Publications

BSides Melbourne is a not-for-profit event that is wholly run by volunteers for the benefit of the community. It’s a community-driven conference that encourages and welcomes first-time speakers and students along with industry professionals, experienced and new alike! AUSCERT was delighted to sponsor the event, providing the tote bags for all attendees to fill with the array of goodies on offer. Some of the AUSCERT team ventured south to participate in the long-awaited (thanks to COVID delays) BSides Melbourne 2022. The following is an account of events from one of our Analysts, Vishaka. Day 1 The conference started with Joff Thyer’s keynote presentation that told of his inspirational journey in Information Security. He highlighted the key skills and qualities for a successful 21st-century career with my main takeaways from his speech being: If you make a mistake, do not walk away from it but take the owners of it and learn from it. Learn a programming language (he specifically mentioned Python) Afterwards, Mike Pritchard and Shanna Daly showcased how the craft of traditional espionage maps to the modern cyber world. Mike who is a passionate collector of historical espionage presented his extensive collection of spy gadgets – I found this to be super cool! I then made my way to a presentation about the data leak published on Twitter about the Conti ransomware gang that uses Ransomware as Service (RaaS). The presentation by Thomas Roccia, a Senior Security Researcher at Microsoft, highlighted how the leaked chat logs revealed private discussions between Conti members and how the data provided a unique insight into the inner workings of the group. I next ventured to Data, Demogorgons and the Upside-down world… and a Battleforce Angel by Tara Dharnikota which discussed data breaches and data thefts. Specifically, how it gets sold and distributed on darknet forums and marketplaces. Tara also emphasized the power of OSINT and how it can be used for the good. One of my favourites of the day was the talk by Jo, “How to (almost) get a DEFCON black badge”. She is the runner-up of The DefCon Social Engineering CTF (SECTF) competition and shared her experience at the 2019 SECTF in the battle for the DefCon Black badge. The last talker of the day was Emerald Sage who spoke about APT Catfishing and demonstrated how Open Source Intelligence tools and techniques can reconstruct the APT actor playbook for engineering and executing catfishing facilitated attacks. Day 2 Laura Bell kicked off the second day with a talk that demonstrated how proximity affects human behaviour, and how we as a cyber security community can embrace this knowledge to secure an entire country. My quest for knowledge and insight delivered me to “The Socio-Economic Impact of Women in Tech” by Kathy Robins. In this fascinating talk, she discussed the lack of female participation in the technical fields within the cyber security sector and STEM and how it creates a ripple effect throughout the development of technologies, systems and services.

Greetings, The Asia Pacific Computer Emergency Response Team (APCERT) recently conducted its annual drill, a means of maintaining and improving awareness and skills within the cyber security community through this collaborative undertaking. The APCERT drill aims to maintain and progress internet security and safety with the exercise, allowing participants to improve communication protocols, technical responses, and the overall quality of incident responses. Our recent blog provides insight into what took place and what was learnt, including solutions to real-world situations and challenges. You can read more about this year’s APCERT Cyber Drill HERE. R U OK? Day was held yesterday, September 8, which promoted the power and importance a question can have. It has been demonstrated that a conversation can change a life and we at AUSCERT had one of our own with Dr Carla Rogers. A renowned Holistic Psychologist, Dr Rogers is featured in our latest episode of Share Today, Save Tomorrow where she discusses the connection between mind and body along with techniques to help individuals identify, treat and overcome challenges in the workplace. Lastly, AUSCERT is really interested in how you and your organisation use Cyber Threat Intelligence (CTI). We want to know about this to inform the services we provide to our members, and to ensure we’re doing the best we can to meet your needs. We’re running some short (1 hour) information gathering sessions via video conference so we can pick your brain about CTI. What’s in it for you? You’ll get to contribute your opinion about CTI so we can improve the services we provide to you and your organisation. You’ll have the opportunity to exchange information with other AUSCERT members and learn from their experiences. You’ll get the lovely warm* inner glow that comes from knowing you have performed a good deed by helping us help you. Please register your interest here. *Actual amount of warm inner glow varies from person to person. Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability Date: 2022-09-03 Author: The Hacker News [Refer to Security Bulletin ESB-2022.4344] Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022. New EvilProxy service lets all hackers use advanced phishing tactics Date: 2022-09-05 Author: Bleeping Computer A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. The service enables low-skill threat actors who don’t know how to set up reverse proxies to steal online accounts that are otherwise well-protected. Reverse proxies are servers that sit between the targeted victim and a legitimate authentication endpoint, such as a company’s login form. When the victim connects to a phishing page, the reverse proxy displays the legitimate login form, forwards requests, and returns responses from the company’s website. Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan Date: 2022-09-05 Author: The Hacker News The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. “This new dropper doesn’t rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware,” NCC Group’s Fox-IT said in a report. “Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.” The apps in question, Mister Phone Cleaner and Kylhavy Mobile Security, have over 60,000 installations between them and are designed to target users in Spain, Australia, Poland, Germany, the U.S., and Austria. Home Affairs Could Be Looking Into TikTok’s Data Practices Date: 2022-09-05 Author: Gizmodo Back in July, we brought it to your attention that an investigation found that using TikTok on your phone gives the app access to your personal information. A lot of it, in fact. Analysis by Australian cybersecurity firm Internet 2.0 found TikTok requests almost complete access to the contents of a phone while the app is in use. That data includes calendar, contact lists and photos. As a result, the Australian Department of Home Affairs is going to be looking into the data harvesting practices of both TikTok and WeChat. QNAP patches zero-day used in new Deadbolt ransomware attacks Date: 2022-09-05 Author: Bleeping Computer QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. The company has patched the security flaw but attacks continue