//Week in review - 18 Mar 2022


Today, March 18th, is World Sleep Day – yes, really! There are many benefits from having quality sleep that includes improved mental health, mood, and decision-making. It has also been recognised as significant in preventative health and wellbeing, alongside fitness and nutrition.

There are many ways that we can each improve our sleep that ranges from exercise in the morning to a warm shower at night and setting cut-off times from technology each evening to allow a wind down before sleep.

The Sleep Health Foundation is on a mission to improve as many lives through better sleep and have a range of resources and activities designed to help them with that goal.

Some folks that may be taking on some suggestions on improved sleep ahead of their presentations are our Speakers for this year’s AusCERT2022 Cyber Security Conference!

That’s right, we have officially announced our line-up that includes Keynote Speakers Kath Koschel of The Kindness Factory and Lesley Carhart amongst some familiar faces and first-timers.

Visit the AusCERT2022 website to see our speaking line-up and, perhaps register yourself to come along to the Gold Coast this May?

Lastly, we wanted to advise, or remind those in the know, of the upcoming release of .au direct domain names.

As detailed in our recent blog, the Australian Domain Administration (auDA) will be making the shorter and simpler domain names available from Thursday, March 24th, 2022.

The blog highlights the advantages of the upcoming release but also outlines some precautionary measures that may apply to you and your business.

QNAP warns severe Linux bug affects most of its NAS devices
Date: 2022-03-14
Author: Bleeping Computer

Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed ‘Dirty Pipe’ that allows attackers with local access to gain root privileges.
The ‘Dirty Pipe’ security bug affects Linux Kernel 5.8 and later versions, even on Android devices. If successfully exploited, it allows non-privileged users to inject and overwrite data in read-only files, including SUID processes that run as root.

Android malware Escobar steals your Google Authenticator MFA codes
Date: 2022-03-12
Author: Bleeping Computer

The Aberebot Android banking trojan has returned under the name ‘Escobar’ with new features, including stealing Google Authenticator multi-factor authentication codes.
The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.

New ransomware LokiLocker bundles destructive wiping component
Date: 2022-03-17
Author: CSO Online

A new ransomware operation dubbed LokiLocker has slowly been gaining traction since August among cybercriminals, researchers warn. The malicious program uses a relatively rare code obfuscation technique and includes a file wiper component that attackers could use against non-compliant victims.
“LokiLocker is a relatively new ransomware family targeting English-speaking victims and Windows PCs. The threat was first seen in the wild in mid-August 2021,” researchers from BlackBerry’s Research & Intelligence Team said in a new report.

New Linux botnet exploits Log4J, uses DNS tunneling for comms
Date: 2022-03-15
Author: Bleeping Computer

A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies.
The newly found malware, dubbed B1txor20 by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab), focuses its attacks on Linux ARM, X64 CPU architecture devices.
The botnet uses exploits targeting the Log4J vulnerability to infect new hosts, a very appealing attack vector seeing that dozens of vendors use the vulnerable Apache Log4j logging library.

Ukraine invasion opens political rift between cybercriminals
Date: 2022-03-15
Author: The Register

Cybercriminals are taking sides over Russia’s deadly invasion of Ukraine, putting either the West or Moscow in their sights, according to Accenture.
The consultancy giant’s Cyber Threat Intelligence team, which tracks illicit dark-web activity, said in a report dated Monday that this is the first time it has witnessed “financially motivated threat actors divided along ideological factions.”

ESB-2022.1083 – macOS Monterey: CVSS (Max): 9.1*

Apple has released advisory to address multiple vulnerabilities in the packages used in macOS

ESB-2022.1076 – Apache HTTP Server: CVSS (Max): 7.4

Multiple vulnerabilities affecting Apache HTTP server have been fixed in version 2.4.53

ESB-2022.1108 – squid: CVSS (Max): 9.6

An incorrect input validation vulnerability leading to cache poisoning has been addressed

ESB-2022.1147 – Bind 9.18.0: CVSS (Max): 7.0

ISC advises updates to Bind to address multiple vulnerabilities.

ESB-2022.1165 – Treck TCP/IP Stack: CVSS (Max): 10.0

Treck TCP/IP Stack is widely used in embedded systems. It is recommended to update the version to or later

ASB-2022.0070 – Microsoft Edge (Chromium-based): CVSS (Max): 6.3*

Microsoft has advised users to update Edge (Chromium based) to address multiple vulnerabilities assigned by Google Chrome

Stay safe, stay patched and have a good weekend!

The AusCERT team