Publications

AUSCERT Week in Review for 23rd July 2021 Hi Folks Patch fatigue is definitely setting in, another big week for our analysts issuing bulletins from Adobe and Oracle particularly. This week we released our Quarter 2, 2021 Report with some great stats and updates for the period from 1 April to 30 June 2021. Reminder, there are only 8 days left to nominate for the Australian Women in Security Awards, such a great opportunity to recognise the amazing women in our industry. Hope everyone is keeping safe in these crazy times, have a great weekend. … Shriro Hacked, Feds Cyber Security Called In Date: 2021-07-19 Author: channelnews Sydney based appliance distributor Shriro Holdings has been hacked with the business impacted claims management. CEO Tim Hargraves claims that the distributor of Casio, Blanco, Omega and Everdure barbecues was subject to a cyber security incident involving unauthorised access to its operating systems last week. Microsoft takes down domains used to scam Office 365 users Date: 2021-07-19 Author: Bleeping Computer Microsoft’s Digital Crimes Unit has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s customers. The domains taken down by Microsoft were so-called “homoglyph” domains registered to resemble those of legitimate business. This technique allowed the threat actors to impersonate companies when communicating with their clients. This password-stealing Windows malware is distributed via ads in search results Date: 2021-07-21 Author: ZDNet A newly discovered form of malware delivered to victims via adverts in search results is being used as a gateway to stealing passwords, installing cryptocurrency miners and delivering additional trojan malware. Detailed by cybersecurity company Bitdefender, the malware – which targets Windows – has been dubbed MosaicLoader and has infected victims around the world as those behind it attempt to compromise as many systems as possible. HiveNightmare aka SeriousSAM — anybody can read the registry in Windows 10 Date: 2021-07-21 Author: Double Pulsar This is the story of how all non-admin users can read the registry — and so elevate privileges and access sensitive credential information — on various flavours of Windows 10. It appears this vulnerability has existed for years, and nobody noticed. In this post I made an exploit to test it. Australian organisations are quietly paying hackers millions in a ‘tsunami of cyber crime’ Date: 2021-07-16 Author: ABC News It’s an open secret within the tight-lipped world of cybersecurity. For years, Australian organisations have been quietly paying millions in ransoms to hackers who have stolen or encrypted their data. This money has gone to criminal organisations and encouraged further attacks, creating a vicious cycle. Now experts say Australia and the rest of the world is facing a “tsunami of cyber crime”. MITRE – 2021 CWE Top 25 Most Dangerous Software Weaknesses Date: 2021-07-22 Author: MITRE The [CWE Top 25] is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working. The CWE Top 25 is a valuable community resource that can help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security weaknesses. ASB-2021.0138 – ALERT MySQL products: Multiple vulnerabilities Oracle’s July Patch Update includes 41 new security patches to address multiple vulnerabilities in Oracle MySQL ASB-2021.0139 – ALERT PeopleSoft Enterprise products: Multiple vulnerabilities Oracle releases fixes to address multiple vulnerabilities in PeopleSoft Enterprise products ASB-2021.0140 – ALERT Oracle Systems: Multiple vulnerabilities The Critical Patch Update contains 11 new security patches for Oracle Systems ESB-2021.2515 – ALERT Tenable.sc Products: Multiple vulnerabilities Multiple third-party vulnerabilities identified in Tenable .sc 5.19.0 ASB-2021.0156 – ALERT Oracle Financial Services Applications: Multiple vulnerabilities Multiple vulnerabilities in Oracle Financial Services Applications are addressed in the Oracle’s most recent Patch Update ESB-2021.2463 – Google Chrome: Multiple vulnerabilities The Chrome team releases Chrome 92.0.4515.107 with a number of fixes and improvements ESB-2021.2447 – Adobe Photoshop: Multiple vulnerabilities Adobe’s updates for Photoshop for Windows and macOS resolve a critical and a moderate vulnerability Stay safe, stay patched and have a good weekend! The AUSCERT team

Q2 2021 report Report and Stats We would like to take this opportunity to thank you for your continued support and share with you the following snapshot of our services stats for Quarter 2 2021. This report provides an overview of the cyber security incidents reported by members, from 1 April – 30 June 2021 and includes a summary of other key achievements this quarter. https://auscert.shorthandstories.com/q2-2021-report/index.html

AUSCERT Week in Review for 16th July 2021 Greetings, Well doesn’t time fly, Patch Tuesday (Wednesday) we meet again. Microsoft released patches for 117 vulnerabilities, 13 of these critical. We also saw patch updates from Adobe, Chrome and Firefox. Of note this week, a new SolarWinds exploit was uncovered by Microsoft who discovered a remote code execution vulnerability in the SolarWinds Serv-U product. SolarWinds released updates for their Serv-U Managed File Transfer and Serv-U Secure FTP tools, CVE-2021-35211. Be sure to catch up on this alert via our highlighted AUSCERT Security Bulletin details below. Lastly, we are excited to share Episode 3 of the AUSCERT “Share today, save tomorrow” podcast series. Episode 3 features Jacqui Loustau, AWSN Founder and Pip Jenkinson, CEO of Baidam Solutions and is titled “Passion led us here”. Be sure to check it out. Our podcast is also available via Spotify, Apple Podcast and Google Podcast. Until next week everyone, have a great weekend. SolarWinds patches critical Serv-U vulnerability exploited in the wild Date: 2021-07-12 Author: Bleeping Computer SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company said in an advisory published on Friday. Updated Essential Eight Maturity Model Date: 2021-07-12 Author: Australian Cyber Security Centre (ACSC) The Australian Cyber Security Centre (ACSC) has further strengthened the implementation guidance for the Essential Eight through changes that reflect its experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight. The Essential Eight Maturity Model now prioritises the implementation of all eight mitigation strategies as a package due to their complementary nature and focus on various cyber