today. “QNAP® Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet,” explains the security notice. Ransomware gang’s Cobalt Strike servers DDoSed with anti-Russia messages Date: 2022-09-07 Author: Bleeping Computer Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity. The operators of Conti ransomware completed turning off their internal infrastructure in May this year but its members have dispersed to other ransomware gangs, such as Quantum, Hive, and BlackCat. However, former Conti members continue to use the same Cobalt Strike infrastructure to conduct new attacks under other ransomware operations. Microsoft mistakenly rated Chromium, Electron, as malware Date: 2022-09-05 Author: The Register Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them. Numerous social media and forum posts made over the weekend detail how Windows has produced a warning of “Behavior:Win32/Hive.ZY” when users run everyday applications like Google’s Chrome browser or the Spotify music streamer. ESB-2022.4345 – WordPress: CVSS (Max): None WordPress has released WordPress 6.0.2 which includes 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. ESB-2022.4460 – Android OS: CVSS (Max): 9.8* Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. Google encourages all users to update to the latest version of Android where possible. ESB-2022.4472 – Linux kernel (Raspberry Pi): CVSS (Max): 8.2 Ubuntu reports the security issues detected in Linux kernel for Raspberry Pi systems can be fixed by applying the latest updates. Stay safe, stay patched and have a good weekend! The AUSCERT team

LISTEN HERE: AUSCERT “Share Today, Save Tomorrow”, Episode 15, Understanding Mental and Physical Wellbeing in The Workplace In this episode, AUSCERT features the following guests: Dr Carla Rogers – Holistic Psychologist Mike Holm, AUSCERT Anthony chats to Dr Carla Rogers about the connection between mind and body along with techniques to help individuals identify, treat and overcome challenges in the workplace. Later in the episode, Bek discusses with Mike AUSCERT’s return to travelling! Specifically, engaging with our members in order to understand their needs and what’s most important to them. This episode was hosted by Anthony Caruana and Bek Cheb. Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know! The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.

The Asia Pacific Computer Emergency Response Team (APCERT) recently conducted its annual drill, a means of maintaining and improving awareness and skills within the cyber security community through this collaborative undertaking. The theme for 2022 was “Data Breach through Security Malpractice” which focused on realistic, real world cyber security risks and incidents that could potentially result. AUSCERT Analyst Narayan Neupane said, “This year’s drill was about tracing a ransomware activity and tracing the uploaded file’s location via provided evidence. The drill focused on packet capture, email analysis, forensic investigation, and incident response.” He continued, “Whilst some activities performed in the drill are carried out more than others in our daily work, it’s important and worthwhile to be tested in unexpected ways – it reflects what happens in the real world!”. The experiences and tasks conducted by each participating team allow for knowledge sharing with no single CERT typically experiencing the same issues or providing like-for-like services. The APCERT drill aims to maintain and progress internet security and safety with the exercise providing participants with the chance to improve communication protocols, technical responses, and the overall quality of incident responses. “This year’s drill was tough but also, fun and there was a feeling of satisfaction once we were able to finish the drill successfully”, Narayan concluded. This year, 25 CSIRTs from 21 economies took part in the drill and although undertaken in a few hours, the lessons learned from the experience can provide benefits long after. As each drill typically requires six to eight months of planning and preparation, the 2023 APCERT Cyber Drill will soon be underway – the ongoing need for education and skill enhancement reflects the rapid development of the digital world we reside in and the threats we all face.

Greetings, It’s already September which seems to have arrived quicker than many of us expected. The AUSCERT team has already commenced planning for next year’s conference which, as we’ve experienced, will be upon us in no time. But let’s not get ahead of ourselves, this year’s conference is still fresh in the minds of many thanks to the fantastic array of speakers and activities. If you missed a presentation due to a clash or would like to revisit a standout speaker, head over to our YouTube channel and peruse the AUSCERT2022 playlist! One aspect of this year’s conference that was of special importance, was the number of female presenters. Yesterday, September 1st, was International Women In Cyber Day. An initiative aimed at promoting and supporting the advancement and support of women in cybersecurity. Whilst the day has passed, each opportunity to create a more diverse and inclusive workforce should be encouraged. If you’d like to learn more about how you can get involved, visit the Women In Cyber Day website. If you’re new to the world of cyber or, you have a curious mind and would like to learn more about information security principles, the next round of AUSCERT’s Intro to Cyber for IT Professionals training is taking place in late October. Facilitated by our Principal Analyst and a guest industry trainer, our two half-day courses are aimed at engaging attendees with interactive content and a focus on delivering effective training outcomes. You can view the full list of our 2022 training schedule HERE. Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers Date: 2022-08-29 Author: The Register A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. Atlassian has fixed the security holes, which are present in versions 7.0.0 to 8.3.0 of the software, inclusive. Luckily there are no known exploits in the wild. WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites Date: 2022-08-31 Author: Security Week The WordPress team this week announced the release of version 6.0.2 of the content management system (CMS), with patches for three security bugs, including a high-severity SQL injection vulnerability. Identified in the WordPress Link functionality, previously known as ‘Bookmarks’, the issue only impacts older installations, as the capability is disabled by default on new installations. However, the functionality might still be enabled on millions of legacy WordPress sites even if they are running newer versions of the CMS, the Wordfence team at WordPress security company Defiant says. Log4Shell legacy? Patching times plummet for most critical vulnerabilities – report Date: 2022-08-30 Author: The Daily Swig The rush to patch systems affected by the landmark Log4Shell vulnerability has coincided with a wider improvement in patching rates for the most critical flaws, a report has found. The remote code execution (RCE) flaw in Apache Log4j (CVE-2021-44228), the near-ubiquitous open source Java logging utility, sent organizations across the