Publications

AUSCERT Education: Terms and Conditions   Eligibility Registration to participate in the course is restricted to employees of AUSCERT Member organisations. If a non-member is found to have registered, they will be refused entry into the course and refunded. If required, eligibility can be confirmed by AUSCERT prior to registration. Payment The University of Queensland (UQ) will provide a Tax Invoice to the Participant upon finalisation of registration and payment. Or if requested, UQ can provide a tax invoice prior to payment. Registration and participation in the course will be confirmed upon receipt of full course fee payment. Cancellations All cancellations must be 2 business days or more before a course delivery date. Should the cancellation be made in this timeframe, participants have ONE of the following options: Transfer their booking to an alternate course to be held within 12 months of the original course. Send a substitute in their place, OR AUSCERT reserves the right to cancel courses due to unforeseen circumstances and will provide participants with written notice in such circumstances. If the course is cancelled, Participants may choose between: Transferring their registration to a new date of the same course 100% of the course fee paid to be refunded. The University of Queensland is not responsible for any expenses that may have been incurred in attending or related to the attendance of a course. Intellectual Property Rights AUSCERT owns all Intellectual Property Rights in the Services and Deliverables and in anything (including in electronic form) used or created by AUSCERT or its personnel (including staff, contractors and subcontractors) for or in connection with the supply of the Services. Confidentiality and Privacy The Participant must obtain AUSCERT’s written approval before publishing or publicising any information relating to AUSCERT or the Services. AUSCERT may publish material relating to the conduct and conclusions of the Services, including the Deliverables. Subject to clause below, if any personal information is provided to AUSCERT, that personal information will be subject to UQ’s Privacy Management Policy, which can be viewed here. More information on privacy in relation to AUSCERT and UQ can be obtained from the Right to Information and Privacy Office here. AUSCERT may retain, use and disclose personal information provided by the Participant to: provide the Services and Deliverables; inform the Participant of future events or activities at AUSCERT; undertake statistical analysis of de-identified data; provide to third party contractors that are performing some or all of the Services under this Contract; and assist AUSCERT in relation to exercising or enforcing AUSCERT’s rights. The Participant consents to AUSCERT taking photographs and videos of the Services being provided which may include images of the Participant and agrees that AUSCERT can use those images in the ordinary course of its business.  

Greetings, With the arrival of dropping temperatures, shorter days, and thicker coats we can confidently say winter is finally upon us. In Queensland, winters are truly delightful, striking a perfect balance between cool breezes and the warming sunshine. It’s the season that allows you to relish the outdoors for extended periods of time without beads of sweat forming on your forehead. The only time hot beverages and soups don’t leave you feeling uncomfortably hot. The only time gathering around a fire provides warmth rather than just entertainment. So here’s to winter! Embrace the cold air with open arms and allow the refreshing chill to invigorate your spirit. If you haven’t watched Mark McPherson’s inspiring seminar on the history of AUSCERT watch it now! Titled ‘AUSCERT this is your life’, Mark explores the first decade of operation for our organisation, the unexpected incidents and unique moments that shaped our business model and operating structure. Mark describes our very founding moments and the historical realisation from governing bodies that a central source for information security and protection was desperately required in Australia. We evolved rapidly and in recent years have also expanded our services to include a range of cybersecurity training courses to address the growing demand for cybersecurity expertise in the workplace. Informing and empowering staff through relevant, engaging and focused professional training experiences is a critical component of organisational cyber security resilience. For more information on our upcoming training courses visit AUSCERT Education. In cyber security news this week, PayID scams are on a rapid rise with the second-hand sales market taking a huge hit. With the cost of living skyrocketing many Australians are struggling for cash and have turned to the online second-hand market to turn some of their previously loved items into much needed funds. Realising this market has significantly grown in popularity, scammers saw an easy way to infiltrate the payment systems known as PayID to steal funds. PayID is a