threats. Organisations should fully achieve a maturity level across all eight mitigation strategies before moving to achieve a higher maturity level. Is Australia a sitting duck for ransomware attacks? Yes, and the danger has been growing for 30 years Date: 2021-07-14 Author: The Conversation Australian organisations are a soft target for ransomware attacks, say experts who yesterday issued a fresh warning that the government needs to do more to stop agencies and businesses falling prey to cyber-crime. But in truth, the danger has been growing worldwide for more than three decades. Despite being a relatively new concept to the public, ransomware has roots in the late 1980s and has evolved significantly over the past decade, reaping billions of dollars in ill-gotten gains. With names like Bad Rabbit, Chimera and GoldenEye, ransomware has established a mythical quality with an allure of mystery and fascination. Unless, of course, you are the target. Strengthening Australia’s cyber security regulations and incentives Date: 2021-07-13 Author: Department of Home Affairs On 13 July 2021, the Australian Government opened consultation on options for regulatory reforms and voluntary incentives to strengthen the cyber security of Australia’s digital economy. Interested stakeholders are invited to provide a submission to the discussion paper, Strengthening Australia’s cyber security regulations and incentives. Govts sign off on national data sharing agreement Date: 2021-07-12 Author: itnews Federal, state and territory leaders have signed off on an intergovernmental agreement aimed at making more data available across all jurisdictions for policy development and service delivery. National cabinet agreed to the intergovernmental agreement (IGA) on data sharing on Friday, formalising a plan that was first endorsed in April, in part to lay the foundations for linked-up government services. ESB-2021.2390 – ALERT HPE Edgeline Infrastructure Manager: Execute arbitrary code/commands – Remote/unauthenticated HPE has addressed a critical RCE vulnerability in Edgeline Infrastructure Manager. ESB-2021.2377 – Firefox and Firefox ESR : Multiple vulnerabilities Multiple security vulnerabilities have been fixed in Firefox 90. ASB-2021.0126 – ALERT Solarwinds Serv-U: Administrator compromise – Remote/unauthenticated CVE-2021-35211 is being exploited in the wild. Patch it to not catch it. ASB-2021.0135 – ALERT Microsoft Extended Security Update products: Multiple vulnerabilities And here we go again. Microsoft has released its monthly security patch update for the month of July 2021. ESB-2021.2374 – Adobe Acrobat and Reader: Multiple vulnerabilities Microsoft: We have critical vulnerabilities. Adobe: Hold my beer. Stay safe, stay patched and have a good weekend! Bek & Narayan on behalf of The AUSCERT team

Podcast Ep 3: Passion led us here In this episode, AUSCERT features the following guests: > Jacqui Loustau, AWSN Founder and AUSCERT2021 Individual Excellence in Information Security Winner > Phillip “Pip” Jenkinson, CEO of Baidam Solutions and AUSCERT2021 Diversity & Inclusion Champion > Dr David Stockdale, AUSCERT Director LISTEN HERE: “Share today, save tomorrow” Ep 3: Passion led us here Jacqui Loustau is the Founder and Executive Manager of AWSN, the Australian Women in Security Network.  AWSN’s mission is to support, inspire, and connect women and female-identifying professionals in the industry and those looking to enter the field with the tools, knowledge, a connected network and platforms they’ll need in order to build their confidence and cultivate their interest. AWSN has been Jacqui’s “passion project” for close to 7 years. Kudos to Jacqui for her tireless work in building the AWSN to where it is today! At AUSCERT, we believe that Diversity & Inclusion champions are leaders who take responsibility for instilling a diverse and inclusive workplace culture. Pip Jenkinson, CEO and Co-Founder of Baidam Solutions is the inaugural winner of this AUSCERT award. For those unfamiliar with Pip, his work at Baidam emphasises the importance of partnerships with some of Australia’s largest employers to create job opportunities and funding for cybersecurity certification training. Baidam gives a significant percentage of the company’s profits to providing pathways to employment in the IT sector for Indigenous and First Nations people. Pip’s and Baidam’s journey is an inspiring story and shows a great example of how organisations can combine profit with social good. David discussed the many on goings at AUSCERT since episode 2 of this podcast series. In particular, AUSCERT’s Member Security Incident Notifications (MSINs)service, the malspam “inbox-spoofing” incident and also the the recent “PrintNightmare” and Kaseya ransomware and supply chain attacks – with a reminder on how we can all continue to protect and mitigate against such incidents. This episode was hosted by Anthony Caruana and Laura Jiew. The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts

AUSCERT Week in Review for 9th July 2021 Greetings, What a big week! A lot to get on top of this week between Kaseya and PrintNightmare. Of note, Microsoft released updated patches to address PrintNightmare. This is related to the Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527 and CVE-2021-1675. Be sure to catch up on this alert via our highlighted AUSCERT Security Bulletin details below. For those of you based in the Greater Brisbane area we are excited to announce a new date for our NAIDOC Week 2021 gathering. Hear more about the work done by colleagues at Baidam Solutions, come and join us on Monday 26 July, 2 – 4pm. For further details and to RSVP, visit the AUSCERT website here. Until next week everyone, have a great weekend. Kaseya supply-chain ransomware attack hits MSP customers Date: 2021-07-03 Author: iTnews A supply-chain attack on Kaseya, which provides management, monitoring and automation software for managed service providers (MSPs), has led to ransomware infections among the company’s customers around the world. Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw Date: 2021-07-04 Author: The Hacker News Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core. The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn’t impacted by the flaw. QNAP fixes critical bug in NAS backup, disaster recovery app Date: 2021-07-05 Author: Bleeping Computer Taiwan-based network-attached storage (NAS) maker QNAP has addressed a critical security vulnerability enabling attackers to compromise vulnerable NAS devices’ security. The improper access control vulnerability tracked as CVE-2021-28809 was found by Ta-Lun Yen of TXOne IoT/ICS Security Research Labs in HBS 3 Hybrid Backup Sync, QNAP’s disaster recovery and data backup solution. The security issue is caused by buggy software that does not correctly restrict attackers from gaining access to system resources allowing them escalate privileges, execute commands remotely, or read sensitive info without authorization. Treasury revisits cyber terrorism insurance cover Date: 2021-07-05 Author: IT News Treasury will consider whether cyber terrorism that causes physical property damage should be added to the national terrorism insurance scheme for a second time in three years. Treasury said that like the 2018 review, the 2021 review will look at “whether a sufficient rationale has emerged to include cyber terrorism causing physical property damage within the scheme”. Email fatigue among users opens doors for cybercriminals Date: 2021-07-07 Author: Bleeping Computer Given the mass migration to remote work, more critical business data is being shared by email than ever before. Users can now receive hundreds of emails a day, and sifting through them is time-consuming and exhausting. Faced with that skyrocketing volume, it’s no wonder that there’s a growing email fatigue. Unfortunately, that fatigue makes it more likely users will click on a malicious email without knowing it – which explains why 94% of malware is now delivered via email. Microsoft’s incomplete PrintNightmare patch fails to fix vulnerability Date: 2021-07-07 Author: Bleeping Computer [See related ALERT bulletin ASB-2021.0123.4 which AUSCERT updated on the 8th July] Researchers have bypassed Microsoft’s emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed. According to Mimikatz creator Benjamin Delpy, the patch could be bypassed to achieve Remote Code Execution when the Point and Print policy is enabled. ASB-2021.0123.4 – UPDATE ALERT Microsoft Print Spooler: Multiple vulnerabilities Our update was made to draw attention to Microsoft’s revised advisory announcing patches are now available for additional Windows versions ESB-2021.2341 – apache2: Multiple vulnerabilities Several vulnerabilities have been found in the Apache HTTP server, which could result in remote code execution and denial of service. ESB-2021.2332 – Cisco Web Security Appliance: Multiple vulnerabilities This Cisco product was affected by vulnerabilities which prior to fix had provided attackers opportunity to execute remote code and compromise root. ESB-2021.2344 – MDT AutoSave: Multiple vulnerabilities A perfect 10.0 (CVSS 3.0), albeit appliance based. Successful exploitation of associated vulnerabilities could lead to full remote execution on the Remote MDT Server without an existing user or password. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 2 July 2021 Greetings, Folks, welcome to the second-half of 2021. The start of July marks a new financial year here in Australia – which means, tax time is here! We’re sharing this “Is it a scam?” piece by our AUSCERT2021 Member Organisation of the Year, the folks from Australian Taxation Office. Of note this week, Microsoft has released an out-of-band critical update to address a Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527. This vulnerability has received significant media attention in the past day or so. Be sure to catch up on this alert via our highlighted AUSCERT Security Bulletin details below. Some mitigation notes and recommendations: Apply the latest security updates released on June 8, 2021 AND determining if the Print Spooler service is running; either disabling it or disabling inbound remote printing through Group Policy. Microsoft acknowledges this vuln is similar to but DISTINCT from the recent Print Spooler vuln reported as CVE-2021-1675 and addressed by the June 2021 Patch Tuesday updates. They are still investigating the issue and will update the page as more information becomes available. AUSCERT members, be sure to hop on our Slack space for some tips and notes regarding this issue from fellow AUSCERT members. It’s always an awesome space for information sharing! To sign in, please do so via our member portal here. And last but not least, for those of you based in the Greater Brisbane area and were intending to attend our proposed NAIDOC Week 2021 luncheon, please note we will be sharing a new date for this special event soon. In the meantime, please stay safe and continue to follow the latest Government advice. Until next week everyone, have a great weekend. CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability Date: 2021-06-29 Author: Tenable [CVE-2021-1675 was patched as part of Microsoft’s Patch Tuesday release on June 8, 2021. See related AUSCERT bulletin ASB-2021.0115. Vulnerabilities like this are most likely to be used in targeted attacks, but all users and organizations are encouraged to patch quickly.] Researchers published and deleted proof-of-concept code for a remote code execution vulnerability in Windows Print Spooler, called PrintNightmare, though the PoC is likely still available. CISA releases new ransomware self-assessment security audit tool Date: 2021-06-30 Author: Bleeping Computer The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET). RRA is a security audit self-assessment tool for organizations that want to understand better how well they are equipped to defend against and recover from ransomware attacks targeting their information technology (IT), operational technology (OT), or industrial control system (ICS) assets. This CSET module was tailored by RRA to assess varying levels of ransomware threat readiness to be helpful to all orgs regardless of their cybersecurity maturity. Microsoft Edge Bug Could’ve Let Hackers Steal Your Secrets for Any Site Date: 2021-06-28 Author: The Hacker News Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that’s triggered when automatically translating web pages using the browser’s built-in feature via Microsoft Translator. Cyber insurance isn’t helping with cybersecurity, and it might be making the ransomware crisis worse, say researchers Date: 2021-06-28 Author: ZDNet “According to a research paper examining cyber insurance and the cybersecurity challenge by defence think tank Royal United Services Institute (RUSI), this practice [paying ransom demands] isn’t just encouraging cyber criminals, it’s also not