ecosystem scrambling to fix applications or patch systems after it emerged in December 2021. Okta Says Customer Data Compromised in Twilio Hack Date: 2022-08-29 Author: Security Week Identity and access management provider Okta said last week that customer mobile phone numbers and SMS messages containing one-time passwords (OTPs) were compromised during the recent Twilio cyberattack. In early August, enterprise communications firm Twilio announced that it was hacked after an employee fell victim to a phishing attack and provided their login credentials to a sophisticated threat actor. The incident resulted in attackers accessing information related to 163 Twilio customers, with secure communications firm Signal and Okta already confirming being impacted by the incident. Apple backports fix for actively exploited iOS zero-day to older iPhones Date: 2022-08-31 Author: Bleeping Computers Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices. This zero-day vulnerability is the same one Apple patched for macOS Monterey and iPhone/iPad devices on August 17, and for Safari on August 18. The flaw is tracked as CVE-2022-3289 and is an out-of-bounds write vulnerability in WebKit, the web browser engine used by Safari and other apps to access the web. Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition Date: 2022-08-29 Author: Security Week Software development and security solutions provider JFrog has disclosed the details of several vulnerabilities affecting the OPC UA protocol, including flaws exploited by its employees at a hacking competition earlier this year. OPC UA (Open Platform Communications United Architecture) is a machine-to-machine communication protocol that is used by many industrial solutions providers to ensure interoperability between various types of industrial control systems (ICS). JFrog’s researchers discovered several vulnerabilities in OPC UA and disclosed some of them at the Pwn2Own Miami 2022 competition in April, where participants earned a total of $400,000 for hacking ICS. Google Fixes 24 Vulnerabilities With New Chrome Update Date: 2022-09-01 Author: Dark Reading Google’s first stable channel version of Chrome 105 for Windows, Mac, and Linux, released this week, contained fixes for 24 vulnerabilities in previous versions of the software, including one “critical” flaw and eight that the company rated as being of “high” severity. A plurality — nine — of the security issues that Google addressed with Chrome 105 were so-called use-after-free vulnerabilities, or flaws that allow attackers to use previously freed memory spaces to execute malicious code, corrupt data, and take other malicious actions. Four of the patched vulnerabilities were heap buffer-overflows in various Chrome components, including WebUI and Screen Capture. Ubuntu Linux 18.04 systemd security patch breaks DNS in Microsoft Azure Date: 2022-08-30 Author: The Register Microsoft Azure customers running Canonical’s Ubuntu 18.04 (aka Bionic Beaver) in the cloud have seen their applications fail after a flawed security update to systemd broke DNS queries. The situation is as odd as it sounds: if you’re running Ubuntu 18.04 in an Azure virtual machine, and you installed the systemd 237-3ubuntu10.54 security update, you’ve probably found yourself unable to use DNS within the VM, which causes applications and other software relying on domain-name look-ups to stop working properly. ESB-2022.4225 – Linux kernel (AWS): CVSS (Max): 9.8 Ubuntu reports the security issues detected in Linux kernel for Amazon Web Services (AWS)can be fixed by applying the latest updates. ESB-2022.4243 – zlib: CVSS (Max): 9.8 A heap-based buffer overflow vulnerability in the inflate operation in zlib has been reported which, if exploited could result in denial of service or execution of arbitrary code.Debian recommends upgrading the zlib packages. ESB-2022.4273 – Moodle: CVSS (Max): 8.8 Moodle reports that they have upgraded their Mustache template library to the latest version which includes a fix for a security issue. ESB-2022.4294.2 – UPDATED ALERT GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 9.9 Gitlab has released its monthly security release for August for GitLab Community Edition (CE) and Enterprise Edition (EE) which contains important security fixes. Gitlab strongly recommends that all GitLab installations be upgraded to one of the recommended versions immediately. ESB-2022.4288 – Hitachi Energy MSM Product: CVSS (Max): 9.8* Hitachi Energy reports multiple open-source software related vulnerabilities in MSM version 2.2 and earlier and released mitigation information including security practices and firewall configurations to help protect process control networks from outside attacks. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Today, August 26, is Wear it Purple Day which is aimed at fostering supportive, safe, empowering, and inclusive environments for LGBTQIA+ youth. Founded in 2010, Wear it Purple has developed into an international movement in response to the challenges, obstacles, prejudice and dire situations queer youth face each day. There are events, training and educational tools amongst other resources aimed at raising awareness and promoting understanding at the Wear it Purple website that everyone can access and help be part of the change. Earlier this week, Google reported that it had blocked the largest Distributed Denial of Service, or DDoS, attack with over 46 million requests per second. A Senior Product Manager for Cloud Armor likened the attack to “receiving all the daily requests to Wikipedia – in just ten seconds”. The growth in DDoS attacks is on the rise with a 200+% increase in attacks thus far in 2022 and has progressed from being perceived as a minor nuisance to extremely sophisticated attacks. A recent blog explains what a DDoS is and, how it works. What commenced as a “hobby” twenty-five years ago on August 25, 1991, Linux is celebrating 31 years as a technological revolution! The importance of this innovation cannot be understated. It’s found in servers, desktop PCs, smartphones, routers and more. Even if a product isn’t deemed ‘Linux’, it’s quite likely that it was still influenced or affected by Linux along the path to its own creation. Lastly, today is also International Dog Day during which we celebrate all dogs, mixed breed and pure, with a focus on celebrating man’s best friend and encouraging adoption first rather than buying dogs from pet stores, backyard breeders or via the internet. If you already have a pet companion or are not quite ready to commit to a dog full time, there are plenty of ways to show your support and assist organisations like the RSPCA through volunteering, donating and even, fostering! Labor to overhaul national cyber security strategy Date: 2022-08-19 Author: Cyber Security Connect The Albanese government is set to reform former prime minister Scott Morrison’s $1.7 billion, 10-year cyber security strategy. As a top priority, Home Affairs Minister and Minister for Cyber Security Clare O’Neil has ordered her department to “recast the cyber security strategy” rushed out during the COVID-19 pandemic by the former prime minister in mid-2020. According to The Australian, Minister O’Neil outlined that the