AUSCERT Week in Review for 13th November 2020 Greetings, This week we launched our AUSCERT2021 Call for Papers initiative. Help us celebrate the 20th anniversary of Australia’s original and oldest information security conference. AUSCERT members, we would love to see YOUR submissions containing stories – whether they’re of success or failure! The “heart” of our conference has always been about knowledge sharing and collaboration, so if you’ve got a story to share, AUSCERT may be able to provide you a stage. Feel free to share this with your network. This week we also celebrated NAIDOC Week 2020 with friends from Baidam Solutions. We were proud to host a panel session and an online screening of the film “In My Blood It Runs”. This film is an observational feature documentary following 10-yr-old Arrernte Aboriginal boy Dujuan as he grows up in Alice Springs, Australia. The work we do in terms of reconciliation in this country is ongoing, the producers of this film have shared a resource of First Nations-led solutions we can all explore here. With November 2020’s Patch Tuesday taking place this week, be sure to note our Security Bulletins highlighted below. And last but not least, we would like to quickly highlight the following alert issued by the ACSC (cyber.gov.au) just this morning on the SDBBot targeting our country’s health sector. For those of you who celebrate – Happy Diwali, may it be filled with light despite the year we’ve all had. Until next week, have a wonderful weekend everyone. Intel fixes 95 vulnerabilities in November 2020 Platform Update Date: 2020-11-11 Author: Bleeping Computer [AUSCERT issued an alert on CVE-2020-12321 and 12322 yesterday, please refer to ESB-2020.3962] Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology (AMT). The issues were detailed in the 40 security advisories published by Intel on its Product Security Center, with the company having delivered security and functional updates to users through the Intel Platform Update (IPU) process. Microsoft, Amazon, Cisco, Salesforce alarmed at security incident response takeover by govt Date: 2020-11-09 Author: iTnews Microsoft, AWS, Telstra, Cisco and Salesforce reacted with alarm at the prospect of direct administrative intervention by Australian authorities to counter cyber security threats against certain customers. Draft laws proposed by Home Affairs include “last resort” government assistance powers that, in “exceptional circumstances”, would allow the government to intervene in a particularly threatening attack scenario. The powers are broad – allowing the government to install programs, “access, add, restore, copy, alter or delete data”, alter the “functioning” of hardware or remove it entirely from premises, according to an exposure draft of the bill published today. IoT security is a mess. These guidelines could help fix that. Date: 2020-11-10 Author: ZDNet The supply chain around the Internet of Things (IoT) has become the weak link in cybersecurity, potentially leaving organisations open to cyber attacks via vulnerabilities they’re not aware of. But a newly released set of guidelines aims to ensure that security forms part of the entire lifespan of IoT product development. New guidelines from European Union Agency for Cybersecurity (ENISA) recommend that all stages of the IoT device lifecycle need to be considered to help ensure devices are secure. Chinese hacking competition cracks Chrome, ESXi, Windows 10, iOS 14, Galaxy 20, Qemu, and more Date: 2020-11-09 Author: The Register VMware has taken the unusual step of warning about an imminent security advisory after a Chinese team successfully popped its flagship product. News of the crack came from Tianfu Cup, a hacking contest staged in China over the weekend and modelled on events like “Pwn2Own” where vendors allow teams to take down their wares under controlled conditions. The targets for the competition included the iPhone 11 running the new iOS 14, and the big four browsers – Chrome, Safari, Firefox and Edge. Cup organisers said 11 of the attacks succeeded. Play Store identified as main distribution vector for most Android malware Date: 2020-11-11 Author: ZDNet The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study — considered the largest one of its kind carried out to date. Using telemetry data provided by NortonLifeLock (formerly Symantec), researchers analyzed the origin of app installations on more than 12 million Android devices for a four-month period between June and September 2019. In total, researchers looked at more than 34 million APK (Android application) installs for 7.9 million unique apps. ESB-2020.4051 – Apache OpenOffice: Execute arbitrary code/commands – Remote with user interaction A malicious document can contain links to any executable on the system triggered via a single click. ESB-2020.4043 – MISP: Multiple vulnerabilities An important SSRF vulnerability fixed, and numerous improvements. ESB-2020.3962 – Intel Wireless Bluetooth products: Multiple vulnerabilities One of around 40 Intel advisories released this week. This wireless issue is remotely exploitable. ASB-2020.0206 – Microsoft Windows: Multiple vulnerabilities Microsoft released numerous fixes for many products this week as part of its monthly ‘Patch Tuesday’. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 6th November 2020 Greetings, This week, our team enjoyed participating in the Inaugural AHECS Cybersecurity Summit “Bridging the Gap”. Well done to all partners involved: AARNet, Australian Access Federation (AAF), REANNZ and especially to the team from CAUDIT. Several great takeaways from the presentations delivered over the 2.5 days which focussed on the various cybersecurity threats and safeguard measurements we should be adopting in order to protect the reputation of Australasia’s universities. We also sat down with Sean, an analyst in our team, to put together a case study on AUSCERT’s Incident Management service; one that is integral to our organisation as a CERT. Coincidentally, this week marks our 24th anniversary as part of FIRST, very proud of our rich history as a CERT! Next week will see us celebrating NAIDOC Week 2020 with friends from Baidam Solutions. We are pleased to invite you to an online screening of the film “In My Blood It Runs” on Thursday 12 November. This film is an observational feature documentary following 10-yr-old Arrernte Aboriginal boy Dujuan as he grows up Alice Springs, Australia. Preceding this screening will be a 20-minute panel discussion. For further details and to RSVP, please visit our website here. Last but not least, we must apologise – due to unforeseen circumstances, we have had to delay the launch of our AUSCERT2021 Call for Papers initiative. We’re confident this will be announced early next week though. So please keep an eye out for details on this launch on our communication channels. Until next week, have a wonderful weekend everyone. UK cyber-threat agency confronts Covid-19 attacks Date: 2020-11-03 Author: BBC News [The NCSC Annual Review 2020 was released on 03 Nov; to find out more, please refer to their website directly.] More