//Week in review - 6 May 2022


Yesterday, May 5, was ‘World Password Day’ which was created in 2013 to help promote the use of good password habits online. As technology and cyber threats advance, log-in methods, such as multi-factor authentication, are developed to help us all be more secure.

Microsoft recently implemented a service to reduce relying on passwords altogether, whilst still protecting accounts, along with some tips to help manage online security.

Speaking of ways to improve your online security, the next round of courses in the AusCERT training calendar is Cyber Security Risk Management which is being held on June 13 and 14.

Delivered remotely via Microsoft Teams in two half-day sessions, the course will provide attendees with the confidence to perform a risk assessment of cyber security risks and the ability to rate and assess business risks rather than technical vulnerabilities.

For more information on this course, and others, or, to book online visit the AusCERT Education page on our website.

Just four sleeps remain until AusCERT2022 which is already generating a lot of buzz and excitement! The 21st Annual AusCERT Cyber Security Conference has a sensational line-up of speakers, tutorials and events, along with a few surprises, that we can’t wait to share with attendees.

Have a great weekend and we look forward to seeing a lot of you on the Gold Coast next week!

NIST Issues Guidance for Addressing Software Supply-Chain Risk
Date: 2022-05-06
Author: Darkreading

The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for addressing software supply-chain risk, offering tailored sets of suggested security controls for various stakeholders.
Software supply-chain attacks rocketed to the top of the enterprise worry list last year as the SolarWinds and Log4Shell incidents sent shockwaves through the IT security community. Security practitioners are increasingly concerned about the safety of open source components and third-party libraries that make up the building blocks of thousands of applications. Another cause of worry is the varied ways platforms can be abused, as in the Kaseya attack last year, when cybercriminals compromised a managed application, or with SolarWinds, where they hacked an update mechanism to deliver malware.

Large amount of IoT gear menaced by unpatched DNS vulnerability
Date: 2022-05-04
Author: Security iTnews

Security researchers have found that it is possible to conduct domain name system (DNS) poisoning attacks against Internet of Things devices, thanks to a bug in the popular uClibc and uClibc-ng standard C libraries.
Although the bug was disclosed last year, it remains unpatched as the maintainer has not been able to develop a fix for it.
An attacker can predict transaction IDs in DNS requests that the libraries generate, allowing DNS poisoning attacks that can be used to redirect traffic and spoof legitimate websites.

F5 warns of critical BIG-IP RCE bug allowing device takeover
Date: 2022-05-04
Author: Bleeping Computer

F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP.
The vulnerability is tracked as CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, categorized as critical. Its exploitation can potentially lead up to a complete system takeover.
According to F5’s security advisory, the flaw lies in the iControl REST component and allows a malicious actor to send undisclosed requests to bypass the iControl REST authentication in BIG-IP.

Aussie organisations succumbing to ransomware threat
Date: 2022-05-02
Author: Cyber Security Connect

Almost half of the 80 per cent of Australian organisations targeted by ransomware paid cyber criminals, according to new Sophos research.
Global cyber security company Sophos has released its State of Ransomware 2022 report — which involves a survey of 5,600 mid-sized organisations in 31 countries — revealing 80 per cent of Australian organisations were hit with ransomware attacks over the course of 2021, up from 45 per cent in 2020.
Of those targeted, 43 per cent paid cyber criminals between US$100,000 and US$499,999.

Transport for NSW struck by cyber attack
Date: 2022-05-04
Author: ZDNet

Transport for NSW has confirmed its Authorised Inspection Scheme (AIS) online application was impacted by a cyber incident in early April.
The AIS authorises examiners to inspect vehicles to ensure a minimum safety standard. To become an authorised examiner, online applications need to be submitted and requires applicants to share personal details including their full name, address, phone number, email address, date of birth, and driver’s licence number.

Security through visibility: supporting Essential Eight cyber mitigation strategies
Date: 2022-05-03
Author: iTnews

How can you secure what you cannot see?
Strong cybersecurity strategies have become mission critical – because interrupted business leads to financial loss, employee and customer dissatisfaction and subsequent lost relationships – as well as damage to your integrity and reputation. So, the question stands as: How can you reduce and mitigate cybersecurity risk?

Security Stuff Happens: What Do You Do When It Hits the Fan?
Date: 2022-05-03
Author: Dark Reading

Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won’t lead to extensive damage to a company’s bottom line.
Wise security professionals understand that threat actors aren’t sitting still, and they aren’t playing by the same rules as old-school groups. Lapsus$, for example, is gaining notoriety for its unpredictable behavior, using tactics like extortion and bribing insiders for initial access. It has left even the most experienced security pros scratching their heads.

ESB-2022.2027 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 6.1*

GitLab has released newer versions for both Community and Enterprise Editions to address multiple vulnerabilities

ESB-2022.2029 – Firefox: CVSS (Max): 7.5*

Mozilla Foundation has updated Firefox ESR with a new version 91.9 fixing several vulnerabilities

ESB-2022.2043 – Cisco Enterprise NFVIS: CVSS (Max): 9.9

A critical Guest Escape vulnerability along with other critical vulnerabilities affects Cisco NFVIS in the default configuration. Cisco has released an advisory with a fixed version

ESB-2022.2050 – ALERT F5 BIG-IP Products: CVSS (Max): 9.8

A vulnerability in the control plane of BIG-IP modules allows an unauthenticated remote attacker to execute commands and create/delete arbitrary files in the system. F5 has released patches for the affected versions. BIG-IP version 17.x is not affected

Stay safe, stay patched and have a good weekend!

The AusCERT team