popular payment system that is frequently used on Facebook Marketplace and Gumtree and supported by almost every Bank. NAB Executive Chirs Sheehan warned consumers of the increasing PayID scams saying criminals are becoming increasingly sophisticated with their fraudulent message.He went on to say educating yourself about PayID and remaining vigilant means being able to identify the red flags, for tips on what these are read the full article here. Microsoft finds macOS bug that lets hackers bypass SIP root restrictions Date: 2023-05-30 Author: Bleeping Computer Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks. Discovered and reported to Apple by a team of Microsoft security researchers, the flaw (dubbed Migraine) is now tracked as CVE-2023-32369. Apple has patched the vulnerability in security updates for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, released two weeks ago, on May 18. Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards Date: 2023-05-31 Author: Security Week Researchers at firmware and hardware security company Eclypsium discovered that hundreds of motherboard models made by Taiwanese computer components giant Gigabyte include backdoor functionality that could pose a significant risk to organizations. The backdoor was discovered by Eclypsium based on behavior associated with the functionality, which triggered an alert in the company’s platform. Specifically, the researchers determined that the firmware on many Gigabyte systems drops a Windows binary that is executed when the operating system boots up. The dropped file then downloads and runs another payload fetched from Gigabyte servers. Hackers exploit critical Zyxel firewall flaw in ongoing attacks Date: 2023-05-31 Author: Bleeping Computer Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. The flaw, which is present in the default configuration of impacted firewall and VPN devices, can be exploited to perform unauthenticated remote code execution using a specially crafted IKEv2 packet to UDP port 500 on the device. Zyxel released patches for the vulnerability on April 25, 2023, warning users of the following product versions to apply to resolve the vulnerability: ATP – ZLD V4.60 to V5.35 USG FLEX – ZLD V4.60 to V5.35 VPN- ZLD V4.60 to V5.35 ZyWALL/USG – ZLD V4.60 to V4.73 New Mirai Variant Campaigns are Targeting IoT Devices Date: 2023-05-29 Author: Infosecurity Magazine Unit 42, Palo Alto Networks threat research team, has found new malicious activity targeting IoT devices, using a variant of Mirai, a piece of malware that turns networked devices running Linux, typically small IoT devices, into remotely controlled bots that can be used in large-scale network attacks. Dubbed IZ1H9, this variant was first discovered in August 2018 and has since become one of the most active Mirai variants. ‘Dark Pink’ APT attacks governments, militaries, more in Thailand, Brunei, Belgium, Vietnam and Indonesia Date: 2023-06-01 Author: The Record The Dark Pink hacker group has been tied to five new attacks on governments, militaries and organizations based in Belgium, Thailand, Brunei, Vietnam and Indonesia. Researchers from Group-IB have been tracking the group for months and said it has been active since mid-2021, compromising at least 13 organizations across Europe and the Asia-Pacific region. ESB-2023.3083 – Advantech WebAccess/SCADA: CVSS (Max): 7.3 Advantech released a new version 9.1.4 to address a vulnerability in SCADA which, if exploited, could allow an attacker to gain full control of the server. ESB-2023.3086 – VMware Products: CVSS (Max): 6.1 An insecure redirect vulnerability in Workspace ONE Access and Identity Manager was reported to VMware. Updates are available to address this vulnerability in affected VMware products. ESB-2023.3060 – Red Hat Advanced Cluster Management: CVSS (Max): 9.8 Red Hat Advanced Cluster Management for Kubernetes 2.6.6 General Availability has released fixes for security issues and update container images. ESB-2023.3119 – texlive-bin: CVSS (Max): 9.8 It was discovered that the patch to fix CVE-2023-32700 in texlive-bin, released as DLA-3427-1, was incomplete and caused an error when running the lualatex command. This has been addressed in a texlive-bin package upgrade. ESB-2023.3099 – wireshark: CVSS (Max): 8.8 An update for wireshark has fixed six vulnerabilities and various application crashing issues. Stay safe, stay patched and have a good weekend! The AUSCERT team

LISTEN HERE: AUSCERT “Share Today, Save Tomorrow”, Mobile Device Security In this episode, AUSCERT features the following guests: Martin McGregor, Devicie Anthony and Bek take a rare moment to chat together at the AUSCERT2023 conference and provide a wrap up of the conference and the celebrations for 30 years of AUSCERT. Anthony sits down with Martin McGregor, CEO of Devicie to discuss mobile device security and why the Essential 8 applies to mobile devices. This episode was hosted by Anthony Caruana and Bek Cheb. Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know! The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.