sustainable for the cyber insurance industry, which warns ransomware has become an existential threat for some insurers.” Note: this article includes commentary stating that paying a ransomware extortion demand is not illegal. This may not be true in some jurisdictions and readers are encouraged to seek legal counsel. Cisco ASA vulnerability actively exploited after exploit released Date: 2021-07-27 Author: Bleeping Computer Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter. This Cisco ASA vulnerability is cross-site scripting (XSS) vulnerability that is tracked as CVE-2020-3580. Cisco first disclosed the vulnerability and issued a fix in October 2020. However, the initial patch for CVE-2020-3580 was incomplete, and a further fix was released in April 2021. ASB-2021-0123 – ALERT Windows Print Spooler: Execute arbitrary code/commands – Existing Zero-day Vulnerability (PrintNightmare) can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. Proof of concept exploit code has reportedly been released. ESB-2021.2240 – Thunderbird: Multiple vulnerabilities Thunderbird contained a multitude of vulnerabilties causing reduced security including remote code execution and denial of service. ESB-2021.2279 – Nessus Agent: Administrator compromise – Existing account Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could lead to gaining administrator privileges on the Nessus host. ESB-2021.2297 – htmldoc: Multiple vulnerabilities A buffer overflow was discovered in HTMLDOC, a HTML processor that generates indexed HTML, PS, and PDF, which could potentially result in the execution of arbitrary code and denial of service. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT Week in Review for 25th June 2021 Greetings, This week, we shared the final instalment of our blog articles highlighting the winners of our Annual AUSCERT Awards. This time, we featured the AUSCERT2021 Information Security Excellence Winner, Jacqui Loustau. Jacqui is a formidable figure in the Australian information security and cybersecurity community. Have a read of it here. We’re also pleased to share the following blog piece by Sean McIntyre, one of our Analysts – “I got 99 problems but a vuln ain’t one”, it’s a bit of a tongue-in-cheek one! And cheesy (revised) lyrics aside, Sean shared his top 3 observations from assisting our membership audience. For those of you based in the Greater Brisbane area and are wanting to hear more about the work done by colleagues at Baidam Solutions, come and join us at our upcoming NAIDOC Week 2021 luncheon on Friday 2 July, 12 – 2pm. For further details and to RSVP, visit the AUSCERT website here. And last but not least, a big thank you to our AUSCERT2021 media partners at Source2Create for covering such a wide range of our talks and presentations from AUSCERT2021 in Issue 3 of their Women in Security Magazine. To subscribe and download a copy, hop on to their website here. Until next week everyone, have a great weekend. Labor Bill would force Aussie organisations to disclose when they pay ransoms Date: 2021-06-21 Author: ZDNet The Australian federal opposition has introduced a Bill to Parliament that, if passed, would require organisations to inform the Australian Cyber Security Centre (ACSC) before a payment is made to a criminal organisation in response to a ransomware attack. The Ransomware Payments Bill 2021 was introduced in the House of Representatives on Monday by Shadow Assistant Minister for Cyber Security Tim Watts. According to Watts, such a scheme would be a policy foundation for a “coordinated government response to the threat of ransomware, providing actionable threat intelligence to inform law enforcement, diplomacy, and offensive cyber operations”. MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework Date: 2021-06-23 Author: The Record by Recorded Future The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix. The not-for-profit organization, which also runs the CVE database of known vulnerabilities, received funding to create the D3FEND framework from the US National Security Agency (NSA). The basic idea behind D3FEND is that the framework will provide defensive techniques that system administrators can apply to counter the practices detailed in the ATT&CK matrix, a one-of-a-kind project that was set up in 2015 to catalog and index the most common offensive techniques used by threat actors in the real world. Tony googled his investment options. Two weeks later, he’d been scammed out of $200,000 Date: 2021-06-24 Author: ABC News It cost around $20 to set up and conned $200,000 from one victim alone. Here’s how investment scammers tricked Tony into handing over part of his life savings. Google dishes out homemade SLSA, a recipe to thwart software supply-chain attacks Date: 2021-06-18 Author: The Register Google has proposed a framework called SLSA for dealing with supply chain attacks, a security risk exemplified by the recent compromise of the SolarWinds Orion IT monitoring platform. SLSA – short for Supply chain Levels for Software Artifacts and pronounced “salsa” for those inclined to add convenience vowels – aspires to provide security guidance and programmatic assurance to help defend the software build and deployment process. Former ASIO boss warns on energy sector cyber Date: 2021-06-21 Author: InnovationAus Energy experts and a former ASIO chief have warned that Australia’s critical energy infrastructure was growing in complexity and vulnerability to cyber-attacks, but a commensurate uplift in resilience has not occurred. Former ASIO director general and current chair of the Foreign Investment Review Board David Irvine said energy was one of many Australian sectors lacking sufficient cyber resilience, and that most local organisations are not “caring enough” about the new “tool of warfare”. Progress is being made but not quickly enough, and Australia is vulnerable to sophisticated cyber attacks, Mr Irvine told an Australia Israel Chamber of Commerce Business lunch on Friday. ASB-2021.0121 – Microsoft Edge (Chromium-based): Execute arbitrary code/commands – Remote with user interaction Microsoft released an update for Edge, the default internet browser for Windows 10. A vulnerability that could lead to remote code execution was addressed. ESB-2021.2208 – wireshark: Multiple vulnerabilities 9 vulnerabilities were addressed in Wireshark, a commonly used packet analyser. ESB-2021.2212 – Thunderbird: Multiple vulnerabilities Multiple vulnerabilities were addressed in Mozilla Thunderbird, these could lead to cross-site scripting attacks and code execution. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT2021 Information Security Excellence Winner [A copy of this interview article is also featured on Edition 3 of the Women in Security Magazine, published by Source2Create.] Jacqui is Founder and Executive Manager of the Australian Women in Security Network (AWSN) which aims to connect, support and inspire more people, in particular, women and female-identifying professionals to pursue a career in security. She is also co-author of the international book ‘Women in the security profession’. In April 2021, Jacqui decided to take a leap of faith and is now devoting 100% of her time to building the AWSN as a not-for-profit organisation. In short, AWSN has been Jacqui’s “passion project” for close to 7 years. Today, AWSN is a national group of close to 2,500 members across Australia with linkages to a number of prominent sponsors. It is an open network of people aiming to grow the number of women and female-identifying professionals in the cyber security community. AWSN’s mission is to support, inspire, and connect women and female-identifying professionals in the industry and those looking to enter the field with the tools, knowledge, a connected network and platforms they’ll need in order to build their confidence and cultivate their interest. Kudos to Jacqui for her tireless work in building the AWSN to where it is today, and with that – it is with great honour that we award her the Winner of Information Security Excellence in 2021.  Tell us a little about your professional career? My interest in technology started off when I worked at a help desk at Australia Post and in the area of  PC support at an insolvency company during uni where I studied a Bachelor of Information Systems. I then graduated and became a unix adminstrator for a few years before then deciding that I wanted to see and travel the world! When I was back-packing in Europe I ran out of money (as you do!) and got a job working on the helpdesk at Schlumberger. I got the opportunity to retrain to be a technical consultant. They put me through some really intensive technical networking and security training and at the end they asked what I wanted to do. I thought security was interesting, and this is pretty much how my security career journey began! I then worked as a security consultant for multiple large scale projects where I’d worked on a variety of different areas such as implementing AV, PKI solutions, performing risk assessments and technical assessments, policy-writing, and basically anything that was thrown at me at the time. I ended up spending 7 years in London and 7 years in Paris as a consultant working on many interesting projects which I loved. When I came back to Australia, I continued to consult on different projects before then moving to the in-house security team at ANZ. I started in their Identity and Access Management (IAM) team, then moved on to designing the cybercrime controls for ANZ’s institutional banking arm; and finally moved to head the Security Education and Influence team in a job share role. I then decided that I really wanted to help small businesses who I saw being affected by cybercrime and ended up spending a year in start-up land with the folks at Cynch Security. You’re the founder of AWSN. Can you tell us more about how AWSN was born and what your mission is? The idea of the AWSN (Australian Women in Security Network) was born when I returned from a 14-year stint overseas and came back to Melbourne. I walked into a security event and was overwhelmed by being the only female in the room. It was something I had gotten used to in Europe; but it really hit me when I came back to my home country to see and experience  it, especially when I didn’t know anyone in the room. I’d met one other female participant and she took me under her wing and introduced me to some people. We then brought together a number of female colleagues for casual breakfasts and met up before the start of security conferences. We spoke about how much we enjoyed working in security and some talked about the challenges they faced with being the only females in their teams. After a while, I was thinking that there may be other women out there also feeling alone, so I started a LinkedIn group. This then grew organically over time and soon local state-based chapters started to pop up across Australia. These then grew into more formal events and now our community consists of around 2500 people. The AWSN is an open network of people aiming to grow the number of women in the security community. We support, inspire, and act as role models. We connect women in the industry and those looking to enter the field with the tools, knowledge, network and platforms needed to build confidence and interest. As a network, we know the diversity of online threats require diversity of thought on how to address them, and this is where our network thrives.We do this mainly through events, hand-on workshops, training, mentoring and speaking engagements through community groups, universities and high schools. Congratulations on winning the Information Security Excellence award! What does winning this award mean to you? It was an absolute honour to have received this award. This means so very much to me and I sometimes still pinch myself with disbelief! I believe that this is a community recognition award, as the AWSN couldn’t have got to where it is today without all the volunteers, sponsors, donors, mentors, coaches, speakers, writers and all the people supporting us over the years. Receiving this award means that the Information Security industry in Australia recognises that what the AWSN is doing is important and meaningful work AND that we are on the right track with what we are trying to achieve. It means that all the hard work and hours that myself and all our volunteers put in to make AWSN what it is today is worth it! Thank you to everyone who has contributed to our cause, you know who you are. What do you see as some of the main cyber threats in today’s society and their accompanying risks? Are you seeing any trends of particular threats becoming more common? Good question! There are many and I could probably talk for hours on this topic. But if I were to choose two, which I think we as a society/community need to work together on a lot more are application vulnerabilities and supply chain risks. As we continue