than a quarter of the incidents which the UK’s National Cyber Security Centre (NCSC) responded to were Covid-related, according to its latest annual report. The review covers the period from September 2019 to August 2020, so the pandemic occupied an even higher proportion of the agency’s efforts after the first lockdown began. In total there were 723 incidents of all kinds, marking close to a 10% rise on the previous period. Of those, 194 were Covid-related. Sustained targeting of the health sector Date: 2020-10-30 Author: ACSC (cyber.gov.au) [Further resources can also be found on the AUSCERT LinkedIn page] The Australian Signals Directorate’s Australian Cyber Security Centre has identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector. We continue to see activity against the health sector similar to the increase of identified Emotet activity in Advisory 2020-17: Resumption of Emotet malware campaign. This type of campaign is not limited to Australia, with the United States of America Cybersecurity and Infrastructure Security Agency (CISA) recently issuing a cyber security alert. This alert identifies a campaign, with Emotet and TrickBot being used to further deploy Conti or Ryuk ransomware variants. The alert also provides detection and mitigation advice. While this campaign is targeted at the health sector, the ACSC recommends that all Australian organisations read the two documents linked above and follow their recommended mitigation advice. Google patches second Chrome zero-day in two weeks Date: 2020-11-02 Author: ZDNet Google has released a security update today for its Chrome web browser that patches ten security bugs, including one zero-day vulnerability [identified as CVE-2020-16009] that is currently actively exploited in the wild. In typical Google fashion, details about the zero-day and the group exploiting the bug have not been made public — as a way to allow Chrome users more time to install the updates and prevent other threat actors from developing their own exploits for the same zero-day. Govt kicks off long-awaited Privacy Act review Date: 2020-10-30 Author: iTnews The federal government has kicked off its review of the Privacy Act, which will consider whether Australians should have the right to have their personal information erased like in the European Union, among other reforms. Attorney-General Christian Porter on Friday released the terms of reference for the wide-ranging review that the government committed to undertake in response to the digital platforms inquiry in December 2019. The review will consider whether the Privacy Act, which has not been amended since the introduction of the Australian Privacy Principles (APP) in 2012, remains fit for purpose in the digital economy. The energy-sector threat: How to address cybersecurity vulnerabilities Date: 2020-11-03 Author: McKinsey & Company Electric-power and gas companies are especially vulnerable to cyberattacks, but a structured approach that applies communication, organizational, and process frameworks can significantly reduce cyber-related risks. ESB-2020.3893 – gnome: Multiple vulnerabilities Gnome vulnerabilities offered attackers opportunity to complete remote code execution, denial of service, cross-site scripting, and privileged & confidential data access. ESB-2020.3833.2 – Cisco IOS XR Software: Multiple vulnerabilities Cisco’s enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software allowed an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. ESB-2020.3818 – Cisco Identity Services Engine: Multiple vulnerabilities Cisco Identity Services Engine (ISE) web-based management interface vulnerabilities allows an authenticated, remote attacker with administrative credentials to conduct cross-site scripting, remote code execution attacks, and compromise root. ESB-2020.3598.2 – UPDATE VMware Products: Multiple vulnerabilities VMware have updated patch version details associated with their earlier advisory after release of ESXi patches that completed the incomplete fix for CVE-2020-3992, which carries a 9.8 Critical CVSS3 score. ESB-2020.3789 – ALERT wordpress: Multiple vulnerabilities Multiple vulnerabilites reported against WordPress, permitting opportunity for remote code execution, privilege escalation, cross-site request forgery, denial of service and cross-site scripting attacks. ESB-2020.3777 – BIG-IP Products: Multiple vulnerabilities BIG-IP Products affected by Administrator compromise, remote code execution and cross-site Scripting vulnerabilities. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 30th October 2020 Greetings, This week, our team enjoyed participating in the range of initiatives that took place for AU CyberWeek2020, well done to colleagues from AustCyber for their wonderful work in pulling this event off. Next week sees us supporting the Inaugural AHECS Cybersecurity Summit “Bridging the Gap”. Coby Prior, our infrastructure Engineer Lead will be presenting on the topic of Honeypots of Threat Intelligence. We look forward to connecting with you at this Summit. Keep an eye out for the launch of our AUSCERT2021 Call for Papers initiative by following AUSCERT on social media Twitter, LinkedIn and Facebook. Do YOU or someone YOU KNOW have a great story to tell? We would like to hear it! At AUSCERT2021, we want to see you dusting off your playbooks: Security, Orchestration, Automation, and Response will see us SOARing with cyber. Last but not least, don’t forget to complete the 2020 BDO in Australia and AUSCERT Cyber Security Survey by COB today! Do not miss your chance to gain insight into the maturity of your organisation’s cyber security approach. This annual survey will allow you to benchmark your organisation’s current cyber security efforts with industry trends and determine ways to improve its cyber security culture, planning and response measures. Until next week, have a wonderful weekend everyone. Don’t dose up on too much Halloween sugar and Queenslanders – enjoy the state election weekend and last but not least, congratulations again to our friends in Melbourne and the wider Victorian region for their tremendous effort in tackling the Covid curve! Emotet malware now wants you to upgrade Microsoft Word Date: 2020-10-24 Author: Bleeping Computer Emotet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature. Emotet is a malware infection that spreads through emails containing Word documents with malicious macros. When opening these documents, their contents will try to trick the user into enabling macros so that the Emotet malware will be downloaded and installed on the computer Attackers finding new ways to exploit and bypass Office 365 defenses Date: 2020-10-26 Author: Help Net Security Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways (SEGs), an Area 1 Security study reveals. Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise to evade traditional email defenses, which are based on already-known threats. Attackers also often use Microsoft’s own tools and branding to bypass legacy defenses and email authentication (DMARC, SPF, DKIM). Business Email Compromise Date: 2020-10-27 Author: ACSC (cyber.gov.au) [Members, feel free to reach out via our 24/7 Incident Hotline for any BEC related assistance] The Australian Cyber Security Centre (ACSC) has released a new publication – Protecting Against Business Email Compromise (BEC) – to help Australians defend against these deceptive and expensive scams. Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo Date: 2020-10-28 Author: Krebs on Security In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. Massive Nitro data breach impacts Microsoft, Google, Apple, more Date: 2020-10-26 Author: Bleeping Computer A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. ESB-2020.3750 – Junos OS: Multiple vulnerabilities Appliances running Junos OS affected by serious Administrator Compromise and Cross-site Scripting vulnerabilities. ESB-2020.3709 – python-django: Multiple vulnerabilities Contained multiple vulnerabilities which would grant attackers abilities to modify arbitrary files, cause denial of service and access confidential data. ESB-2020.3701 – thunderbird: Multiple vulnerabilities Thunderbird hosted multiple vulnerabilities including remote code execution and denial of service. ESB-2020.3669 – linux kernel: Multiple vulnerabilities World-wide user of the Linux kernel were affected by multiple vulnerabilities including Root Compromise. ESB-2020.3662 – ALERT phpmyadmin: Multiple vulnerabilities Popula phpmyadmin contained remote code execution, cross-site scripting and confidential data access vulnerabilities. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 23rd October 2020 Greetings, A number of important security patches to pay attention to this week (Oracle, Google and Cisco) – please refer to our highlighted articles and Security Bulletins section below. Members, a copy of our October edition of the AUSCERT membership newsletter aka The Feed, landed in your inbox earlier this week. Be sure to catch up on all of our membership-related news; it was a bumper edition which also contained a copy of our Q3 2020 report. Our team is looking forward to participating in the range of AustCyber CyberWeek2020 initiatives taking place next week; as well as supporting the Inaugural AHECS Cybersecurity Summit “Bridging the Gap” in early November. Last but not least, don’t forget to complete the 2020 BDO in Australia and AUSCERT Cyber Security Survey. This anonymous survey closes at midnight next Friday, 30 October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches. Until next week, have a wonderful weekend everyone. Google releases Chrome security update to patch actively exploited zero-day Date: 2020-10-20 Author: ZDNet [Refer to AUSCERT bulletin ESB-2020.3611] Google has released Chrome version 86.0.4240.111 earlier today to deploy security fixes, including a patch for an actively exploited zero-day vulnerability. The zero-day is tracked as CVE-2020-15999 and is described as a memory corruption bug in the FreeType font rendering library that’s included with standard Chrome distributions. Cisco warns of attacks targeting high severity router vulnerability Date: 2020-10-20 Author: Bleeping Computer [Refer to AUSCERT bulletin ESB-2020.0424.10] Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug Date: 2020-10-16 Author: Bleeping Computer The U.K. National Cyber Security Centre (NCSC) today issued an alert highlighting the risks behind the recently addressed CVE2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server. NCSC, the cybersecurity arm of the UK’s GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts. Watch out for Emotet malware’s new ‘Windows Update’ attachment Date: 2020-10-18 Author: Bleeping Computer The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim’s computer, which uses the computer to send spam email and ultimately leads to a ransomware attack on a victim’s network. Big engineering consultancy takes a hit from REvil ransomware Date: 2020-10-22 Author: iTWire The Meinhardt Group, an engineering consultancy with 51 offices worldwide and 5000 employees, appears to have been attacked by a group using the REvil ransomware last month. The group has offices in Greater China, United Kingdom, India, Pakistan, Singapore, Malaysia, Indonesia, Thailand, Vietnam, the Philippines, the Middle East and Africa, according to information on its website. The group says that, by revenue, it is ranked among the largest independent engineering consulting firms globally. ESB-2020.3611 – Google Chrome: Multiple vulnerabilities The new stable desktop release for Google Chrome patches a zero-day exploit, as seen above it has made the news cycle. ESB-2020.0424.10 – UPDATE ALERT Cisco products using Cisco Discovery Protocol: Multiple vulnerabilities As mentioned above Cisco has warned that CVE-2020-3118 is being actively targeted in the wild. ASB-2020.0176 – ALERT Oracle MySQL Products: Multiple vulnerabilities Part of Oracle’s quarterly patch day this contains a CVE rated at 9.8 that can result in a total takeover of a MySQL cluster. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 16th October 2020 Greetings, This week, our Senior Manager Mike Holm joined a number of panel members from Baidam Solutions Pty Ltd and Vectra AI to discuss the topic of “Network Detection and Response”. This event was held in conjunction with the annual Australian Indigenous Business Month. A recording of this thought-leadership panel discussion can be found here. For those of you who missed out on attending AUSCERT2020, good news – content from the conference can now be found on the AUSCERT YouTube channel. Look out for the “AUSCERT2020” playlist to browse through all the presentations we’ve uploaded on there for your viewing pleasure. In addition to this, we’ve also published a couple of blog articles from the winners of our annual awards at the conference. These can be found here, with more to come in the following weeks! Members, keep an eye out for a copy of our October edition of the AUSCERT membership newsletter aka “The Feed”, landing in your inbox early next week. We will be sharing a bumper edition which will also contain a copy of our Q3 2020 report. Last but not least, don’t forget to complete the 2020 BDO in Australia and AUSCERT Cyber Security Survey. This anonymous survey closes at midnight on Friday, 30th October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches. Until next week, have a wonderful weekend everyone. … Microsoft October 2020 Patch Tuesday fixes 87 vulnerabilities Date: 2020-10-13 Author: ZDNet [Please refer to AUSCERT bulletin ASB-2020.0161, member portal login required] Microsoft has released today its monthly batch of security updates known as Patch Tuesday, and this month the OS maker has patched 87 vulnerabilities across a wide range of Microsoft products. By far, the most dangerous bug patched this month is CVE-2020-16898. Described as a remote code execution (RCE) vulnerability in the Windows TCP/IP stack, this bug can allow attackers to take over Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer via a network connection. Microsoft and others orchestrate takedown of TrickBot botnet Date: 2020-10-12 