new strategy will be designed to focus on building closer links with Quad partners, the US, Japan and India, to accelerate the shift from ­reliance on China for critical technologies, amid concerns about Beijing’s global supply chain ­dominance. Google Blocks Record-Setting DDoS Attack That Peaked at 46 Million RPS Date: 2022-08-19 Author: Security Week In June 2022, Google mitigated a Layer 7 distributed denial-of-service (DDoS) attack that peaked at 46 million requests per second (RPS). Disclosed this week, this is the third HTTPS attack this year to reach tens of millions of RPS, after two lower-volume assaults were mitigated by Cloudflare. The first of them peaked at 15.3 million RPS, Cloudflare announced in April, while the second reached 26 million RPS, the web security company announced in June. Ransomware variants almost double in six months Date: 2022-08-22 Author: Security Brief Ransomware variants have almost doubled in the past six months, with exploit trends demonstrating the endpoint remains a target as work-from-anywhere continues, according to the latest semiannual FortiGuard Labs Global Threat Landscape Report. “Cyber adversaries are advancing their playbooks to thwart defence and scale their criminal affiliate networks,” says Derek Manky, chief security strategist and VP global threat intelligence, FortiGuard Labs. “They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment,” he says. ACCC warns of steady uptick in ‘Hi Mum’ message scams Date: 2022-08-23 Author: Cyber Security Connect More than 1,150 Australians have already fallen victim to the so-called “Hi Mum” scam in the first seven months of this year, with total reported losses of $2.6 million so far. Known as “Hi Mum” or “family impersonation” scams, victims are contacted most often through WhatsApp and text message by a scammer posing as a family member or friend. Following a significant rise in “Hi Mum” scams in recent months, Scamwatch is urging the public to be wary of phone messages from a family member or friend claiming they need help. Twitter savaged by former security boss Mudge in whistleblower complaint Date: 2022-08-23 Author: The Register Twitter’s former security chief Peiter “Mudge” Zatko accused the company and its board of directors of violating financial rules, of fraud, and of grossly neglecting its security obligations in a complaint to the US Securities & Exchange Commission, the Federal Trade Commission, and the US Justice Department last month. The Washington Post obtained and published a redacted copy of the complaint, which makes numerous allegations about occurrences and practices preceding and during Zatko’s time at the company, which ran from November 16, 2020 through January 19, 2022, when he was terminated by the new CEO Parag Agrawal. Zatko’s complaint was filed by nonprofit law firm Whistleblower Aid, which confirmed the authenticity of the Post’s republished document to The Register. ESB-2022.4149 – GitLab Community Edition (CE) and GitLab Enterprise Edition (EE): CVSS (Max): 9.9 A critical remote code execution vulnerability via Github Import has been fixed in the latest version of Github Enterprise Edition and Community Edition ESB-2022.4172 – Firefox: CVSS (Max): None Mozilla has fixed multiple vulnerabilities in its recent version of Firefox 104 ESB-2022.4177 – VMware Tools: CVSS (Max): 7.0 VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676) ESB-2022.4196 – Cisco FXOS and NX-OS Software: CVSS (Max): 8.8 A denial of service vulnerability affecting NX-OS and FXOS has been addressed by Cisco Systems Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This Sunday, August 21, marks the final day of this year’s National Science Week. An annual celebration of science and technology, it’s a great opportunity to imbue curious minds with knowledge and insights into a plethora of areas. Everything from agriculture, health and medicine, technology and the great expanse of space is available to explore, analyze, experience and challenge as we seek to understand, innovate, and transform. Learn more about what others are doing and what you can do by visiting the National Science Week website. The realm of cyber is one area that is constantly evolving and something that we here at AUSCERT like to maintain awareness of which, we then share with our members. A fantastic way to gain insights and understanding on an array of topics is through our podcast series, Share today, save tomorrow. With fourteen episodes currently available, you can select from several areas that may pique your interest including ‘ITOT Convergence’, ‘Strategic Resilience and Psychology in Cyber Security’ and our latest edition, ‘Diversity and Culture in Cyber Security’. Another means of seeking to understand is through the tried-and-true method of simply asking. The team at RMIT University are doing just that in their survey that seeks to gain a more accurate picture of the security industry in Australia. You can share your insights and experience to help expand and diversify the workforce and help understand and prepare for future challenges. Apple releases Safari 15.6.1 to fix zero-day bug used in attacks Date: 2022-08-18 Author: Bleeping Computer [See AUSCERT Security Bulletin ESB-2022.4103 for more information] Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs. The zero-day patched today (CVE-2022-32893) is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device. “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” warns Apple in a security bulletin released today. Google Chrome Zero-Day Found Exploited in the Wild Date: 2022-08-18 Author: Dark Reading [See AUSCERT Bulletins ESB-2022.4128 & ESB-2022.4102 for more information] A zero-day security vulnerability in Google’s Chrome browser is being actively exploited in the wild. The Internet behemoth released 11 security patches for Chrome this week, which are now being pushed out in stages to those with automatic updates enabled for Windows, Mac, and Linux; however, everyone can manually update now. The zero-day (CVE-2022-2856) is rated as high severity and involves “insufficient validation of untrusted input in Intents,” according to Google’s advisory. Intents, where the bug resides, are used by Chrome to process user input; if the browser doesn’t validate this input properly, an attacker is able to specially craft an input (say, a post in the comments section of a website) that’s not expected by the application. Twilio phish sees Signal users’ numbers at risk of re-registering Date: 2022-08-16 Author: IT News Locally stored user information can’t be compromised, company says. Fallout from the recent phising attack on communications company Twilio has spilt over to encrypted messaging app Signal, with users reporting bogus number re-registration attempts. Twilio provides Signal with phone number verification services, meaning the attacker may have been able to learn that some numbers were associated with Signal users. Digital Ocean dumps Mailchimp after attack leaked customer email addresses Date: 2022-08-16 Author: The Register Junior cloud Digital Ocean has revealed that some of its clients’ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp. This story starts last week when some of the blockheads in