickKids, a research hospital in Toronto, are just some of the organisations that have had experienced ‘serious IT issues’ resulting in staff being forced to work from home along with other major service disruptions. Although, in the instance of the hospital, the ransomware gang apologised and provided a free decryptor.

These situations reinforce the need to increase cyber resilience but also that organisations may need to focus on behaviour and culture, including improving security awareness and training.

One way to improve awareness, understanding and insight into industry trends is to listen to AUSCERT’s podcast series, Share Today, Save Tomorrow. Now with eighteen episodes, there’s sure to be something for everyone – happy listening!

Ransomware impacts over 200 govt, edu, healthcare orgs in 2022
Date: 2023-01-02
Author: Bleeping Computer

Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational, and healthcare verticals.
Data collected from publicly available reports, disclosure statements, leaks on the dark web, and third-party intelligence show that hackers stole data in about half of these ransomware attacks.
Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational, and healthcare verticals.
Data collected from publicly available reports, disclosure statements, leaks on the dark web, and third-party intelligence show that hackers stole data in about half of these ransomware attacks.

Python's PyPI registry suffers another supply-chain attack
Date: 2023-01-04
Author: iTnews

Unknown attackers have compromised a package in the Python PyPI registry, injecting a malicious binary into it, the maintainers of the open source machine learning framework PyTorch are warning.
PyTorch maintainers said the compromised dependency affected the nightly release of their code, but not the stable packages.
The compromised package is torchtriton, which is part of the Triton language and compiler which is used for writing custom deep-learning primitives.

'Multiple security breaches' shut down trucker protest
Date: 2023-01-03
Author: The Register

An anti-government protest by truckers in Canada has been called off following "multiple security breaches," according to organizers, who also cited "personal character attacks," as a reason for the withdrawal.
Canada Unity, one of the groups that organized last year's so-called Freedom Convoy – during which truckers and others overtook Canadian city streets to protest mandatory COVID-19 vaccinations – has canceled a repeat demonstration planned for February 17 to 20, according to a press release posted to the group's Facebook page.

200 million Twitter users' email addresses allegedly leaked online
Date: 2023-01-04
Author: Bleeping Computer

A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak.
Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private (phone numbers and email addresses) and public data on various online hacker forums and cybercrime marketplaces.

Car companies massively exposed to web vulnerabilities
Date: 2023-01-04
Author: The Daily Swig

The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) vendors, and fleet operators were riddled with security holes, security researchers warn.
In a detailed report, security researcher Sam Curry laid out vulnerabilities that run the gamut from information theft to account takeover, remote code execution (RCE), and even hijacking physical commands such as starting and stopping the engines of cars. The findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem

BitRat Malware Gnaws at Victims With Bank Heist Data
Date: 2023-01-05
Author: Dark Reading

Threat actors are using data stolen from a Colombian bank as a lure in what appears to be a malicious campaign aimed at spreading the BitRAT malware, researchers have found. The activity demonstrates the evolution of how attackers are using commercial, off-the-shelf malware in advanced threat scenarios, they said.
Researchers at IT security and compliance firm Qualys were investigating "multiple lures" for BitRAT when they identified that the infrastructure of a Colombian cooperative bank had been hijacked. Attackers were using sensitive data gleaned from that compromise to try to capture victims, they reported in a blog post published Jan. 3.

ESB-2023.0068 – Android OS: CVSS (Max): 8.8*

Security patch levels of 2023-01-05 or later address the security vulnerabilities affecting Android devices.

ESB-2023.0077 – OpenShift Container Platform 4.10.46: CVSS (Max): 9.8

Red Hat released an update that fix several bugs and add enhancements to OpenShift Container Platform.

ESB-2023.0063 – Apache Tomcat: CVSS (Max): None

The Apache Software Foundation released fixes for the vulnerabilities in Apache Tomcat.

ESB-2023.0062 – WebSphere Application Server Patterns: CVSS (Max): 5.9

Multiple vulnerabilities in the IBM SDK Java Technology Edition affects IBM WebSphere Application Server that is bundled with IBM WebSphere Application Server Patterns.

Stay safe, stay patched and have a good weekend!

The AUSCERT team