Author: ZDNet A coalition of tech companies has announced today a coordinated effort to take down the backend infrastructure of the TrickBot malware botnet. Companies and organizations which participated in the takedown included Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec. Iranian hackers restart attacks on universities as the new school year begins Date: 2020-10-14 Author: ZDNet A group of Iranian hackers with a history of attacking academic institutions have come back to life to launch a new series of phishing campaigns, security firm Malwarebytes said today. The new attacks were timed to coincide with the start of the new academic years when both students and university staff were expected to be active on university portals. The attacks consisted of emails sent to victims. Known as “phishing emails,” they contained links to a website posing as the university portal or an associated app, such as the university library. The websites were hosted on sites with lookalike domains, but in reality, collected the victim’s login credentials. The most common malicious email attachments infecting Windows Date: 2020-10-11 Author: Bleeping Computer To stay safe online, everyone needs to recognize malicious attachments that are commonly used in phishing emails to distribute malware. When distributing malware, threat actors create spam campaigns that pretend to be invoices, invites, payment information, shipping information, eFaxes, voicemails, and more. Included in these emails are malicious Word and Excel attachments, or links to them, that when opened and macros are enabled, will install malware on a computer. Malware gangs love open source offensive hacking tools Date: 2020-10-13 Author: ZDNet In the cyber-security field, the term OST refers to software apps, libraries, and exploits that possess offensive hacking capabilities and have been released as either free downloads or under an open source license. OST projects are usually released to provide a proof-of-concept exploit for a new vulnerability, to demonstrate a new (or old) hacking technique, or as penetration testing utilities shared with the community. Today, OST is one of the most (if not the most) controversial topics in the information security (infosec) community. ASB-2020.0161 – ALERT Windows: Multiple vulnerabilities Microsoft’s Patch Tuesday included fixes for multiple vulnerabilities ASB-2020.0167 – Microsoft Dynamics 365 (on-premises): Multiple vulnerabilities October 2020 patch by Microsoft resolves 3 vulnerabilities in Microsoft Dynamics 365 (on-premises) ESB-2020.3511 – Adobe Flash Player: Multiple vulnerabilities Adobe Flash Player updates for Windows, macOS, Linux and Chrome OS address a critical vulnerability in Adobe Flash Player ESB-2020.3531 – chromium-browser: Multiple vulnerabilities Update for chromium-browser fixes multiple vulnerabilities Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 9th October 2020 Greetings, This week our team participated in the 2020 ASEAN CERT Incident Drill which was organised by colleagues from the Cyber Security Agency of Singapore (CSA). The theme was especially pertinent this year – “Malware Campaign Leveraging the Pandemic Situation” – and we look forward to further collaborations with CSA and the wider CERT community in the future. These drill exercises are an integral part of our staff training and development initiatives and we are grateful for the opportunity to be involved. Next Tuesday 13th October at 11AM AEDT, tune in to the following thought leadership panel discussion as our Senior Manager Mike Holm joins a number of panel members from Baidam Solutions Pty Ltd and Vectra AI to discuss the topic of “Network Detection and Response”. This event is being held in conjunction with the annual Australian Indigenous Business Month. Moderated by CISO, author and influencer Claire Pales – this should be a good one! Last but not least, don’t forget to complete the 2020 BDO in Australia and AUSCERT Cyber Security Survey. This anonymous survey closes at midnight on Friday, 30 October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches. Until next week, have a wonderful weekend everyone. Ransomware: Surge in attacks as hackers take advantage of organisations under pressure Date: 2020-10-08 Author: ZDNet Cyber criminals are doubling down on ransomware attacks, deploying more sophisticated campaigns at a time when remote working is already creating additional security challenges for businesses. All the tech in the 2020 federal budget Date: 2020-10-07 Author: iTnews Hundreds of millions of dollars flows to IT. Government agencies have scored funding for a range of projects in this year’s pandemic-dominated federal budget, with significant money flowing to all the usual suspects. The centrepiece is a half a billion dollar investment for Services Australia to complete its massive Centrelink IT overhaul, which began more than five years ago. The funding brings the project’s budget to more than $1.1 billion over nine years. Cybercriminals Have Shifted Their Attack Strategies. Are You Prepared? Date: 2020-10-05 Author: Security Week Recent threat research shows that during the first six months of 2020, cybercriminals adapted their usual attack strategies to take advantage of the global pandemic and target the expanded attack surface created by the dramatic shift to remote workers. Understanding this trend is critical for security teams tasked with identifying threats and properly securing networks. ESB-2020.3464 – chromium-browser: Multiple vulnerabilities Updates for the world’s most popular browser. ESB-2020.3459 – thunderbird: Multiple vulnerabilities Multiple thunderbird issues fixed. ESB-2020.3453 – Android: Multiple vulnerabilities Latest Android security patches released. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 02nd October 2020 Greetings, And just like that, we’ve landed in the final quarter of 2020. This week we would like to share a couple of initiatives from colleagues in the industry, namely: · AustCyber and their Australian Cyber Week 2020 range of events which will take place at the end of this month between 26th to 30th October. · AHECS and their inaugural AHECS Cybersecurity Summit, which is a conference with a focus on the higher education & research, as well as identity management & privacy communities. We also wanted to bring to your attention a recent alert published by the ACSC (cyber.gov.au) on the topic of an observed resurgence of the Emotet malware campaign. Have a read and please do not hesitate to get in touch with our team should you require any assistance in this area. For those of you who took the time to complete our AUSCERT Security Bulletins survey – thank you! The team is currently working through the feedback you’ve provided and the results will be used to strengthen our delivery of this particular service and will be part of a long-term service improvement project. Last but not least, don’t forget to complete the 2020 BDO in Australia and AUSCERT Cyber Security Survey. This anonymous survey closes at midnight on Friday, 30 