to use technology and build systems, apps, software faster than ever – often security is something that is considered at the last minute or sometimes, never! We shouldn’t expect the users of our systems or apps to know what to look out for when it comes to a security breach. Hence, it is my personal belief that technology should really adopt a “secure-by-design” philosophy and make it easy for users to apply security updates when they are required. When it comes to the topic of supply chain risk, some of these cyber threat issues stem from the fact that small businesses (which btw, constitutes 98% of all Australian businesses**) often cannot afford security consultants to help them with implementing secure processes or expensive security services and products to protect their company assets. These businesses are particularly vulnerable to threats such as business email compromise (BEC), ransomware or data breaches which are increasingly becoming more and more common. These can have downstream implications on large corporations, critical infrastructure and Government agencies as it is very likely that at some point these smaller businesses are further down in their supply chain. It’s cliche, but cyber security really IS in everyone’s interest – no matter the size of your workplace. ** figure obtained from the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) If you could give one piece of advice for organisations and IT/cyber security professionals, what would that be? To stay humble and keep an open mind. Remember and realise that most of our society don’t know what we know, and that no question should be considered a silly question. I don’t think that there is anyone in our sector who knows absolutely everything about security, so we shouldn’t treat/blame users like they should have known better in case of a breach or an incident. There are many people out there (they could be your grandparents, friends, family members  and colleagues) who are confused and overwhelmed by what they know and what they don’t know about the topic of cyber security. It is this stigma that cyber security is difficult and tricky which often makes many security departments feared or are perceived to be unapproachable. We, as a community therefore all have a responsibility to show them that we are keen to help them learn and have them join us on this journey. We cannot fight this battle with just technology and largely rely on humans to report things that are suspicious, to consult with us before they are about to go live with a system and to sign off on our budgets. Therefore, we need everyone on our side and we need to show that we are open to listen and help.  As a community, I think we need to communicate better, prioritise (based on known risks) and provide them with easy and accessible information, solutions and advice – so as not to confuse the general public further. What’s one common challenge you find women and female-identifying professionals are facing in the cybersecurity industry and how can organisations continue to support them? A common challenge I’ve personally found with women and female-identifying professionals in male-dominated teams is that they feel they are not heard or given the same opportunities as their male counterparts. They are often questioned why they are there and instead of asking or referring to them as subject matter experts, they are sometimes asked to be referred to a male counterpart as it’s assumed they don’t know the answer or have anything to contribute to a particular security topic. Everyone should be given an equal opportunity to contribute, and by this I don’t mean just females, but also young/elderly males, people of different ethnicities, people of different backgrounds who need a voice. Organisations must address this better, it needs to be a fundamental yet important goal within all teams or we will continue to lose good talent! And when good talent is lost, it makes it hard for upcoming new talent to see people like themselves in a career path in security, and we absolutely need this new talent in order to fight the new security and technology challenges ahead.  

AUSCERT Week in Review for 18th June 2021 Greetings, This week, we shared our June 2021 edition of The Feed – the AUSCERT membership newsletter. Members, be sure to check your inbox(es) for a copy of this newsletter to catch up on all things related to your AUSCERT membership. We’re pleased to share the following blog piece by our AUSCERT2021 Diversity and Inclusion Champion – Phillip “Pip” Jenkinson from Baidam Solutions. Congratulations Pip, a well-deserved win! For those of you based in the Greater Brisbane area and are wanting to hear more about Pip and the work he does at Baidam Solutions, come and join us at our upcoming NAIDOC Week 2021 luncheon on Friday 2 July, 12 – 2pm. For further details and to RSVP, visit the AUSCERT website here. Last but not least, we’re proud to announce that there are currently 11 NEW Member Security Incident Notifications (MISNs) reports generated in the pipeline by our team of analysts – all drawn from the expertise of our various threat intelligence partners and resources. This is a pertinent reminder for members to keep your organisation’s IPs and domains up to date on the AUSCERT member portal to make sure you’re able to receive these relevant MSINs as they come through! A recap of how this particular AUSCERT service assists our members with mitigating cyber-attacks can be found here “How AUSCERT helped its members tackle the recent Microsoft Exchange server critical ProxyLogon vulnerabilities and exploits.” Until next week everyone, have a great weekend. Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet Date: 2021-06-16 Author: Dark Reading [See related ALERT bulletin ESB-2021.1805 which AUSCERT published on the 26th May] Thousands of instances of VMware vCenter Servers with two recently disclosed vulnerabilities in them remain publicly accessible on the Internet three weeks after the company urged organizations to immediately patch the flaws, citing their severity. The flaws, CVE-2021-21985 and CVE-2021-21986, basically give attackers a way to take complete control of systems running vCenter Server, a utility for centrally managing VMware vSphere virtual server environments. The vulnerabilities exist in vCenter Server versions 6.5, 6.7, and 7.0. Nationally-known Australian company lawyered up to resist ASD help Date: 2021-06-15 Author: ZDNet The Secretary of the Department of Home Affairs, Mike Pezzullo, has spoken out against hacked organisations that refuse assistance from the Australian Signals Directorate, likening it to refusing to cooperate with an air crash investigation. One such example was discussed in evidence to the Parliamentary Joint Committee on Intelligence and Security on Friday. “It was a nationally-known case involving a nationally-known company that [ASD director-general Rachel Noble] and I are declining to name at this point,” he said. […] However the unnamed company lawyered up, and it took a week for the ASD to get even basic network information. Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign Date: 2021-06-14 Author: Microsoft Security Intelligence Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions. Qld govt stumps up $40m for cyber security, digital Date: 2021-06-16 Author: iTnews The Queensland government will invest almost $40 million in cyber security and digital service delivery over the next five years as the state’s Covid-19 recovery gets underway. Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise Date: 2021-06-16 Author: Mandiant Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk. ESB-2021.2130 – ImageMagick: Multiple vulnerabilities 34 vulnerabilities were addressed in ImageMagick, some of which could lead to code execution. ESB-2021.2141 – Nessus Agent: Increased privileges – Existing account Tenable released an update to address privilege escalation vulnerabilities in their Nessus Agent for Windows. ESB-2021.2173 – ALERT [Win][UNIX/Linux] Google Chrome: Execute arbitrary code/commands – Remote with user interaction Another week, another zero-day in Google Chrome. Google reports that this been exploited in the wild so this should be patched as soon as possible. Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT launching a podcast series “Share today, save tomorrow” Editor’s notes:  Hi, my name is Laura Jiew and I run the communications portfolio for team AUSCERT. I am super excited to be working on this podcast series with Anthony and Kathryn from Media-Wize. “Share today, save tomorrow” – the AUSCERT podcast, has been a project we’ve discussed in the past and has sat brewing for the past year or so, I am so happy to see it brought to life this year with the help of our many AUSCERT supporters, in particular, speakers from our AUSCERT2021 conference. So why a podcast, why now? As a CERT, we recognise that the cyber security landscape is ever-changing, and AUSCERT continues to be passionate about engaging our members to empower their people, capabilities, and capacities. We hope you will enjoy our collection of topics and discussion. Let us know what you think! +++++ Episode 1 LISTEN HERE: “Share Today, Save Tomorrow” AUSCERT Podcast Announcement This episode features the following guests, in random order: Dr David Stockdale, AUSCERT Director Mike Holm, AUSCERT Senior Manager Bek Cheb, AUSCERT Business Manager, long-time AUSCERT event convenor and producer  Dr Mark Carey-Smith, AUSCERT Principal Analyst, long-time AUSCERT conference supporter and GRC presenter  Mandy Turner, Manager, Security Operations Centre at UQ  Tim Lane, AHECS Cyber Security Community of Practice (CoP) Chair Hosted by Anthony Caruana and Laura Jiew The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts

AUSCERT “Share today, save tomorrow” Ep 2: Crossing Into The Blue Team In Cyber Security In this episode, AUSCERT features the following guests: > Lukasz Gogolkiewicz, Head of Corporate Security at SEEK > Mike Holm, AUSCERT Senior Manager > Dr Mark Carey-Smith, AUSCERT Principal Analyst LISTEN HERE: “Share Today, Save Tomorrow” Crossing Into The Blue Team In Cyber Security Lukasz currently heads up Corporate Security at SEEK. In this role, he is responsible for ensuring the protection of sensitive information across a multitude of business systems, corporate systems and IT infrastructure. He was also a keynote at AUSCERT2020 and spoke on the topic of “Threat driven cyber security, does security compliance work?” On this podcast episode, we sat down with Lukasz to discuss his career journey in cyber security, his transition from a Red Team into a Blue Team and his thoughts on the next generation of professionals in the industry. Mike and Mark discussed the many on goings at AUSCERT since the launch episode. In particular – the AUSCERT2021 conference wrap-up, observations from our analyst team on the current threat and cyber security landscape (especially on the topic of ransomware) and all proposed AUSCERT membership engagement activities for the rest of 2021. This episode was hosted by Anthony Caruana and Laura Jiew The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts

AUSCERT2021 Diversity and Inclusion Champion This year, to mark the occasion of AUSCERT’s 20th annual conference anniversary, the team has decided to introduce a new award category – the AUSCERT Diversity & Inclusion Champion.  At AUSCERT, we believe that Diversity & Inclusion champions are leaders who take responsibility for instilling a diverse and inclusive workplace culture. According to the Diversity Council of Australia, the definition of a Diversity & Inclusion champion is someone who plays both a symbolic and an active strategic role. Their symbolic function is to demonstrate leadership support for diversity and inclusion by attending diversity events and delivering diversity messages to stakeholder groups within the company and externally. They contribute to diversity strategy development and implementation by serving on diversity councils, campaigning for support from their fellow colleagues, and consulting with diversity leaders. Pip Jenkinson, CEO and Co-Founder of Baidam Solutions is the inaugural winner of this AUSCERT award. For those unfamiliar with Pip, his work at Baidam emphasises the importance of partnerships with some of Australia’s largest employers to create job opportunities and funding for cybersecurity certification training. Baidam gives a significant percentage of the company’s profits to providing pathways to employment in the IT sector for Indigenous and First Nations people. Pip’s and Baidam’s journey is an inspiring story and shows a great example of how organisations can combine profit with social good. It is with great honour that we award Pip with the inaugural AUSCERT Diversity & Inclusion Champion award. Tell us a little about your professional career? I have had a very diverse career and my pathway to a