//Week in review - 21 Oct 2022


AusCERT has been receiving reports of various Request For Quote (RFQ) scams spoofing Australian Universities and targeting several small vendors via the spoofed domain. Our recent blog post delves into the current methods being used to help identify potential scams and recommendations on what can be done, should you be the victim of such a scam.

AusCERT aims to inform and educate how and when we can, including through our training sessions, aimed at anyone that looks after their organisation’s cyber security.

We have three courses currently available for the remainder of 2022, as per the below:

  • Intro to Cyber for IT Professionals | October 24 and 25 (it’s not too late to register!)
  • Cyber Security Risk Management | October 31 and November 1
  • Incident Response Planning | December 6 and 7

All courses are delivered online in two half-day sessions from 9 am to 12:30 pm each day. For more information on each course or, to book online, visit our Education page.

Diwali, also known as the Festival of lights or Deepavali, will commence on Monday, October 24 and is a five-day-long celebration. It is revered as a day to light the lamp of power, knowledge, and virtues within each of us and signifies the victory of good over evil.

Watch out for the celebrations with entertainers, fireworks displays, dancing performances, music, henna and more throughout the city in many shopping centres, King George Square and Indian restaurants.

You can learn more about this cultural festival, including a feast consisting of special dishes, by clicking here.

Speaking of food, today is International Day of the Nacho. Yes, there is an official day to indulge and overeat the tasty corn chip or tortilla-based treat, layered with guacamole, beans, minced beef and cheese!

Invented in 1943, nachos have been a go-to dish for many with unknown and seemingly unlimited variations seen in their near 80-year history. To see how others eat their nachos, or, to learn more about this Tex-Mex culinary delight, click here.

Adobe patches critical Magento XSS that puts sites at takeover risk
Date: 2022-10-14
Author: The Daily Swig

A super-critical vulnerability in Adobe Magento could allow attackers to fully compromise e-commerce platforms, according to the security researcher who unearthed the bug. Adobe has urged users to update their systems to protect their websites from abuse of the flaw, which has been assigned the maximum possible severity (CVSS) score of 10.

Woolworths says 2.2m MyDeal customers’ data hacked
Date: 2022-10-15
Author: Financial Review

[Refer AusCERT Bulletin: ASB-2022.0200.2]
In the third major corporate security breach in as many weeks, Woolworths is scrambling to contact 2.2 million customers of its MyDeal online marketplace arm whose data has been accessed by an unauthorised user using “compromised” credentials, the supermarkets giant says.
The hack follows telecoms group Optus in owning up to data breaches affecting millions of consumers. Health insurer Medibank Private also disclosed a data breach but said it had no evidence of any customer data being accessed, although it was still investigating the hack.

Apache Commons Text RCE flaw — Keep calm and patch away
Date: 2022-10-19
Author: Bleeping Computer

[Refer AusCERT Bulletin: ESB-2022.5278]
A remote code execution flaw in the open-source Apache Commons Text library has some people worried that it could turn into the next Log4Shell. However, most cybersecurity researchers say it is nowhere near as concerning.
Apache Commons Text is a popular open-source Java library with an “interpolation system” that allows developers to modify, decode, generate, and escape strings based on inputted string lookups.
For example, passing the string lookup ${base64Decoder:SGVsbG9Xb3JsZCE=} to the interpolation system would cause the library to convert it to its base64 decoded value of ‘HelloWorld!’.

Microsoft Office 365 email encryption could expose message content
Date: 2022-10-14
Author: Bleeping Computer

Security researchers at WithSecure, previously F-Secure Business, found that it is possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365 due to the use of a weak block cipher mode of operation.
Organizations use Office 365 Message Encryption to send or receive emails, both external and internal, to ensure confidentiality of the content from destination to source.
However, the feature encrypts the data using the Electronic Code Book (ECB) mode, which allows inferring the plaintext message under certain conditions.

Police tricked a ransomware gang into handing over its decryption keys. Here’s how they did it
Date: 2022-10-17
Author: ZDNET

Police tricked a ransomware gang into handing over decryption keys, providing victims with the ability to unlock their encrypted data for free.
Working alongside cybersecurity company Responders.NU, the Dutch National Police obtained 150 decryption keys from ransomware group Deadbolt.
With the decryption keys now in the hands of law enforcement, some victims of Deadbolt ransomware attacks can retrieve encrypted files and servers without the need to pay cyber-criminal extortionists.

Medibank’s alleged attackers threaten data release, extortion
Date: 2022-10-20
Author: iTnews

[Refer AusCERT Bulletin: ASB-2022.0199.3]
Medibank has entered a trading halt after being contacted by a group claiming to have copied customer data.
The Sydney Morning Herald yesterday reported it had heard from the alleged attackers, who were threatening to release patient data from a “200 gigabyte” haul.
The threats included selling the data, or releasing information like diagnoses about the most prominent people found in the database.
In an market disclosure late yesterday, the health insurer said it was “a new development” that will “cause concerns for customers”.

ESB-2022.5278 – Apache Commons Text : CVSS (Max): 9.8

Apache Software Foundation has reported a critical vulnerability in Apache Common Text and recommends its users to upgrade to version 1.10.0.

ASB-2022.0199.3 – UPDATE Medibank Cyber Security Incident

Medibank has reported that the alleged hacking group has provided a sample of records for 100 policies. Australian Federal Police is investigating the issue as a crime.

ASB-2022.0200.2 – UPDATE MyDeal Data Breach

The hacker involved in the MyDeal data breach has reportedly released samples of the stolen data to a hacking forum. MyDeal customers are encouraged to reset their passwords.

ASB-2022.0220 – Oracle PeopleSoft: CVSS (Max): 8.1*

Multiple vulnerabilities have been identified in Oracle PeopleSoft. The vendor has released a critical patch update which contains 8 new security patches.

ASB-2022.0201 – Oracle Commerce Platform: CVSS (Max): 9.8

The critical patch update for October 2022 contains 3 new security patches for Oracle Commerce.

ESB-2022.5232 – Jenkins Plugins: CVSS (Max): 8.8

Jenkins Security Advisory for October 2022 announces vulnerabilities in Jenkins plugins. Security updates have been released for most of the plugins.

Stay safe, stay patched and have a good weekend!

The AusCERT team