crypto-land noticed that email marketing service Mailchimp had suspended service for some of their fellow travellers. Reports such as this missive noted that Mailchimp has previously ditched crypto clients for generating more abuse reports than other customers, and the company’s Acceptable Use Policy therefore warns it may decide not to serve companies that offer “Cryptocurrencies, virtual currencies, and any digital assets related to an Initial Coin Offering.” How a spoofed email passed the SPF check and landed in my inbox Date: 2022-08-16 Author: WeLiveSecurity According to one study published in 2022, around 32% of the 1.5 billion domains investigated had SPF records. Out of these, 7.7% had invalid syntax and 1% were using the deprecated PTR record, which points IP addresses to domain names. Uptake of SPF has been slow and flawed indeed, which might lead to another question: how many domains have overly permissive SPF records? Zoom Patches Serious macOS App Vulnerabilities Disclosed at DEF CON Date: 2022-08-16 Author: Security Week [See AUSCERT Security Bulletin ESB-2022.4080 for more information] Zoom informed customers last week that macOS updates for the Zoom application patch two high-severity vulnerabilities. Details of the flaws were disclosed on Friday at the DEF CON conference in Las Vegas by macOS security researcher Patrick Wardle. Wardle, who is the founder of the Objective-See Foundation, a non-profit that provides free and open source macOS security resources, showed at DEF CON how a local, unprivileged attacker could exploit vulnerabilities in Zoom’s update process to escalate privileges to root. Thousands of VNC Instances Exposed to Internet as Attacks Increase Date: 2022-08-15 Author: Security Week Dark web intelligence firm Cyble reports seeing an increase in cyberattacks targeting virtual network computing (VNC). The VNC graphical desktop-sharing system relies on the Remote Frame Buffer (RFB) protocol to provide control of a remote machine over a network. Exposing VNC to the internet has long been deemed a security risk, yet Cyble has identified over 8,000 internet-accessible VNC instances that have authentication disabled. ESB-2022.4080 – Zoom Client for Meetings for macOS: CVSS (Max): 8.8 Zoom reported Local Privilege Escalation in Zoom Client for Meetings for macOS. Applying current updates or downloading the latest Zoom software is recommended. ESB-2022.4077 – Splunk Enterprise: CVSS (Max): 7.4 A vulnerability in Splunk Enterprise that affects connections between Splunk Enterprise and Ingest Actions Destination has been reported. Splunk customers are advised to upgrade Splunk Enterprise 9.0.0 to 9.0.1 or higher. ESB-2022.4102 – ALERT Google Chrome: CVSS (Max): None Google Chrome released an update for Stable Channel and Extended Stable Channel. Google advised that this update will be rolled out over the coming days/weeks. ESB-2022.4103 – Safari 15.6.1: CVSS (Max): None Safari 15.6.1 has been released to address an issue in WebKit and is available for macOS Big Sur and macOS Catalina. Apple has reported that this issue may have been actively exploited. ESB-2022.3992.2 – UPDATE PAN-OS: CVSS (Max): 8.6 Palo Alto Networks has identified a vulnerability in URL Filtering, which , if exploited could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS)attacks. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, “Malvertising” is a term that has gained some attention this week as it grows in use to infiltrate networks and devices. (also known as a browser-in-browser (BitB) attack. The term refers to malicious advertising, a practice that uses online advertising that appears genuine that requires very little or even no interaction from the user. To help understand and combat such campaigns, National Cyber Security News Today provides an examination of the potential threat and, how to safeguard against it. AUSCERT wanted to remind folk that the deadline for the .au. direct domain availability, and its implications, are fast approaching. As per the ACSC alert, Australians have until 20 September 2022 to seek priority allocation of an .au direct domain name that matches their existing domain name. AUSCERT published a blog on the changes to assist members to understand potential threats and provide our members with an analysis of the situation. Lastly, we wanted to acknowledge World Youth Day, a UN initiative that focuses on education, employment, the environment, delinquency, girls and young women, HIV/AIDS and intergenerational relations as well as conflict resolution and social justice, to name a few, held each year on August 12 (today!). Organizations Warned of Critical Vulnerabilities in NetModule Routers Date: 2022-08-10 Author: Security Week Flashpoint is warning organizations of two newly identified critical vulnerabilities in NetModule Router Software (NRSW) that could be exploited in attacks. Acquired by Belden earlier this year, NetModule provides IIoT and industrial routers, vehicle routers, and other types of wireless M2M connectivity products. All of NetModule’s routers run the Linux-based NRSW by default, and can be managed remotely using a remote management platform. Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen Date: None Author: Bleeping Computer Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee’s account. Meraki firewalls blocked Office365 traffic as attempted intrusion Date: 2022-08-11 Author: iTnews Microsoft Office365 users behind Cisco Meraki firewalls found themselves unable to reach their services, after the security vendor inadvertently blocked legitimate traffic. The firewalls were identifying legitimate traffic as an attempted denial-of-service attack against Windows IIS, as reported in this Reddit post. “We use Meraki firewalls and starting this morning Meraki was blocking valid Microsoft IPs in the Security Center. The SNORT rule details were ‘Microsoft Windows IIS denial-of-service attempt” and the destination IPs were Microsoft’,” the post states. SNORT is an open source signature-based intrusion prevention system. Patch Wednesday fixes two-year-old Dogwalk vulnerability Date: 2022-08-10 Author: iTnews Microsoft has fixed a remote code execution vulnerability in its MSDT diagnostics tool for Windows, first reported to the company two years ago and rediscovered in May this year. The fix is part of this month’s Patch Wednesday, and was named Dogwalk by security researchers. Although researcher Imre Rad reported the bug to Microsoft in January 2020, and despite the vulnerability raising its head again this year, the software giant initially declined to fix the issue. New GwisinLocker ransomware encrypts Windows and Linux ESXi servers Date: 2022-08-06 Author: Bleeping Computer A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means “ghost” in Korean. The actor is of unknown origin but appears to have a good knowledge of the Korean language. Dark web investigation uncovers ransomware marketplace Date: 2022-08-05 Author: Cyber Security Connect A new Venafi dark web investigation has uncovered 475 webpages of sophisticated ransomware products and services, with ransomware-as-a-service (RaaS) being the most accessible for procurement. The research was conducted between November 2021 and