October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches. Until next week, have a wonderful weekend everyone. Government’s cyber pledge has largely failed to increase awareness Date: 2020-09-30 Author: CRN Australia The federal government’s decision to spend $1.6bn boosting Australia’s ability to repel cyber-attacks might have highlighted the risks they pose to the economy, but security partners say that some customers still struggle to understand the scale of the threat and manage it appropriately. It was a trend that generally became more pronounced as businesses diminished in size, they said. However, even in larger organisations, board level support for company-wide measures to tackle cyber security breaches was still far from universal as cyber leaders continued to grapple with stubborn communication barriers. Microsoft Netlogon exploitation continues to rise Date: 2020-10-28 Author: Talos Intelligence Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which — among other things — can be used to update computer passwords by forging an authentication token for specific Netlogon functionality. This flaw allows attackers to impersonate any computer, including the domain controller itself and gain access to domain admin credentials. Airports, ATMs, hospitals: Microsoft Windows XP leak would be less of an issue, if so many didn’t use it Date: 2020-10-30 Author: The Conversation The source code of the Windows XP operating system is now circulating online as a huge 43GB mega-dump. Although the software is nearly two decades old, it’s still used by people, businesses and organisations around the world. This source code leak leaves it open to being scoured for bugs and weaknesses hackers can exploit. Microsoft disrupts nation-state hacker op using Azure Cloud service Date: 2020-10-25 Author: Bleeping Computer In a report this week, Microsoft said that it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks. Microsoft refers to the actor by the name Gadolinium and says that it’s been active for about a decade targeting organizations in the maritime and health industry; more recently, the hackers expanded focus to higher education and regional government entities. WA govt creates first cyber security operations centre Date: 2020-10-29 Author: ITnews The WA government has established a cyber security operations centre to coordinate its response to cyber security incidents and improve visability over the network threats facing agencies. The government launched the centre, complete with eight cyber security personnel, on Tuesday using $1.8 million set aside in next week’s 2020-21 state budget. Wondering how to tell the world you’ve been hacked? Here’s a handy guide from infosec academics Date: 2020-10-24 Author: theregister.com Infosec boffins at the University of Kent have developed a “comprehensive playbook” for companies who, having suffered a computer security breach, want to know how to shrug off the public consequences and pretend everything’s fine. In a new paper titled “A framework for effective corporate communication after cyber security incidents,” Kent’s Dr Jason Nurse, along with Richard Knight of the University of Warwick, devised a framework for companies figuring out how to publicly respond to data security breaches and similar incidents where servers are hacked and customer records end up in the hands of criminals. GitHub rolls out new Code Scanning security feature to all users Date: 2020-10-30 Author: ZDNet Code-hosting website GitHub is rolling out today a new security feature named Code Scanning for all users, on both paid and free accounts. GitHub says the new Code Scanning feature “helps prevent vulnerabilities from reaching production by analyzing every pull request, commit, and merge—recognizing vulnerable code as soon as it’s created.” Once vulnerabilities are detected, Code Scanning works by prompting the developer to revise their code. ESB-2020.3403 – firefox: Multiple vulnerabilities Red Hat’s updates include fixes for multiple vulnerabilities in Firefox. ESB-2020.3360 – NetworkManager: Reduced security – Existing account An update released for NetworkManager to address a Reduced Security vulnerability. ESB-2020.3343 – IBM Cloud Private: Multiple vulnerabilities IBM releases updates to address Kubernetes vulnerabilities. ASB-2020.0160 – Microsoft Edge (based on Chromium): Multiple vulnerabilities Microsoft updates its Edge browser to include security fixes from the upstream Chromium project. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 25th September 2020 Greetings, We hope everyone’s been enjoying the Spring weather we’ve had recently! For those of you who attended our AUSCERT2020 conference last week, you can revisit the conference’s key learnings by re-watching the presentations on-demand on our now LIVE website. Please keep an eye out for an email that was sent earlier today with the specific details on how to access this resource page. A common theme throughout last week was just how much delegates enjoyed the ability to remain connected with their network of industry peers despite the circumstances this year. We hope you enjoyed your conference experience and we look forward to having you join us again at AUSCERT2021. Last but not least, it’s that time of the year again folks – the 2020 BDO in Australia and AUSCERT Cyber Security Survey is now open. This annual survey of key decision-makers across Australia and New Zealand, identifies the current cybersecurity trends, issues and threats facing organisations. We would like to encourage as many of you as possible to take part now. This anonymous survey closes at midnight on Friday, 30 October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches. Until next week, have a restful weekend everyone. … Microsoft: Hackers using Zerologon exploits in attacks, patch now! Date: 2020-09-23 Author: BleepingComputer [Please refer to AUSCERT Bulletin ASB-2020.0140, member portal login required] Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates. Researchers say not to use myGovID until login flaw is fixed Date: 2020-09-21 Author: iTnews ATO declines to change protocol. Two security researchers are warning Australians not to use myGovID as they say the login system contains an implementation flaw that could lead to attackers gaining full access to their accounts. Masters student Ben Frengley and adjunct professor Vanessa Teague created a threat scenario in which an attacker sets up sites that they control and asks users to log into them with myGovID. In the scenario, the attacker captures the email address of the user and then immediately uses it to try to log into an official government portal. The official portal displays a 4-digit PIN that the attacker then relays back to the user via the controlled site. Popular password manager could have a critical vulnerability Date: 2020-09-22 Author: TechRadar A security researcher has discovered a new vulnerability in a popular password manager that could allow for remote code execution. The password manager in question is Bitwarden and the vulnerability resides in the company’s desktop app which automatically downloads