//Week in review - 27 May 2022


National Reconciliation Week started today, May 27th, and runs until Friday, June 3rd. It’s a time for all Australians to learn about our shared histories, cultures, and achievements, and to explore how each of us can contribute to achieving reconciliation in Australia

As a proud Torres Strait Islander Woman, Jasmine Woolley embodies this year’s theme of Reconciliation Week, “Be Brave. Make Change.”

Taking on the challenge of public speaking for the first time at the recent AusCERT2022 Cyber Security Conference, Jasmine shared her perspective about applying Indigenous (Australian) Philosophy to Cyber Security Strategies.

Demonstrating wisdom beyond her years with an insightful and enlightening presentation, Jasmine provided a fresh perspective on emerging threats to Australia’s security and challenged all in attendance to think about how they can be change-makers.

We congratulate Jasmine on this fantastic achievement and we look forward to seeing what’s next!

National Hamburger Day – yes, it’s an actual thing – is tomorrow, May 28. From simplistic cheeseburgers to the towering stacks, layered with an array of scrumptious and odd ingredients, burgers have become a favourite food for many the world over.

A recent episode of Burger Scholar Sessions on YouTube, shows how to construct the iconic Aussie burger consisting of fried egg, tinned beetroot, and pineapple, and also delves into the history of our beloved burger that confuses and repulses many from elsewhere in the world!

Don’t forget, the AusCERT podcast, Share Today, Save Tomorrow is available to stream now. Featuring eleven episodes that cover a broad range of subjects, and include fascinating discussions from sensational guests, there’s enough content to make your next run, walk, or daily commute more enjoyable!

Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Date: 2022-05-21
Author: Bleeping Computer

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, downloading the functional libraries required for their projects.
On May 17, 2022, threat actors uploaded a malicious package named ‘pymafka’ onto PyPI. The name is very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads on the PyPI registry.

Fake Windows exploits target infosec community with Cobalt Strike
Date: 2022-05-23
Author: Bleeping Computer

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor.
Whoever is behind these attacks took advantage of recently patched Windows remote code execution vulnerabilities tracked as CVE-2022-24500 and CVE-2022-26809.
When Microsoft patches a vulnerability, it is common for security researchers to analyze the fix and release proof-of-concept exploits for the flaw on GitHub.

CISA adds 41 vulnerabilities to list of bugs used in cyberattacks
Date: 2022-05-24
Author: Bleeping Computer

The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR.
The added vulnerabilities come from a wide range of years, with the oldest disclosed in 2016 and the most recent being a Cisco IOS XR vulnerability fixed last Friday.

Quad countries to boost CERT cooperation
Date: 2022-05-24
Author: itnews

International cooperation over cyber security and telecommunications standards will be boosted after this week’s Quad conference in Tokyo.
The White House has released a communique from the four-country leadership meeting, the first official duty of newly-elected prime minister Anthony Albanese.
Action on cyber security is to include strengthened information sharing between the four countries’ Computer Emergency Response Teams (CERT), “including exchanges on lessons learned and best practices”, the communique stated.

Is 100% Cybersecurity Readiness Possible? Medical Device Pros Weigh In
Date: 2022-05-25
Author: Bleeping Computer

As medical devices become more connected and reliant on software, their codebase grows both in size and complexity, and they are increasingly reliant on third-party and open source software components. This forces security pros to address today’s rapidly evolving threat landscape.
In the hopes of helping security professionals better address cybersecurity and regulation, we conducted the 2022 Medical Device Cybersecurity: Trends and Predictions Survey Report, speaking to 150 senior decision makers who oversee product security or cybersecurity compliance in the medical device industry, to learn about their biggest challenges and how they plan to address them.

ESB-2022.2513 – Firefox and Thunderbird: CVSS (Max): 7.5

Mozilla has released advisory to address 2 critical vulnerabilities in Firefox and Thunderbird

ESB-2022.2556 – Google Chrome: CVSS (Max): None

Google Chrome is also updated to version 102 patching multiple vulnerabilities

ESB-2022.2568 – F5 Products: CVSS (Max): 7.3

F5 has released advisory to address Linux Kernel vulnerability accross multiple products

ESB-2022.2570 – Drupal core: CVSS (Max): None

A third party library used by Drupal Core could affect some contributed projects or custom code on Drupal sites

ESB-2022.2607 – Nessus: CVSS (Max): 9.8

Multiple third party components used by Nessus were found to contain vulnerabilities. Tenable has released updates to Nessus to address those vulnerabilities

Stay safe, stay patched and have a good weekend!

The AusCERT team