AusCERT Week In Review for June 17th 2022

Greetings,

On Wednesday, June 15, the world said goodbye to one of the original web browsers, Internet Explorer.

Dating back to the age of dial-up internet when the electronic gurgling and squeaking noises signalled the impending connection, Internet Explorer diminished in popularity and saw its share of critics over the past twenty-seven years.

However, as reported in The Washington Post there are regions that still heavily rely on it which could result in a few headaches for users.

This week, we also learned of what many have feared and documented in science fiction like The Terminator, Artificial Intelligence (A.I.) sentience, becoming a reality when a Google employee believed a chatbot had become self-aware.

Whilst the validity of this claim is doubted, it has sparked conversation around how A.I. sentience could be determined. ABC News looked at some measures that could be undertaken and, possible implications including moral and legal rights for sentient machines.

A cohort of people that face challenges on this very front is refugees. June 19 – 25 is Refugee Week, a time for all Australians to understand the issues affecting refugees and, celebrate the positive contributions they make to Australian society.

The theme for 2022 is ‘Healing’ which, after a few years of living with a pandemic, is paramount in coming together and contributing to a more connected and accepting culture.

The Refugee Week website has some fantastic resources for individuals and organisations to use to help raise awareness and show your support.

Drupal Patches ‘High-Risk’ Third-Party Library Flaws
Date: 2022-06-13
Author: SecurityWeek

[See AusCERT bulletin ESB-2022.2879]

The Drupal security team has released a “moderately critical” advisory to call attention to serious vulnerabilities in a third-party library and warned that hackers can exploit the bugs to remotely hijack Drupal-powered websites.

The vulnerabilities, tracked as CVE-2022-31042 and CVE-2022-31043, were found and fixed in Guzzle, a third-party library that Drupal uses to handle HTTP requests and responses to external services.

“These do not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites,” according to a Drupal advisory.

Internet Explorer (almost) breathes its final byte on Wednesday
Date: 2022-06-13
Author: Bleeping Computer

Microsoft will finally end support for Internet Explorer on multiple Windows versions on Wednesday, June 15, almost 27 years after its launch on August 24, 1995.

After finally reaching its end of life, the Internet Explorer desktop application will be disabled. It will be replaced with the new Chromium-based Microsoft Edge, with users automatically redirected to Edge when launching IE11.

This retirement affects Internet Explorer 11 desktop apps on specific versions of Windows 10 delivered via the Semi-Annual Channel (SAC) to systems running Windows 10 client SKUs (version 20H2 and later) and Windows 10 IoT (version 20H2 and later).

Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws
Date: 2022-06-14
Author: Bleeping Computer

Today is Microsoft’s June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT ‘Follina’ zero-day vulnerability and new Intel MMIO flaws.

Of the 55 vulnerabilities fixed in today’s update, three are classified as ‘Critical’ as they allow remote code execution, with the rest classified as Important. This does not include 5 Microsoft Edge Chromium updates that were released earlier this week.

CISA Recommends Organizations Update to the Latest Version of Google Chrome
Date: 2022-06-14
Author: Dark Reading

The US Cybersecurity and Infrastructure Agency (CISA) Friday urged users and administrators to update to a new version of Chrome that Google released last week to fix a total of seven vulnerabilities in its browser.

In an advisory, Google described four of the flaws — three of which were reported to the company by external researchers — as presenting a high risk for organizations. The company said it had decided to restrict access to bug details until most users have updated to the new version of Chrome (102.0.5005.115).

Citrix warns critical bug can let attackers reset admin passwords
Date: 2022-06-15
Author: Bleeping Computer

[See ESB-2022.2935]

Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords.

Citrix ADM is a web-based solution that provides admins with a centralized cloud-based console for managing on-premises or cloud Citrix deployments, including Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix Secure Web Gateway.

24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far
Date: 2022-06-15
Author: Dark Reading

Passwordless technology may be one of the most hyped categories in cybersecurity at the moment, but the reality on the ground is that passwords are still widely entrenched — and wildly insecure. Some 24.6 billion complete sets of usernames and passwords are currently in circulation in cybercriminal marketplaces as of this year, a report has found.

That’s four complete sets of credentials for every person on Earth and a 65% increase since the last time this study was conducted, in 2020.

Potent Emotet Variant Spreads Via Stolen Email Credentials
Date: 2022-06-10
Author: Threatpost

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.
Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new malicious phishing campaigns using hijacked emails to spread new variants of the malware.

ASB-2022.0135 – ALERT Microsoft Windows: CVSS (Max): 9.8*

Microsoft has released security patch update for June that resolves 39 vulnerabilities.

ASB-2022.0127.2 – UPDATE ALERT Microsoft Office: CVSS (Max): 7.8

Microsoft has issued CVE-2022-30190 for a zero-day vulnerability that allows remote code execution in Microsoft Office via the ms-msdt protocol scheme.

ESB-2022.2929 – Adobe Illustrator: CVSS (Max): 7.8

Adobe’s most recent update for Adobe Illustrator 2022 resolves vulnerabilities that could lead to arbitrary code execution and memory leak.

ESB-2022.2948 – Cisco Email Security Appliance and Cisco Secure Email and Web Manager: CVSS (Max): 7.7

Cisco has released software updates that address a vulnerability in the web management interface of Cisco Secure Email and
Web Manager that if exploited could allow an authenticated, remote attacker to retrieve sensitive information.

ESB-2022.2961 – ALERT Splunk Enterprise: CVSS (Max): 9.0

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles and let clients to deploy
forwarder bundles to other deployment clients through the deployment server. Splunk advises its clients to upgrade Splunk Enterprise deployment servers to version 9.0 or higher.

Stay safe, stay patched and have a good weekend!

The AusCERT team