//Week in review - 16 Sep 2022


Members of the AusCERT team recently ventured south from HQ in Brisbane to participate in the long-awaited conference, BSides Melbourne.

With travelling returning to pre-COVID normality, our crew were excited at the opportunity to mingle with members of the industry and gain insights and hear of experiences from a wonderful collection of presenters.

You can read about the highlights and experiences from one of our team in a recent blog, My Time on the BSide.

With school holidays on the horizon, we wish all of those about to embark on travel all the best. Be it heading to the airport or enduring road trips of seemingly ceaseless requests to stop or cries of, “Are we there yet?”, travel safe and may the odds be ever in your favour.

There are still a few spots remaining in our first online information gathering session on how you and your organisation use Cyber Threat Intelligence (CTI).

The short (1 hour) information gathering sessions via video conference so we can pick your brain about CTI with the first session next Tuesday, September 20 from 9 am until 10 am.

To learn more or, register your interest, please click here.

On a greener note, in parts of the world, September 16 is National Guacamole Day. Yes, the avocado-based dip, condiment, and salad ingredient is being celebrated today.

The tasty green blend known as Guacamole (or “guac”) is said to date back to the Aztecs and is today, synonymous with Mexican cuisine. Traditionally served with tortilla chips, guacamole also goes well with corn chips, carrot sticks or even on its own.,

With the price of avocados dropping significantly recently, now is the time to go green with guacamole! We’ve found a recipe or 203 for you to peruse and use – enjoy!

Zero-day in WPGateway WordPress plugin actively exploited in attacks
Date: 2022-09-13
Author: Bleeping Computer

[See also ESB-2022.3966]
The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.
WPGateway is a WordPress plugin that allows admins to simplify various tasks, including setting up and backing up sites and managing themes and plugins from a central dashboard.
This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges to completely take over sites running the vulnerable WordPress plugin.

Ransomware gangs switching to new intermittent encryption tactic
Date: 2022-09-10
Author: Bleeping Computer

A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped.
This tactic is called intermittent encryption, and it consists of encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a valid decryptor+key.
For example, by skipping every other 16 bytes of a file, the encryption process takes almost half of the time required for full encryption but still locks the contents for good.

Uber Says It’s Investigating a Potential Breach of Its Computer Systems
Date: 2022-09-16
Author: The Hacker News

Ride hailing giant Uber disclosed Thursday it’s responding to a cybersecurity incident involving a breach of its network and that it’s in touch with law enforcement authorities.
The New York Times first reported the incident. The company pointed to its tweeted statement when asked for comment on the matter.

Death of Queen Elizabeth II exploited to steal Microsoft credentials
Date: 2022-09-14
Author: Bleeping Computer

Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to malicious sites designed to steal their Microsoft account credentials.
Besides Microsoft account details, the attackers also attempt to steal their victims’ multi-factor authentication (MFA) codes to take over their accounts.
“Messages purported to be from Microsoft and invited recipients to an ‘artificial technology hub’ in her honor,” Proofpoint’s Threat Insight team revealed today.

Rampant ransomware pushes cyber security premium up by 80%
Date: 2022-09-12
Author: Cyber Security Connect

Global insurance broker Marsh has identified that the cost of taking out cyber cover had doubled on average every year for the past three years, which has contributed to the sharp rise in premiums.
Backed by data from another broker, Honan Group, the 80 per cent rise in premiums in the past 12 months has been determined following a 20 per cent increase in the cost of cover in each of the previous two years.
According to Craig Claughton, a senior executive at Marsh, “cyber has become the new D&O”, referring to sharp rises in directors’ and officers’ insurance premiums since 2018.

ASB-2022.0186 – ALERT Microsoft Windows: CVSS (Max): 9.8*

Microsoft Patch Tuesday for September includes patches for various vulnerabilities affecting Windows

ESB-2022.4508 – ALERT macOS Big Sur: CVSS (Max): 7.8*

Apple released updates to Big Sur addressing multiple vulnerabilities out of which CVE-2022-32917 may have been actively exploited

ESB-2022.4611 – Google Chrome: CVSS (Max): None

A stable channel for Google Chrome has been updated to address multiple vulnerabilities

ESB-2022.4555 – Red Hat Advanced Cluster Management: CVSS (Max): 10.0

Multiple security issues and bugs have been fixed in Red Hat Advanced Cluster Management for Kubernetes

Stay safe, stay patched and have a good weekend!

The AusCERT team