1 Jul 2022

Week in review

Greetings,

Today sees us enter the second half of 2022 which, for many of us, seems to have arrived sooner than expected.

Something else that has landed quickly is the second season of our podcast series, ‘Share Today, Save Tomorrow’. The first episode of the season features the amazing Lesley Carhart, known to many by her Twitter handle @hacks4Pancakes.

Lesley, an industry leader in incident response, chats to Anthony Caruana about the intersection between cyber security and operational technology, including the increased risk and vulnerability throughout the industry.

There’s more from our very own Bek and Mike in the episode so be sure to take the time to listen to Episode 13 – ITOT Convergence.

Mike and Bek look back at some of their highlights from this year’s conference, AUSCERT2022, which is made a little easier with the recorded sessions from this year’s conference now available!

Emails were sent to attendees with the login details so be sure to check your inbox. The OnAir portal will remain open until Friday, 29th July 2022 which should allow plenty of time to revisit your own highlights or, perhaps watch a session that you may have missed.

Excitingly, the merchandise from this year’s conference has also been shipped to attendees! As most of us have experienced, shipment times are a tad longer nowadays so, please be patient. We assure you, the wait will be worth it!

Lastly, some would say most importantly, next Thursday, July 7, 2022, is World Chocolate Day. From their discovery and use by the Olmecs over 2,500 years ago, cacao beans have been used as currency, turned into a bitter drink and of course, used to make the most popular tasty treat consumed the world over today.

Chocolate contains antioxidants and can improve your cardiovascular health and can be enjoyed in seemingly endless ways. So, please do your part and support World Chocolate Day with something made from, dipped in or containing some chocolate!


New report finds 101% spike in email threats
Date: 2022-07-24
Author: Cyber Security Connect

Trend Micro reports that it blocked over 33.6 million cloud email threats in 2021, a 101 per cent increase on the previous year.
Trend Micro’s research on the mounting number of cyber risks highlighted that 48 per cent of local organisations don’t believe their method of assessing risk exposure is sophisticated enough, underlining the vulnerability of Australia’s corporate sector to increasingly insidious email threats.
Email remains a top point of entry for cyber attacks as demonstrated by this massive increase. Many Australian businesses faced spear-phishing, business email compromise (BEC) and email-based ransomware attacks in 2021.

RansomHouse claims AMD hack, 450GB data stolen
Date: 2022-07-29
Author: Cyber Security Connect

Semiconductor manufacturer AMD is investigating a cyber attack after the RansomHouse gang claimed to have stolen 450GB of data from the company last year.
RansomHouse, an extortion group, claims to have stolen 450GB of data from AMD, announcing on Telegram that they would be “selling the data for a well-known three-letter company that starts with the letter A”. The extortion group also added AMD to their data leak site, claiming to have stolen 450GB of data.
According to Satnam Narang, senior staff research engineer at Tenable, there has been a renaissance of pure-play extortion groups in recent months.

ACSC warns Aussie businesses of tax-time email hacking campaigns
Date: 2022-07-28
Author: Cyber Security Connect

The Australian Cyber Security Centre (ACSC) is urging Aussies and Australian businesses to strengthen their email security practices to protect their private information and that of their customers in the lead up to tax time.
As tax time approaches, the ACSC is encouraging individuals, businesses and organisations to be alert, and aware of business email compromise (BEC) threats. BEC occurs when cyber criminals access email accounts aiming to steal sensitive and financial information or commit fraud by impersonating employees or company email accounts to obtain money or data.

Clever phishing method bypasses MFA using Microsoft WebView2 apps
Date: 2022-07-26
Author: Bleeping Computer

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.
With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant.
However, the increasing adoption of multi-factor authentication (MFA) has made it difficult to use these stolen credentials unless the threat actor also has access to the target’s one-time MFA passcodes or security keys.

This co-worker does not exist: FBI warns of deepfakes interviewing for tech jobs
Date: 2022-07-29
Author: TechCrunch

A lot of people are worried about the prospect of competing with AI for their jobs, but this probably isn’t what they were expecting. The FBI has warned of an uptick in cases where “deepfakes” and stolen personal information are being used to apply for jobs in the U.S. — including faking video interviews. Don’t dust off the Voight-Kampff test just yet, though.
The shift to remote work is great news for lots of people, but like any other change in methods and expectations it is also a fresh playground for scammers. Security standards are being updated, recruiters are adapting, and of course the labor market is wild enough that hiring companies and applicants both are trying to move faster than ever.

Attacker Targets RCE Bug in Mitel MiVoice VoIP Appliances
Date: 2022-07-29
Author: Cyware Hacker News

Cybercriminals have used a zero-day exploit on Linux-based Mitel MiVoice VoIP appliances. According to researchers, the exploit was used for gaining initial access to an attempted ransomware attack.
The zero-day abuse
A report from CrowdStrike disclosed that a zero-day RCE flaw (CVE-2022-29499) is present in the Mitel Service Appliance component of MiVoice Connect that was abused to obtain initial access to the network.
Although the attack was stopped, the intrusion is suspected to be a part of a ransomware attack.

Sophisticated ZuoRAT attack targets home workers
Date: 2022-07-30
Author: IT News

Security researchers have unearthed a sophisticated campaign that targets consumer-grade routers from multiple manufacturers in Europe and North America.
The researchers at security vendor Lumen’s Black Lotus Labs spotted the ZuoRAT multi-stage remote access tool hijacking small business and residential routers from brands such as Cisco, ASUS, DrayTek and Netgear.


ESB-2022.3122 – Traffix SDC: CVSS (Max): 7.8

A Linux kernel vulnerability which affects Traffix SDC has been acknowledged by F5. Currently, no mitigation or patches are available

ESB-2022.3172.2 – ALERT Tenable.sc: CVSS (Max): 9.8

Tenable has released Tenable.sc patch 202206.1 to address the vulnerabilities in Apache

ESB-2022.3152 – Firefox ESR 91.11: CVSS (Max): None

Mozilla has updated Firefox ESR to 91.11 to address the security vulnerabilities

ESB-2022.3157 – maven-shared-utils: CVSS (Max): 9.8

Debian has released new maven-shared-utils packages to address shell injection attacks


Stay safe, stay patched and have a good weekend!

The AUSCERT team