updates and replaces its own code with these updates without user intervention. Australians want more control over privacy, survey shows Date: 2020-09-24 Author: Office of the Australian Information Commissioner (OAIC) Privacy is a major concern for 70% of Australians while 87% want more control and choice over the collection and use of their personal information, a new study shows. The Australian Community Attitudes to Privacy Survey (ACAPS) 2020 released today provides a comprehensive view of beliefs and concerns about the protection of personal information. “Our survey shows data privacy is a significant concern for Australians, particularly as the digital environment and data practices evolve rapidly. The community sees identity theft and fraud, and data breaches and security, as the biggest privacy risks we face today.” Phishing awareness training wears off after a few months Date: 2020-09-21 Author: ZDNet Security and phishing awareness programs wear off in time, and employees need to be re-trained after around six months, according to a paper presented at the USENIX SOUPS security conference last month. The purpose of the paper was to analyze the effectiveness of phishing training in time. Taking advantage of the fact that organizations in the German public administration sector must go through mandatory phishing awareness training programs, academics from several German universities surveyed 409 of 2,200 employees of the State Office for Geoinformation and State Survey (SOGSS). ESB-2020.3307 – Apple: Multiple vulnerabilities Apple releases updates for macOS Catalina, High Sierra and Mojave ESB-2020.3233 – Google Chrome: Multiple vulnerabilities Updates released to address the multiple vulnerabilities in Google Chrome ESB-2020.3226 – MISP: Multiple vulnerabilities A new version of MISP released with several bugs fixed ESB-2020.3188 – Samba: Multiple vulnerabilities An update has been released to fix multiple vulnerabilities in Netlogon protocol Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 18th September 2020 Greetings, What a week it was! We took on uncharted territory this year by hosting our 19th annual conference, AUSCERT 2020 – virtually. While it mimicked an in-person event in so many ways (think: tech glitches and hiccups), our team is so very proud to have been able to deliver the conference nevertheless. We trust that you enjoyed your delegate experience and don’t forget to save the dates for next year as we look forward to seeing everyone SOAR with cyber. We would like to take this opportunity to congratulate our 2020 Australian Information Security Awards winners again: • Member Organisation of the Year: Federation University • Member Individual of the Year: Rachael Leighton from the Department of Premier and Cabinet, Victorian Government • Information Security Excellence Winner: Michelle Price from AustCyber Congratulations on their very deserving awards and we hope to continue working together in fostering our cyber and information security community. Members, don’t forget that we are extending the closing date of the AUSCERT Security Bulletins survey (member portal login required) to the close of business today. Every completed survey will go in the draw to win Nintendo Switch Lite console, valued at AU$299. Until next week, have a restful weekend everyone. … New privacy resource: When do Australian Government agencies need to conduct a privacy impact assessment? Date: 2020-09-14 Author: Office of the Australian Information Commissioner (OAIC) The Office of the Australian Information Commissioner (OAIC) has released a privacy resource to assist Australian Government agencies to determine when they need to conduct a privacy impact assessment. Govt systems to be classed critical infrastructure under cyber reforms Date: 2020-09-14 Author: IT News Select federal government systems and networks will be classified critical infrastructure alongside nationally significant private sector systems, Home Affairs boss Mike Pezzullo has revealed. Pending the passage of amendments to the Act and the co-design of sector-specific standards, the government expects the new cyber security obligations to come into effect in mid-2021. Office 365 will let users view their quarantined phishing messages Date: 2020-09-11 Author: Bleeping Computer Microsoft is planning to allow Office 365 users to view and request the release of phishing messages automatically quarantined by the Exchange Online Protection (EOP) filtering stack. This new capability is designed to make it possible for end-users to reclaim e-mails that have been accidentally marked as phishing or spam messages by Office 365 EOP. Attacked by ransomware? Five steps to recovery Date: 2020-09-15 Author: Help Net Security Ransomware has been noted by many as the most threatening cybersecurity risk for organizations, and it’s easy to see why: in 2019, more than 50 percent of all businesses were hit by a ransomware attack – costing an estimated $11.5 billion. In the last month alone, major consumer corporations, including Canon, Garmin, Konica Minolta and Carnival, have fallen victim to major ransomware attacks, resulting in the payment of millions of dollars in exchange for file access. While there is a lot of discussion about preventing ransomware from affecting your business, the best practices for recovering from an attack are a little harder to pin down. Govt elevates consent in proposed public data sharing laws Date: 2020-09-17 Author: ITNEWS Federal government agencies will need to seek consent before releasing personal information to other governments and the private sector if it feasible to do so under proposed public sector data sharing laws. An exposure draft of the Data Availability and Transparency Bill, published this week, reveals a change to the Office of National Data Commissioner (ONDC) policy position that embeds consent within one of five data sharing principles. ESB-2020.3181 – iOS & iPadOS: Multiple vulnerabilities Apple releases updates to address issues in iOS & iPadOS ESB-2020.3165 – McAfee Email Gateway: Multiple vulnerabilities Email Gateway update fixes path traversal vulnerability ESB-2020.3128 – McAfee Agent: Multiple vulnerabilities McAfee Agent update fixes four vulnerabilities in Windows and MacOs ESB-2020.3175 – Drupal: Multiple vulnerabilities Updates released to fix the multiple vulnerabilities identified in Drupal Core ESB-2020.3151 – mysql:8.0: Multiple vulnerabilities An update for the mysql:8.0 module is released for Red Hat Enterprise Linux 8 Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 11th September 2020 Greetings, It seemed like ages ago when we announced that AUSCERT2020 will be moved to a virtual platform. Here we are, tutorials kick off in just 4-sleeps on Tuesday 15th September! Delegates, you would have received a unique targeted email featuring specific areas within our conference program over the past few days this week. Be sure to catch up on those to maximise your delegate experience. We covered the following areas of the conference: Interactive activities, Speakers and Keynotes, Program and Social