career in cyber security certainly  wasn’t a straight line. Growing up on a farm in Bathurst NSW, I have worked in shearing sheds, at building sites; and I have also served in the Army. I then decided to enrol at university as a mature age student in a Business degree. My first “real” job outside of university was a sales representative for Guinness in Dublin, Ireland and I was fortunate to travel around the United Kingdom, working in some pretty amazing places. I returned to Australia and stayed within the wine trade, working (and tasting) some of Australia’s best wines and meeting some extraordinary people who were producing wine at an award-winning International standard. These folks were all working really hard to cement the image of Australia as a producer of wine that would rival some of the most famous International brands. One day, out of the blue I decided to apply for a role in ICT sales, working for a large cyber security vendor. When I was shortlisted for an interview, I was so nervous about meeting my potential line manager because I didn’t know much about the sector but I gave it my best shot. There were 4 interview rounds in total and there were many other competitive applicants with greater experience than myself, but when I was offered the role, it was life changing for me! This in turn motivated me to ask for some feedback and I was promptly told that I was hired based on attitude, not aptitude. I was motivated to learn as much as I could and certainly made mistakes along the way – but I was so grateful for the opportunity to improve, to earn a good wage and to alway remember where my start in the cyber security industry came from; and hopefully one day, being able to repay this gesture and opportunity. Can you tell us more about your work at Baidam? At a macro level, Baidam Solutions is an Indigenous owned enterprise. Baidam is a supplier of cyber security goods and services to State and Federal governments and ASX-listed corporations. We model our offerings around the ASD “Essential Eight.” At a micro level, we have created a pretty special business model that directly links a social outcome to a commercial drive. From the profits retained within our supply-chain and it in itself being free from any Government assistance or subsidy, we have been able to support two lifetime University based scholarships for Indigenous students in the STEM fields; as well as numerous industry recognised certifications. The recipients of these scholarships are now working within various SOC teams across Australia. I am incredibly fortunate to work in a team that all share a single company vision and company mission – “To increase Indingeous diversity and inclusion in the ICT sector by using education as a vehicle to build technical equity in our First Nations cyber security aspirants.” Congratulations on winning the Diversity and Inclusion Champion award! What does winning this award mean to you? I was absolutely humbled and quite frankly, speechless to win the award! I received the award on behalf of the whole team at Badaim Solutions. We all know that cyber security is a team sport and there is a great team that stands beside me. The award was really special, being the first at anything is hard, but also rewarding. We are the first Supply Nations certified cyber security practice headquartered in Queensland. Therefore, it is our job to help other Indigenous security professionals get a foothold in the industry and it is our job to lead by example,in everything we do. To be the recipient of the inaugural AUSCERT Diversity and Inclusion Champion award is a huge honour and one that must be given the respect that it deserves, to continually uphold the principles of Diversity and Inclusion and be a role model for others to follow.  What recommendations would you give to other organisations looking to provide pathways for employment in the IT sector for Indigenous and First Nations peoples? Do your research. Be committed and do it for the RIGHT reasons. Invest in cultural immersion programs to lift the knowledge of the entire organisation, don’t leave everything to the folks from Human Resources. Obtain advice and understand that there are many cultural events that don’t neatly sit inside within a standard Fair Work Act 2009 employment contract. Be sensitive and flexible and if you do a good job, the results will speak for itself, you will enjoy a richer, more diverse and inclusive employee talent pool that is more representative of the community that you operate in. Baidam’s journey is an inspiring story and a great example of how organisations can combine profit with social good. What advice would you have for organisations looking to do this? Well, this one is very simple. Just do more and do it more often! We are showing other organisations what is possible when focused on sustainable, social return on investment (SROI) rather than purely ROI. Whether you are looking to support Women’s businesses, Veterans businesses, LGBTIQ+ businesses, Australian Disability Enterprises or a myriad of other social  businesses,find a reason to do business other than the pursuit of profit! Draw a line in the sand today, not tomorrow and stand for something other than profit, your customers will appreciate it and so will your staff. Finally, what do you think are the main challenges and opportunities for the cyber security industry in the coming years? Like my past experience in the wine trade industry, Australia has the opportunity to be recognised as a global leader in the production of cyber security talent as well as sovereign cyber security solution capabilities – truly! As a community, we need to do more to support the local companies who are helping this flourishing marketplace. So where possible, buy local, support local and invest locally. I think the Australian Government is doing a good job in supporting this idea, but as with most things, greater work needs to be done. The challenges in our sector are well documented and includes amongst others; a skills shortage and a culture of sourcing projects off-shore. The final challenge, directly linked to the Indigenous cultures that Baidam represents (one that we all need to overcome!) is a mental one …  We MUST change our thoughts from “Why would I buy through an Indingeous business?” to “Why wouldn’t I buy from an Indigenous business?” To sum it up for me, I’d like to share this Norman Vincent Peale quote, “Change your thoughts and you can change your world”.