March 2022 in partnership with criminal intelligence provider Forensic Pathways. Over 35 million dark web URLs were analysed, including marketplaces and forums, using the Forensic Pathways dark search engine. The researchers found that many strains of ransomware being sold have been successfully used in high-profile attacks, with 87 per cent of the ransomware found on the dark web capable of delivering malicious macros in order to infect targeted systems. These include Babuk, GoldenEye, Darkside/BlackCat, Egregor, HiddenTear and WannaCry. Windows devices with newest CPUs are susceptible to data damage Date: 2022-08-08 Author: Bleeping Computer Microsoft has warned today that Windows devices with the newest supported processors are susceptible to “data damage” on Windows 11 and Windows Server 2022. “Windows devices that support the newest Vector Advanced Encryption Standard (AES) (VAES) instruction set might be susceptible to data damage,” the company revealed today. Devices affected by this newly acknowledged known issue use AES-XTS (AES XEX-based tweaked-codebook mode with ciphertext stealing) or AES-GCM (AES with Galois/Counter Mode) block cipher modes on new hardware. Over 60% of Organizations Expose SSH to the Internet Date: 2022-08-05 Author: Infosecurity Magazine A majority of global organizations are exposing sensitive and insecure protocols to the public internet, potentially increasing their attack surface, according to ExtraHop. The vendor analyzed a range of enterprise IT environments to benchmark cybersecurity posture based on open ports and sensitive protocol exposure. It found that 64% of those studied have at least one device exposing SSH, which could allow attackers to probe it for remote access. Microsoft’s big Patch Tuesday fixes exploited zero-day flaw and 120 more bugs Date: 2022-08-10 Author: ZDNet Microsoft has released patches for 141 flaws in its August 2022 Patch Tuesday update including two previously undisclosed (zero-day) flaws, of which one is actively being exploited. The total patch count for the August 2022 Patch Tuesday Update actually includes 20 flaws in Edge that Microsoft had previously released fixes for, leaving 121 flaws affecting Windows, Office, Azure, .NET Core, Visual Studio and Exchange Server. The Zero Day Initiative noted that the volume of fixes released this month is “markedly higher” than what is normally expected in an August release. “It’s almost triple the size of last year’s August release, and it’s the second largest release this year,” the bug hunting group said. Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts Date: 2022-08-06 Author: The Hacker News Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. “As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,” the company said in an advisory. Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users Date: 2022-08-06 Author: The Hacker News Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. “When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members,” the enterprise communication and collaboration platform said in an alert on 4th August. ESB-2022.3942 – Intel Data Center Manager: CVSS (Max): 9.0 Intel reports that a vulnerability in the Intel Data Center Manager may allow escalation of privilege or denial of service. ESB-2022.3975 – OpenShift Container Platform 4.11.0: CVSS (Max): 9.8 Security updates for Red Hat OpenShift Container Platform 4.11 contain packages and images that fix several bugs and add enhancements. ESB-2022.3966 – Adobe Commerce and Magento Open Source: CVSS (Max): 9.1 Adobe’s most recent update for Adobe Commerce and Magento Open Source resolves critical , important and moderate vulnerabilities which , if exploited could lead to arbitrary code execution, privilege escalation and security feature bypass. ESB-2022.3962 – ALERT Open AMT Cloud Toolkit: CVSS (Max): 9.9 Intel has released updates to mitigate a potential vulnerability in the Open AMT Cloud Toolkit software which , if exploited could allow escalation of privilege. ASB-2022.0182 – ALERT Windows 7 and Windows Server 2008: CVSS (Max): 9.8 Microsoft’s security patch update for August 2022 resolves 29 vulnerabilities across Windows 7 and Windows Server 2008. Microsoft reports this vulnerability is publicly disclosed and actively exploited and recommends updating the software with the version made available. ASB-2022.0181 – ALERT Microsoft Windows: CVSS (Max): 9.8* Microsoft’s security patch update for August 2022 contain fixes for 61 vulnerabilities in Windows, Windows RT and Windows 7. Microsoft reports this vulnerability is publicly disclosed and actively exploited and recommends updating the software with the version made available. ESB-2022.3764.2 – UPDATE ALERT VMware products: CVSS (Max): 9.8 Multiple vulnerabilities were reported in VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation. VMware recommends that these critical vulnerabilities should be patched or mitigated immediately. Stay safe, stay patched and have a good weekend! The AUSCERT team

What is distributed denial of service (DDoS) & How Does it Work? The AUSCERT team provides proactive and reactive incident response assistance actively seeking information from various sources to help find data relevant to a client. We take immediate action and follow well-defined protocols in order to obtain a resolution and satisfactory outcome. This article is aimed at those who need a high level explanation of what a DDoS attack is. DDoS Attacks In 2022 Already in 2022 the IT industry has experienced a large increase of distributed denial of service (DDoS) attacks. Not that long ago, most DDoS attacks were seen as minor nuisances perpetrated by harmless novices who did it for fun, back then DDoS attacks were relatively easy to mitigate.   DDoS attacks are becoming an extremely sophisticated activity, and in many cases, big business. According to TechRepublic, in the first quarter of 2022, Kaspersky DDoS Intelligence systems detected 91,052 DDoS attacks. 44.34% of attacks were directed at targets located in the USA, which comprised 45.02% of all targets.   Exactly What Is a DDoS Attack? Despite DDoS attacks becoming ever more common, they can be quite sophisticated and difficult to combat. But what exactly is a DDoS attack and what does DDoS stand for? DDoS is the anagram for Distributed Denial of Service. A DDoS attack occurs when a threat actor uses resources from multiple, remote locations to attack an organisation’s online operations. The goal is to consume resources so that legitimate access to services is not possible, for example, a website or online service will appear to be ‘down’ for people attempting to use it. DDoS attacks usually focus on generating a huge amount of network traffic that overwhelm operations of network equipment and services such as routers, domain name services or web caching. How Long Can DDoS Attacks Last For? The short answer – there is no set duration. DDoS attacks vary extensively in both duration and sophistication: Long-Term Attack: An attack waged over a period of hours or days is referred to as a long-term attack. For example, the largest recorded DDoS attack was against Amazon Web Services (AWS), this caused disruption for three days before finally being finally mitigated. Burst Attack: Also known as pulse-wave attacks, as the name implies they are waged over a very short period of time, lasting from a few seconds to a few minutes and occurring in frequent bursts. Again, time is not really a factor; the quicker, burst attacks can also be as damaging as the long-term attacks.   