Activities, Sponsor thank-you, and Delegate Experience. This week also saw us acknowledging R U OK Day and we realise the question is heavier this year. Sharing this blog piece from our conference charity partner LIVIN here. Members, don’t forget that we are extending the closing date of the AUSCERT Security Bulletins survey (member portal login required) to 5.00pm AEST on Friday 18th September. Every completed survey will go in the draw to win a Nintendo Switch Lite console, valued at AU$299. Until next week, we hope to catch up with as many of you as possible virtually at AUSCERT2020, “We Can be Heroes”. Have a great weekend everyone! … Universities are a juicy prize for cyber criminals. Here are 5 ways to improve their defences Date: 2020-09-08 Author: The Conversation [Dr David Stockdale, AUSCERT Director and Deputy Director of Infrastructure Operations Information Technology Services at The University of Queensland, co-authored this article.] Universities worldwide are a growing target for hackers. A July 2020 report by cybersecurity company Redscan found more than 50% of UK universities recorded a data breach in the previous 12 months. More recently, a data breach has affected 444,000 users of ProctorU. Universities, including several Australian ones, use this online tool to supervise students sitting exams from home. Personal records from ProctorU were made available on hacker forums. What can unis do to improve cybersecurity? Patch Wednesday fixes ‘worst-case scenario’ Exchange bug Date: 2020-09-09 Author: IT News Today’s regular set of security updates for Microsoft products fixes 23 critical and 105 important flaws, including a serious vulnerability in Exchange Server that is remotely exploitable. Dustin Childs of the Zero Day Initiative noted the vulnerability allows an attacker to run code at the high-privilege SYSTEM user level, simply by sending a specially crafted email to an unpatched Exchange server. Australian cyber companies collaborate on online training program for Defence Force Date: 2020-09-07 Author: iTWire A group of Australian sovereign cyber companies are claiming an Australia-first collaboration to create a successful pilot of a fully online, collective cyber training program for the Australian Defence Force. The companies – Cydarm, Elttam, Penten and Retrospect Labs – each with expertise in niche cyber technology, came together to tailor a solution for the ADF on FifthDomain’s cyber training platform. Newcastle Uni Ransomware Attack Will “Take Weeks” to Mitigate Date: 2020-09-08 Author: Infosecurity Magazine A leading UK university has warned staff and students that it will take weeks to recover from a recent ransomware incident, with a well-known threat group already posting stolen documents. Newcastle University in the north-east of England is part of the elite Russell Group. It claimed to have been attacked on August 30 2020 with most university systems unavailable or restricted indefinitely. “The nature of the problem means this is an on-going situation which we anticipate will take a number of weeks to address,” it said in an update on Monday. “We hope to have a better estimate at the end of this week.” Cybersecurity 101: Protect your privacy from hackers, spies, and the government Date: 2020-09-09 Author: ZDNet Privacy used to be considered a concept generally respected in many countries — at least, in the West — with a few changes to rules and regulations here and there often made only in the name of the common good. Things have changed, and not for the better. China’s Great Firewall, the UK’s Snooper’s Charter, the US’ mass surveillance and bulk data collection — compliments of the National Security Agency (NSA) and Edward Snowden’s whistleblowing — Russia’s insidious election meddling, and countless censorship and communication blackout schemes across the Middle East are all contributing to a global surveillance state in which privacy is a luxury of the few and not a right of the many. ASB-2020.0158 – Microsoft Exchange Server: Execute arbitrary code/commands – Existing account Microsoft’s Patch Tuesday included fixes for a vulnerability in Exchange Server ASB-2020.0156 – Internet Explorer & ChakraCore: Multiple vulnerabilities Microsoft released an update that resolves 6 vulnerabilities in Internet Explorer & ChakraCore ESB-2020.3108 – Threat Intelligence Exchange Server: Multiple vulnerabilities McAfee Threat Intelligence Exchange Server update includes fixes for five third-party vulnerabilities ESB-2020.3096 – Intel BIOS firmware: Multiple vulnerabilities Security vulnerabilities in BIOS firmware for multiple Intel platforms allow escalation of privilege, denial of service and/or information disclosure. ESB-2020.3095 – IBM Security Access Manager for Enterprise Single Sign-On: Multiple vulnerabilities Security Vulnerability has been identified in Apache Batik used by IBM WebSphere Application Access Manager for Enterprise Single Sign-On Stay safe, stay patched and have a good weekend! Vishaka

AUSCERT Week in Review for 4th September 2020 Greetings, This week, the team made headlines with our research piece on a data dump claimed to be from the Department of Education, which turned out to be low-threat info from a third-party company. Members, don’t forget that we are extending the closing date of the AUSCERT Security Bulletins survey (member portal login required) to 5.00pm AEST on Friday 18th September. Every completed survey will go in the draw to win Nintendo Switch Lite console, valued at AU$299. As promised, we announced our AUSCERT2020 partnership with LIVIN.org, an organisation focussed on “Breaking the stigma of mental health.” In 2020, all revenue raised through our general admission registration sales for AUSCERT2020 will be donated directly to a chosen charity. As an organisation, AUSCERT has always felt strongly about the effects of mental health in the cyber and information security industry and are proud to utilise this opportunity to contribute towards a very worthy cause. Word on the street also has it that our various delegate swag bags are making their way this week to the first 600 registered delegates with an Australian address. We hope you love the items included in the swag bag and have to thank our wonderful sponsors. Until next week, take care – don’t forget to spoil your awesome dads (Father’s Day on Sunday 6 September!) and have a great weekend everyone. David Lord, former team lead: On another note, I’m leaving AUSCERT today. I’m ADIR’s original creator and editor, although in recent times our comms expert Laura has taken the helm. It has been a pleasure to build and shape this service. Members sometimes send notes of thanks for our emphasis on concise but informative summaries, and that’s high praise indeed. I’ll certainly be staying subscribed 😉 Large Australian education data leak traced to third-party service Date: 2020-09-02 Author: iTnews An online maths resource with a large Australian user base appears to be behind a large-scale leak of data touted online as a dataset belonging to the “Australian department of education”. Images of the