//Week in review - 8 Jul 2022


The second half of 2022 has commenced with a mix of chilly temperatures and wet weather for most of Australia and news that a third wave of the COVID pandemic is increasingly likely. Not wanting to add to the woes of many, we at AusCERT felt it prudent to share our insights into another potential threat; tax-related scams.

In our recent blog, Stay alert this tax time, we highlight two of the more widely used tactics, Phishing and Smishing. By providing examples and what to look out for, we hope to increase awareness and, reduce the success of would-be attackers.

Perhaps the Shanghai Police could have been more vigilant in this regard with reports stating the recent attack that resulted in the data of almost one billion people being leaked because of poor security. It is alleged that the system wasn’t hacked but rather, it simply didn’t have a password for over a year.

CNN delves into this situation, providing insights into what currently appears to be the largest leak of public information seen.

Closer to home, NAIDOC Week 2022 continues and has the theme ‘Get up! Stand up! Show up!’ encourages us all to acknowledge, and celebrate the histories, cultures, and achievements of Aboriginal and Torres Strait Islander people.

It is an important annual event where everyone’s invited to join in the celebrations with official celebrations held from July 3-10. Visit the NAIDOC website for news, stories, and information on how you can show your support and help bridge the gap.

Verified Twitter accounts hacked to send fake suspension notices
Date: 2022-07-02
Author: Bleeping Computer

Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users’ credentials.
Twitter verifies accounts if they are considered notable influencers, celebrities, politicians, journalists, activists, and government and private organizations.
To receive the verified ‘blue badge,’ Twitter users must apply for verification and submit supporting documentation to show why their account is ‘notable.’

Australia offers cyber-security assistance to Ukraine
Date: 2022-07-04
Author: Cyber Security Connect

Strengthening the cyber resilience of Ukraine’s Border Guard Service forms part of a new assistance package from the Australian government.
In response to a request from President Volodymyr Zelenskyy, the Commonwealth government has committed $99.5 million in additional military assistance to Ukraine, including the delivery of 14 M113 armoured personnel carriers and 20 Thales-built Bushmaster protected mobility vehicles.
The value of Australia’s military assistance to Ukraine now totals approximately $388 million.
Notably, $8.7 million has been pledged to assist Ukraine’s Border Guard Service, tipped to fund upgrades to border management equipment, improvements to cyber security, and enhancements to border operations in the field.

Australian businesses lose $227 million to BEC-like scams
Date: 2022-07-04
Author: ITnews

Australian businesses were scammed out of $227 million in “payment redirection” cons – which includes business email compromise or BEC – over the course of 2021.
Payment redirection, as the ACCC groups these scams, caused the highest losses to businesses out of any scam type, according to commission’s latest scam report.

Facebook 2FA phish arrives just 28 minutes after scam domain created
Date: 2022-07-01
Author: Naked Security

We’ll tell this story primarily through the medium of images, because a picture is worth 1024 words.
This cybercrime is a visual reminder of three things:
It’s easy to fall for a phishing scam if you’re in a hurry.
Cybercriminals don’t waste any time getting new scams going.
2FA isn’t a cybersecurity panacea, so you still need your wits about you.

Google patches new Chrome zero-day flaw exploited in attacks
Date: 2022-07-04
Author: Bleeping Computer

[See also ESB-2022.3254]
Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022. “Google is aware that an exploit for CVE-2022-2294 exists in the wild.,” the browser vendor explained in a security advisory published on Monday.

Poor patching creates easy zero-day vulnerability reuse
Date: 2022-07-01
Author: iTnews

Google’s elite Project Zero security researchers are again warning that insufficient patching of vulnerabilities means threat actors can vary their methodologies, and reuse software bugs.
Project Zero’s Maddie Stone posted a half year report on the zero-day vulnerabilities that are being exploited with no patches available for 2022.

Fortinet patch batch remedies multiple path traversal vulnerabilities | The Daily Swig
Date: 2022-07-07
Author: Port Swigger

Fortinet has addressed a raft of security vulnerabilities affecting several of its endpoint security products.
The California-headquartered cybersecurity giant, which accounts for more than a third of all firewall and unified threat management shipments worldwide, released a huge number of firmware and software updates on Tuesday (July 5).

Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: ‘Lives at Stake’
Date: 2022-07-07
Author: Dark Reading

A misconfigured Amazon S3 bucket resulted in 3TB of airport data (more than 1.5 million files) being publicly accessible, open, and without an authentication requirement for access, highlighting the dangers of unsecured cloud infrastructure within the travel sector.
The exposed information, uncovered by Skyhigh Security, includes employee personal identification information (PII) and other sensitive company data affecting at least four airports in Colombia and Peru.

ESB-2022.3250 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 9.9

Gitlab released critical security update on versions 15.1.1, 15.0.4, and 14.10.5 for GitLab Community Edition (CE) and Enterprise Edition (EE)

ESB-2022.3315 – MozillaFirefox: CVSS (Max): 7.5

MozillaFirefox has released an update that fixes 9 new vulnerabilities

ESB-2022.3331 – PHP: CVSS (Max): 9.8

USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem

ESB-2022.3325 – Traffix SDC: CVSS (Max): 8.6

A remote attacker may be able to exploit this vulnerability to compromise the data confidentiality, integrity, and availability of the affected system

Stay safe, stay patched and have a good weekend!

The AusCERT team