30 Sep 2022
Week in review
Greetings,
The fallout from last week’s Optus data breach has impacted customers across Australia. There has been a flurry of reports and statements advising the varying options available to affected individuals in relation to attaining a replacement Driver’s Licence, many of which have indicated that they will pursue Optus to cover the cost.
Earlier today, Optus agreed to pay for the replacement of passports exposed in the leak and, that the Australian Federal Police (AFP) had launched Operation Guardian which would prioritise the protection of the 10,000 records that were revealed last week before the hacker had a change of mind about releasing additional data.
Today, September 30, is International Podcast Day, an opportunity to explore seemingly endless genres that anyone can access just about anywhere.
There are millions of podcasts available across an array of platforms, including our very own series, Share Today, Save Tomorrow, which features episodes that range in topics including ITOT Convergence, Diversity and Culture in Cyber Security and more!
You can download or stream an episode, kick back and enjoy a cup of coffee this Saturday, October 1st, which just so happens to be International Coffee Day.
Over three billion cups of coffee are consumed each day across the globe, making it a significant part of many people’s daily routines. This year, members, and partners of the International Coffee Organization (ICO) wish to highlight their commitment to coffee farmers’ prosperity and efforts to reduce the coffee industry’s impact on the environment and mitigate climate change with the vision of an effective Circular Economy.
Two Remote Code Execution Vulnerabilities Patched in WhatsApp
Date: 2022-09-27
Author: Security Week
WhatsApp has patched two serious vulnerabilities that could be exploited for remote code execution.
WhatsApp only has three security advisories for 2022, with the first two released in January and February. The latest advisory, released this month, informs customers of two memory-related issues affecting the WhatsApp mobile applications.
One of the flaws, tracked as CVE-2022-36934 and rated ‘critical’, is an integer overflow issue that affects WhatsApp for Android prior to 2.22.16.12, Business for Android prior to 2.22.16.12, iOS prior to 2.22.16.12, and Business for iOS prior to 2.22.16.12.
Attackers abuse web security flaw in Sophos Firewall
Date: 2022-09-26
Author: The Daily Swig
A recently resolved vulnerability in Sophos Firewall has been abused by attackers in targeted attacks, the vendor warns.
The critical vulnerability (CVE-2022-3236) poses a remote code execution (RCE) risk.
Sophos Firewall v19.0 MR1 (19.0.1) and older are potentially vulnerable to the security bug in the User Portal and Webadmin of Sophos Firewall.
In a security advisory published on Friday (September 23), Sophos said that it has issued a patch that installs automatically in default installations of its firewall technology.
This is just as well given the vulnerability has already featured in attacks in the wild.
Hacking group hides backdoor malware inside Windows logo image
Date: 2022-09-29
Author: Bleeping Computer
Security researchers have discovered a malicious campaign by the ‘Witchetty’ hacking group, which uses steganography to hide a backdoor malware in a Windows logo.
New Microsoft Exchange zero-day actively exploited in attacks
Date: 2022-09-29
Author: Bleeping Computer
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution.
Hackers now sharing cracked Brute Ratel post-exploitation kit online
Date: 2022-09-28
Author: Bleeping Computer
The Brute Ratel post-exploitation toolkit has been cracked and is now being shared for free across Russian-speaking and English-speaking hacking communities.
For those unfamiliar with Brute Ratel C4 (BRC4), it is a post-exploitation toolkit created by Chetan Nayak, an ex-red teamer at Mandiant and CrowdStrike.
Red teamers are cybersecurity professionals whose job is to try and breach a corporate network to learn its flaws, while those on the blue team attempt to defend against these attacks.
Russia Planning Cyberattacks on Ukraine’s Energy Grid
Date: 2022-09-27
Author: Dark Reading
As protests against military conscription rage inside Russia, the country is planning to continue its offensive into Ukraine with cyberattacks on critical infrastructure.
The Odessa Journal reported Ukrainian military intelligence has learned the first cyberattacks will soon be launched against the Ukrainian energy sector, informed by previous Russian cyberattacks on the country’s electricity infrastructure in 2015 and 2016. After energy supply operations are crippled by cyberattacks, the Russian military plans to ramp up missile strikes on those facilities to shut down the electrical service throughout the war-battered country.
Microsoft finally adds a Task Manager link to the Windows 11 taskbar
Date: 2022-09-29
Author: Bleeping Computer
Microsoft has finally re-added a link to the Task Manager to the taskbar’s contextual menu in the latest Windows 11 Insider preview build.
ASB-2022.0190.3 – Optus Data Breach
Following a cyberattack, Optus has advised its customers to be vigilant about any suspicious activities.
ESB-2022.4826 – Cisco IOS XE: CVSS (Max): 5.5
Cisco has released software updates that address a vulnerability in the web UI feature of Cisco IOS XE software.
ESB-2022.4848 – chromium: CVSS (Max): 7.8
Debian has released an upgrade package for Chromium that addresses a vulnerability which allows an attacker to execute arbitrary code denial of service or information disclosure.
ASB-2022.0191 – ALERT Microsoft Exchange Server
News is currently emerging regarding possible Microsoft Exchange Server Zero-Day Vulnerabilities which could lead to remote code execution.
ESB-2022.4884 – Google Chrome: CVSS (Max): None
Google has released a new Chrome update for Windows, Mac and Linux.
Stay safe, stay patched and have a good weekend!
The AUSCERT team