dataset purporting to contain the data of an unknown number of individuals, including those with vic.edu.au and wa.edu.au email addresses, emerged on Tuesday night. Alon Gal, chief technology officer at cyber security intelligence firm Hudson Rock, claimed the dataset belonged to the “Australian Department of Education”, which does not exist. AUSCERT says alleged DoE hack came from a third-party Date: 2020-09-02 Author: ZDNet In a statement posted on its website, AUSCERT said that after analyzing the data with cyber-security firm Cosive, it determined that the leaked data originated from K7Maths, an online service providing school e-learning solutions. AUSCERT is now urging Australian schools to check if their staff are using the K7Maths service for their daily activities, and take appropriate measures, such as resetting the teacher and students’ password, in case they had re-used passwords across other internal applications. SendGrid under siege from hacked accounts Date: 2020-08-29 Author: Krebs on Security Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. [AUSCERT can empirically confirm that we see this daily.] Over 54,000 scanned NSW driver’s licences found in open cloud storage Date: 2020-08-28 Author: iTnews Tens of thousands of scanned NSW driver’s licenses and completed tolling notice statutory declarations were left exposed on an open Amazon Web Services storage instance, but Transport for NSW doesn’t know how the sensitive personal data ended up in the cloud. The open AWS S3 bucket was found by Bob Diachenko of Security Discovery, as part of an investigation into another data breach. “All the documents I observed were related to the NSW area and there was no indication as to who might be the owner of the data,” Diachenko told iTnews. ESB-2020.3001 – Django: Multiple vulnerabilities Filesystem permissions meant that a malicious local user had more access than they should. ESB-2020.2976 – Bacula: Denial of service It’s just a cool name for a backup service. ESB-2020.3028 – GitLab: Access confidential data GitLab’s packaging woes continued as they released another security release which excluded the security fixes, and then another hasty release to include them. If you’re using v13.3.3, v13.2.7 or v13.1.9, you should update. ESB-2020.3006 – Ansible: Multiple vulnerabilities (RCE) Another user/admin can manipulate the package store, and ansible will install packages that have been altered but won’t know or report it – so the deployment/config/ansible workflow/admin will not be aware of the compromise. Stay safe, stay patched and have a good weekend! David

AUSCERT Week in Review for 28th August 2020 Greetings, Members, this week we informed everyone that we are extending the closing date of the AUSCERT Security Bulletins survey (member portal login required) to 5.00pm AEST on Friday 18th September. Every completed survey will go in the draw to win a Nintendo Switch Lite console, valued at AU$299. As we approach the AUSCERT2020 conference, we would like to take this opportunity to remind everyone of our program offerings, speakers list as well as all the interactive activities that will be on offer during the conference. Registrations for the conference are still open but with very limited spaces remaining so be sure to spread the word amongst your professional network so they don’t miss out. In 2020, all revenue raised through our general admission registration sales will be donated directly to a chosen charity. We will be announcing this charity early next week. We’re very much looking forward to catching up with as many of you as possible in mid-September – albeit virtually! Until next week, take care and have a great weekend everyone. ASIC sues financial services company for repeated hacks Date: None Author: iTnews The Australian Securities and Investments Commission today said it has taken RI Advice Group to court for cyber security failings that led to its systems being hacked for months on end, and on multiple occasions. In its notice of filing, the regulator says RI is required to establish and maintain compliance measures, as an Australian financial services licence holder. The unknown hacker obtained access via an FFG staff account, and spent more than 155 hours logged into the file server that contained senstiive financial information and client identification documents. MITRE Releases ‘Shield’ Active Defense Framework Date: None Author: Dark Reading MITRE Corp. has released a new guide cataloging measures that organizations can take to actively engage with and counter intruders on their networks. Like MITRE’s widely used ATT&CK framework, which offers a comprehensive listing of attacker behavior, the federally funded organization’s new Shield is a publicly availably knowledge base, this time of tactics and techniques for proactive defense. NZ stock exchange suffers outages due to DDoS attacks Date: None Author: iTWire New Zealand’s stock exchange has been hit by a distributed denial of service attack on Wednesday morning which forced the exchange to go offline for about an hour. The New Zealand Herald reported that the exchange had gone down at 11.24am local time (9.24am AEDT) on Wednesday and resumed operations at 12.20pm. On Tuesday evening, the exchange could not operate during its last hour, due to a similar reason. This outage happened as the exchange was approaching a record closing. Elon Musk confirms Russian hacking plot targeted Tesla factory Date: None Author: ZDNet Earlier this week, US authorities arrested and charged a Russian national for traveling to the US to recruit and convince an employee of a Nevada company to install malware on their employer’s network in exchange for $1 million. While no court indictment named the targeted company, several news outlets specialized in covering the electric cars scene speculated today that the attack had very likely targeted US carmaker Tesla, which operates a mega-factory in Sparks, a town new Reno, Nevada. While Tesla had not returned requests for comment on the topic, in a tweet earlier today, Tesla CEO Elon Musk officially confirmed that the hacking plot did, indeed, target his company. New Zealand bourse crashes for fourth day after cyber attacks Date: None Author: iTnews New Zealand’s stock exchange crashed for a fourth day on Friday, due to network connectivity issues relating to two cyber attacks targeted at the bourse this week, bourse operator NZX said. There is no clarity on who is behind these “offshore” attacks and why New Zealand was targeted. ASB-2020.0148 – AUSCERT member survey: security bulletins If you only read one bulletin this week, read this one. Tell us what you want from the service and we’ll enter you in the draw for a Nintendo Switch Lite, which will make you very cool with people in the 8-12yr age bracket. ESB-2020.2898 – MongoDB: Denial of service – existing account An authorised user could misuse the function to compare two geographic points. ESB-2020.2899 – QEMU: Multiple vulnerabilities Everyone’s favourite free and open-source hardware virtualiser. Stay safe, stay patched and have a good weekend! The AUSCERT team