How to Protect Your Organisation Against DDoS Attacks Some measures that organisations can take to protect themselves against DDoS attacks are: Reduce the attack surface of Internet-visible services to only that which is required. For example, inbound ICMP packets are unlikely to be needed and should be blocked. Use a Content Delivery Network (CDN). Implement server-level DDoS mitigation measures, making use of best practice guides from application and operating system software providers. Plan for disruption including alternative ways of providing services to clients. Short term increases in network or server capacity may be a solution, depending on the costs. Knowing these in advance will inform business continuity planning discussions. Implementing monitoring systems to detect large increases in outbound network traffic to avoid becoming part of the problem and the cause of reputational damage. Phishing Take-down service AUSCERT’s Phishing Take-down service works to reduce brand damage by requesting the removal of fraudulent websites. The service puts the safety of your brand at the forefront by detecting and acting immediately if your organisation is affected. To find out more about this service click here.

What is Phishing? Phishing is an attack whereby the attacker impersonates a reputable entity or person in email or other forms of communication, such as SMS or instant messaging. Most commonly attackers will use phishing emails to distribute malicious links or attachments that can perform a variety of malicious functions. Phishing Attacks A phishing attack can have devastating results. For individuals, this includes unauthorised purchases, electronic theft of money, or identity theft. Phishing attacks can often be used to gain a foothold into an organisation’s network, as a part of a larger attack, such as ransomware or Business Email Compromise. This happens when employees are compromised in order to bypass security controls and distribute malware or fraudulent messaging inside the victim organisation. A successful attack on an organisation can have severe implications such as financial losses and extended outages, in addition to a reduction of market share, damaged reputation, and loss of customer trust. Types Of Phishing Attacks Email Phishing Scams In the most common version of email-based phishing, the attacker sends out thousands of fraudulent messages with the intent of gathering personal information, account credentials or for financial gain. This type of attack is very much a numbers game, even if 1% of several thousand recipients fall for the scam, then the attack can be considered successful. As with legitimate marketing campaigns, to improve success rates fraudsters will also take the time and effort to maximise their effort by trialling different messaging and tactics and studying their relative success rates.  They will clone emails from a spoofed organisation, by using the same phrasing, typefaces, logos, and signatures to make the messages appear legitimate. Additionally, attackers will commonly try to push users into action by creating a sense of urgency. For example, an email could threaten account expiration and place the recipient on a deadline. By applying a time-sensitive cue, users are more likely to act sooner rather than later, without much thought. These scams can be hard to spot, typically having a misspelt website address or extra subdomain, so for example www.commbank.com.au/login could be www.combank.com.au/login. The similarities between the two website addresses give the impression of a legitimate link, making it more difficult to discover an attack is taking place. Spear Phishing This is a more precisely focused attack as spear phishing targets a specific person or organisation, as opposed to thousands of people as described above. It’s a more specific type of phishing that often incorporates special knowledge about an organisation, such as its staff members’ names and titles, organisational structure and clients. A common spear phishing attack scenario is where the attackers will research names of employees within an organisation’s marketing department in order to gain access to the latest project invoices. Posing as a marketing director, the attacker emails a departmental project manager (PM) using a subject line that reads something like: “Updated invoice for Q3 campaigns”. This email will be a clone of the organisation’s standard email template. A link in the email redirects to a password-protected internal document, which is simply a spoofed version of a stolen invoice. The PM is requested to log in to view the document. The attacker steals the login credentials, gaining full access to sensitive areas within the organisation’s network. By providing an attacker with valid login credentials, spear phishing is an effective method for executing the first stage of further attacks, such as ransomware or Business Email Compromise. How To Prevent Phishing To protect against phishing attacks some steps should be taken by both employees and enterprises. For employees, simple vigilance is vital. A spoofed message will almost always contain subtle differences that expose their fraudulent purpose. These frequently include spelling errors such as website names. Users should also stop and think about why they’re even receiving the email and if it seems unusual or out of character for the alleged sender. At an enterprise level, a number of steps can be taken to mitigate both phishing and spear phishing attacks: Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to applications. 2FA relies on users having two things: something they know, such as a password and username, and something they have, such as a mobile phone running an authentication app. Organisations should enforce a strict password management policy that takes into account how people actually behave. For example, staff should be required to use passwords that are difficult for an attacker to guess but not so complex they can’t be remembered by people. Passphrases are often a better strategy than complex passwords. Password managers combine convenience and strong passwords and their use should be encouraged. Staff should be educated not to reuse the same password for multiple accounts, as this makes password spraying attacks much easier. Empowering employees through engaging and informative cyber security awareness training will help reduce the threat of most cyber security attacks, including phishing. Enable SPF and DMARC to make it more difficult for attackers to send email faking an organisation’s identity. Early Warning SMS Early warning notifications assist in managing critical security threats to your network. AUSCERT monitors malicious activity online and the Early Warning Service provides SMS notifications of any immediate and serious threats relevant to your industry. To find out more about this service click here.

