//Week in review - 13 May 2022


What a week! AusCERT2022 has officially come to an end and it’s safe to say that it was a resounding success!
We saw a return of many faithful attendees along with many first-time delegates and presenters, including our first keynote speaker of this year’s conference, Kath Koschel.

Kath has faced serious personal, mental and physical setbacks but her resilience has allowed her not only to overcome these challenges, but also see the good in the world when most others couldn’t. Sharing her story with the audience saw many with tears but also, smiles and a resolve to each do #OneSmallAct of kindness each and every day.

Another standout was Jasmine Woolley who presented for the first time, anywhere, and had all in attendance singing her praises. Jasmine demonstrated skill and wisdom beyond her years, asking “How do people in this room help make this statistic better?” in reference to the lack of diversity and inclusion in our industry.

The conference concluded with the crowd favourite Speed Debate. Six topics were discussed including whether people, not machines are the future of cyber security and that there’s no need to worry about ransomware when insurance will pay!

Suffice it to say, there were some passionate arguments delivered with some humour, witty retorts, and the occasional fact!

Hackers exploiting critical F5 BIG-IP bug, public exploits released
Date: 2022-05-09
Author: Bleeping Computer

Threat actors have started massively exploiting the critical vulnerability tracked as CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads.
F5 last week released patches for the security issue (9.8 severity rating), which affects the BIG-IP iControl REST authentication component.
The company warned that the vulnerability enables an unauthenticated attacker on the BIG-IP system to run “arbitrary system commands, create or delete files, or disable services.”

Cyberattacks on managed service providers increasing, US and allies warn
Date: 2022-05-11
Author: The Record

Cybersecurity agencies from the Five Eyes intelligence alliance warned of increased cyberattacks targeting managed service providers (MSPs) on Wednesday morning.
The agencies from the U.S., U.K., Australia, Canada and New Zealand said to “expect state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.”
MSPs are companies paid to manage IT infrastructure and provide support. The companies typically provide remote IT services to smaller businesses lacking an IT department.

Windows 11 KB5013943 update causes 0xc0000135 application errors
Date: 2022-05-11
Author: Bleeping Computer

Windows 11 users are receiving 0xc0000135 errors when attempting to launch applications after installing the recent Windows 11 KB5013943 cumulative update.
Yesterday, Microsoft released new Windows cumulative updates to fix security vulnerabilities and bugs as part of the May 2022 Patch Tuesday.
These updates include the Windows 11 KB5013943 update, which included a fix for a bug causing .NET Framework 3.5 apps not to open if they used the Windows Communication Foundation (WCF) and Windows Workflow (WWF) components.

Beware: This cheap and ‘homemade’ malware is surprisingly effective
Date: 2022-05-09
Author: ZDNet

A powerful form of trojan malware that offers complete backdoor access to Windows systems is being sold on underground forums for the price of a cup of coffee – and it’s being developed and maintained by one person.
Known as DCRat, the backdoor malware has existed since 2018 but has since been redesigned and relaunched.
When malware is cheap it’s often associated with only delivering limited capabilities. But DCRat – offered online for as little as $5 – unfortunately comes equipped with a variety of a functions, including the ability to steal usernames, passwords, credit card details, browser history, Telegram login credentials, Steam accounts, Discord tokens, and more.

LEAK: Commission to force scanning of communications to combat child pornography
Date: 2022-05-11
Author: Euractiv

The European Commission is to put forward a generalised scanning obligation for messaging services, according to a draft proposal obtained by EURACTIV.
The text marks a victory for child advocates, but a setback for privacy activists. The European executive is to unveil on Wednesday (11 May) its proposal to fight the online circulation of child sexual abuse material – CSAM in short.
“Providers of hosting services and providers of interpersonal communication services that have received a detection order shall execute it by installing and operating technologies to detect” CSAM upon request by the competent judicial authority or independent administrative authority, the draft regulation states.

Microsoft May 2022 Patch Tuesday fixes 7 critical vulnerabilities, 67 others
Date: 2022-05-11
Author: ZDNet

Microsoft has released a total of 74 new security fixes for its software products. This includes one “important” flaw (a Windows LSA Spoofing Vulnerability) that was being actively exploited in the wild.
In the Redmond giant’s latest round of patches, usually released on the second Tuesday of each month on what is known as Patch Tuesday, Microsoft fixed the aforementioned active exploit, as well as seven other “critical” issues: five remote code execution (RCE) bugs and two elevation of privilege (EoP) flaws. The remaining list of 67 exploits are dominated by additional RCE and EoP bugs. A smattering of denial-of-service, information leaks, security feature bypasses, and spoofing issues were corrected as well.

Security “mindset shift” needed to protect organisations
Date: 2022-05-09
Author: iTnews

More than half of IT decision-makers said security solution had failed at least once, survey finds.
Manual investigation, third parties, customers and law enforcement are catching far more cybersecurity threats more than software solutions, says Chris Fisher, director of security engineering APJ at cybersecurity company Vectra.

Google adds phishing protection to Workspace apps
Date: 2022-05-12
Author: iTnews

Zero trust for Slides, Docs and Sheets as well as Gmail.
Google’s Workspace productivity apps will get the same phishing and malware protection that Gmail already has later this year, the company said at its annual I/O conference.

ASB-2022.0122 – ALERT Windows: CVSS (Max): 9.8

Microsoft’s security patch update for the month of May 2022 resolved 28 vulnerabilities. According to Microsoft, the most dangerous vulnerability addressed is CVE-2022-26925, which is contained in the Windows Local Security Authority.

ASB-2022.0121 – ALERT Windows: CVSS (Max): 9.8

Microsoft’s most recent update resolves 62 vulnerabilities across Windows, Windows RT and Windows Server.

ESB-2022.2050.2 – UPDATED ALERT F5 BIG-IP Products: CVSS (Max): 9.8

F5 Networks has reported a remote code execution vulnerability in BIG-IP iControl REST tracked in CVE-2022-1388. This is a critical vulnerability with a 9.8 CVSS score.

ESB-2022.2332 – Google Chrome: CVSS (Max): None

Google has released updates for the Stable channel for Desktop. The updates fix 13 known issues.

Stay safe, stay patched and have a good weekend!

The AusCERT team