//Week in review - 4 Feb 2022


The beginning of February signified the Lunar New Year which in 2022, is the Year of the Tiger.

Many Asian cultures historically follow a lunar calendar which sees the Lunar New Year fall on a different day than the (solar) Gregorian calendar.

People born during a Tiger Year are thought to be natural leaders who are both brave and thrill-seeking, often craving attention.

Some might say, these attributes are embodied by a lot of the competitors at this year’s Winter Olympic Games that officially gets underway tonight, in Beijing China.

Though an exciting time for all taking part, the FBI has issued a warning to athletes to take a temporary, or burner, phone with them to mitigate risk of cyberattacks.
NPR details the reason for this with all participants and officials required to download and use an app as part of the COVID-19 safety protocols.

With over 450 million cyberattacks connected to the 2020 Tokyo Olympic and Paralympic games, the FBI is concerned the app would be a potential target for ransomware and malware, data theft, and distributed denial of service attacks.

Elsewhere, a recent situation at Spotify has seen an exodus from the music streaming service.

Subsequently, people across the globe have been looking at alternative platforms for their audio fixations with ZDNet providing a range of services to compare and evaluate to help in the decision-making process to get back to enjoying your favourite artists, songs and podcasts (including our very own ‘Share today, Save tomorrow’)

600K WordPress sites impacted by critical plugin RCE vulnerability
Date: 2022-01-31
Author: Bleeping Computer

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older.
The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.
"The local file inclusion vulnerability exists due to the way user input data is used inside of PHP's include function that are part of the ajax_load_more and ajax_eael_product_gallery functions." explains PatchStack researchers who discovered the vulnerability.

Malicious hybrid cloud campaign uses 0Auth apps to target C-level executives
Date: 2022-01-28
Author: SC Media

Researchers reported a new hybrid cloud campaign — dubbed OiVaVoii — that uses hijacked Office 365 users and a sophisticated combination of malicious OAuth apps and targeted phishing threats to attack many C-level executives, including CEOs, general managers, former board members and the presidents of companies.
In a Jan. 28 blog post, Proofpoint researchers said starting on Jan. 18, they observed account takeovers by malicious OAuth apps stealing OAuth tokens and via credential theft. The researchers said there are other risks after the account takeovers, mainly data leakage, continued phishing, lateral movement, brand abuse and malware distribution.

NSW Police warns of new FluBot malware scam phishing texts
Date: 2022-02-01
Author: Cyber Security Connect

NSW Police posted a warning on their official Facebook page about the new FluBot phishing texts that have been making the rounds, sending malware links that enables download and installation of malicious software on to devices.
According to Scamwatch, many Australians have been receiving scam text messages about missed calls, voicemails, deliveries and photo uploads since August 2021.
The text messages ask recipients to tap on a link to download or access something. Doing so will download a specific type of malware to your device. These are “FluBot” text messages.

Australian Red Cross clients potentially caught up in international cyber attack
Date: 2022-01-31
Author: iTnews

Australian Red Cross is contacting clients and reviewing its local systems and services in the wake of a “major” cyber attack on a large database hosted by the International Committee of the Red Cross (ICRC).
The database held case file details on more than 500,000 people worldwide who had sought services for loved ones missing or uncontactable overseas due to disaster or conflict, or that were being held in immigration detention.

Scammers continue to spoof job listings to steal money and data, FBI warns
Date: 2022-02-02
Author: The Record

Since at least early 2020, video game giant Riot Games has been dealing with a scam that is increasingly ensnaring companies and job seekers alike.
According to a lawsuit filed by the company in November, a team of scammers “undertook an extensive, coordinated, and highly sophisticated fraud scheme” that lured eager professionals into handing over banking information and other sensitive data by dangling fraudulent job postings and interviews with fake human resources representatives.
Similar scams have been reported by Biogen, Vox Media, Harvard University and many others.
On Tuesday, the US Federal Bureau of Investigation warned that these scams have cost victims an average of [US]$3,000 since 2019, and often negatively impact their credit scores. The FBI’s Internet Crime Complaint Center (IC3) specifically alerted companies to a lack of strong security verification standards on recruitment websites, which allows criminals to post fake job ads.

ESB-2022.0429 – Samba: CVSS (Max): 9.9

All versions of Samba prior to 4.13.17 are vulnerable to an
out-of-bounds heap read write vulnerability leading to root compromise

ESB-2022.0462 – Google Chrome: CVSS (Max): None

Google has released updates to Chrome to address 19 security vulnerabilities

ASB-2022.0049 – Microsoft Edge (Chromium-based): CVSS (Max): 7.7*

Following Google Chrome advisory, Microsoft has also released updates for Edge (Chromium based) with an addition of 3 unique CVEs

ESB-2022.0454 – ALERT Cisco RV Series Routers: CVSS (Max): 10.0

Multiple vulnerabilities in RV series routers have been identified with a CVSS score of 10.0

ESB-2022.0501 – GitLab Community Edition and GitLab Enterprise Edition: CVSS (Max): 7.7

GitLab has released security updates to address multiple vulnerabilities

Stay safe, stay patched and have a good weekend!

The AusCERT team