Greetings, It’s been three years since the smell of dagwood dogs filled the air along with the screams and laughter from people on rides at Sideshow Alley but, the Ekka is back in full swing for 2022! An event that brings the country and the city together, the Ekka is much loved in Brisbane and sees over 400,000 people attend each year. So, if you’re visiting the River City between August 6 – 14, perhaps a trip to the RNA Showgrounds is in order? There’s plenty to see, do and eat – including the popular and delicious strawberry sundaes! Another audible array that may delight, is the sound of discussing topics that inform, entertain and perhaps, make you think! Such a treat can be found in the latest episode of our podcast, Share Today, Save Tomorrow that focuses on Diversity and Culture in Cyber Security. The episode features chats with Sasenka Abeysooriya, about changing behaviours and influencing organisational culture and Jasmine Woolley, a proud First Nations woman, on how she utilises Indigenous knowledge to provide a fresh perspective on emerging threats to Australia’s security. If you’re new to the world of cyber or, you have a curious mind and would like to learn more about information security principles, the next round of AUSCERT’s Intro to Cyber for IT Professionals training is taking place in late August. Facilitated by our Principal Analyst and a guest industry trainer, our two half-day courses are aimed at engaging attendees with interactive content and a focus on delivering effective training outcomes. You can view the full list of our 2022 training schedule HERE. New Traffic Light Protocol standard released after five years Date: 2022-08-04 Author: Bleeping Computer The Forum of Incident Response and Security Teams (FIRST) has published TLP 2.0, a new version of its Traffic Light Protocol (TLP) standard, five years after the release of the initial version. The TLP standard is used in the computer security incident response team (CSIRT) community to facilitate the greater sharing of sensitive information. Students at top universities in Australia, the US and UK at risk of fraud Date: 2022-08-02 Author: Cyber Security Connect Proofpoint’s new research has found that the top universities in Australia, the United States and the United Kingdom are lagging on basic cyber security measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks. According to Proofpoint’s analysis, universities in the United States are most at risk with the poorest levels of protection, followed by the United Kingdom, then Australia. Australia charges dev of Imminent Monitor RAT used by domestic abusers Date: 2022-07-31 Author: Bleeping Computer ​An Australian man was charged for developing and selling the Imminent Monitor remote access trojan, used to spy on victims’ devices remotely. A remote access trojan is a type of malware that allows full remote access to an infected device, including the ability to execute commands, log keystrokes, steal files and data, install additional software, take screenshots, and even record video from the device’s webcam. These types of malware are very popular among hackers due to its cheap price and the unfettered access it provided to infected devices. However, they are also popular with domestic abusers who use them to spy on their victims. Decentralized IPFS networks forming the ‘hotbed of phishing’ Date: 2022-07-29 Author: The Register Threat groups are increasingly turning to InterPlanetary File System (IPFS) peer-to-peer data sites to host their phishing attacks because the decentralized nature of the sharing system means malicious content is more effective and easier to hide. Threat analysts with cybersecurity vendor Trustwave this week said the InterPlanetary File System (IPFS) is becoming the “new hotbed of phishing” after seeing an increase in the number of phishing emails that contain IPFS URLs. At the same time, Atif Mushtaq, founder and chief product officer at anti-phishing company SlashNext, told The Register that his company is detecting phishing hosted on ipfs.io, cloudflare-ipfs.com and other vendor systems. LockBit Ransomware Abuses Windows Defender for Payload Loading Date: 2022-08-01 Author: Security Week A LockBit ransomware operator or affiliate has been abusing Windows Defender to decrypt and load Cobalt Strike payloads during attacks, according to endpoint security firm SentinelOne. In April, SentinelOne reported that, in an attack involving LockBit ransomware, threat actors had leveraged a legitimate VMware command-line utility named ‘VMwareXferlogs.exe’ to side-load a Cobalt Strike payload. In a different attack observed by the cybersecurity firm, the attacker leveraged a command-line tool associated with Windows Defender. Specifically, the hackers used ‘MpCmdRun.exe’ to decrypt and load post-exploitation Cobalt Strike payloads. ESB-2022.3764 – ALERT VMware products: CVSS (Max): 9.8 VMware has released patches to address multiple vulnerabilities in affected VMware products ESB-2022.3793 – OpenJDK 17.0.4: CVSS (Max): 7.5 Redhat build of OpenJDK is now available for portable linux fixing several vulnerabilities ESB-2022.3837 – Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers: CVSS (Max): 9.8 Cisco has released software updates to address several vulnerabilities affecting small business RV series routers ESB-2022.3876 – BIG-IP (all modules): CVSS (Max): 8.7 A bypass restriction vulnerability with a CVSS of 8.7 has been fixed on BIG-IP Stay safe, stay patched and have a good weekend! The AUSCERT team

LISTEN HERE: AUSCERT “Share Today, Save Tomorrow”, Episode 14, Diversity and Culture in Cyber Security In this episode, AUSCERT features the following guests: Sasenka Abeysooriya, The University of Queensland Jasmine Woolley, Trustwave Anthony sits down with Sasenka Abeysooriya, a skilled and passionate strategist, innovative thinker and strong communicator, about sustainable and long-term solutions by changing behaviours and influencing organisational culture. Later in the episode, Anthony talks with Jasmine Woolley, a proud First Nations woman, who shares her unique journey into cyber security and how she has utilised her Indigenous knowledge to provide a fresh perspective on emerging threats to Australia’s security. This episode was hosted by Anthony Caruana. Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know! The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.