Greetings, Today, we respectfully recognise and remember the unjust treatment endured by Aboriginal and Torres Strait Islander individuals and communities who have been forcibly separated from their families and culture. National Sorry Day is an opportunity for us to come together as a nation to commemorate the strength and resilience of the Stolen Generation survivors and reflect on how we can all contribute to the healing process. With National Reconciliation Week just around the corner, there are plenty of opportunities to learn about our shared histories, cultures and achievements and to explore how each of us can contribute to achieving reconciliation in Australia. Registrations are now open for AUSCERT’s upcoming training courses, designed to enhance your skills and empower your mind! Our courses are facilitated by trainers who possess extensive industry experience and pride themselves on creating engaging, interactive and high quality learning experiences. In two half-day, online sessions they will guide you through the principles and practices whilst also drawing from their own valuable career insights to enrich your learning experience. Our first upcoming course, Cyber Security Risk Management, is designed to provide participants with the ability to perform risk assessments including how to rate, assess and report business risks rather than technical vulnerabilities. We have a wide range of courses to choose from, for more information visit AUSCERT Education. In other news, Telstra has launched a new scam reporting service allowing customers to forward suspicious SMS and MMS messages to a national phone number (7226) to help identify and block scam messages. With scams on a rapid rise in Australia the best defence is to stay informed and question every unexpected communication regardless of the sender. Although, it is becoming increasing difficult to detect a fraudulent message as scammers are appearing more and more authentic. For tips and tools on how to recognise, avoid and report scams visit Scamwatch. Or alternatively, if you’re an AUSCERT member you can contact our 24/7 Incident Support Service where we can help you detect, interpret and respond to attacks. It’s better to be too safe than sorry when it comes to scams! Experts Warn of Voice Cloning-as-a-Service Date: 2023-05-19 Author: Infosecurity Magazine Security experts are warning of surging threat actor interest in voice cloning-as-a-service (VCaaS) offerings on the dark web, designed to streamline deepfake-based fraud. Recorded Future’s latest report, I Have No Mouth and I Must Do Crime, is based on threat intelligence analysis of chatter on the cybercrime underground. Deepfake audio technology can mimic the voice of a target to bypass multi-factor authentication, spread mis- and disinformation and enhance the effectiveness of social engineering in business email compromise (BEC)-style attacks, among other things. Google will delete accounts inactive for more than 2 years Date: 2023-05-21 Author: Bleeping Computer Google has updated its policy for personal accounts across its services to allow a maximum period of inactivity of two years. After that time has passed, the accounts "may" be deleted, along with all their contents, settings, preferences, and user-saved data. This includes all data stored on services such as Gmail, Docs, Drive, Meet, Calendar, Google Photos, and YouTube. Here's how you can help report SMS and MMS scams to Telstra Date: 2023-05-24 Author: techAU Telstra has launched a new scam reporting service that allows customers to forward suspicious SMS and MMS messages to a national phone number. The service, which is free to use, will help Telstra to better identify and block scam messages. To report a scam message, customers simply need to forward the message to 7226. Telstra will then investigate the message and take appropriate action, such as blocking the sender or reporting the message to the relevant authorities. Australian critical infrastructure operators urged to move off Chinese tech Date: 2023-05-23 Author: iTnews A sweep of Chinese-made hardware and software from the federal government could be expanded to cover critical infrastructure operators as well, with the government already assessing its powers for “market intervention”. The comments, made by Home Affairs officials at senate estimates yesterday, come as the government increasingly suspends its use of Chinese-made technology over security concerns. Home Affairs to migrate AUSTRAC, ACIC out of cyber hub Date: 2023-05-23 Author: iTnews Home Affairs will spend $3.7 million helping AUSTRAC and the Australian Criminal Intelligence Commission (ACIC) transition off cyber security services it provided under the government’s axed cyber hubs pilot. The pilot was discontinued earlier this month after a Finance-led review of the pilot scheme. ESB-2023.2979 – Tomcat: CVSS (Max): 7.5 The previous fix for CVE-2023-24998 was incomplete. Apache has released regression update to address the issue ESB-2023.3006 – ALERT GitLab Community Edition and Enterprise Edition: CVSS (Max): 10.0 A critical file read vulnerability has been addressed in the new releases of GitLab ESB-2023.3025 – jenkins and jenkins-2-plugins: CVSS (Max): 9.8 An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for Red Hat OCP ESB-2023.2965 – WordPress: CVSS (Max): None WordPress 6.2.2 is now available which addresses 1 security issue and 1 bug issue Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Although our bodies are feeling a bit worse for wear from last week’s conference our minds are buzzing with new information, skills, and possibilities! After the amazing week we had last week it’s safe to say the AUSCERT team was a little slower this week, taking vital time to rest and recover after all the shenanigans. Although it was all worth it to catch up with past members, meet new members and strengthen our community bond! In addition to providing cutting-edge education, one of the most significant attractions of the conference lies in its vibrant community, fostering idea sharing and facilitating valuable networking opportunities. Google has sparked a lot of controversy with its roll out of new ‘.zip’ and ‘.mov’ top level domains (TLDs). The reason for the concern is that these domains are commonly used for file extensions and may aid threat actors in misleading potential victims. Cybersecurity researchers and professionals are concerned that this will add unnecessary risk to an already risky environment and increase phishing scams and malware downloads. Threat actors could potentially obtain a ZIP domain with the same name as other trusted brands and create fake sites to manipulate unknowing consumers into providing personal information or transferring funds. This has triggered a controversial debate online with many researchers also rebutting these arguments and claiming it’s not that bad and everyone shouldn’t panic. Google mimicked these arguments by saying it takes phishing and malware seriously and has existing mechanisms in place to protect users if new threats emerge. Only time will tell whether this was a smart move by Google or whether it will give further ammunition to scammers. In more positive news, the federal government has announced it will spend $58 million to create the national anti-scams centre to report scams and distribute information more efficiently to banks, law enforcement and vulnerable communities. This will facilitate faster responses to reported scams by establishing a team of industry and law enforcement experts to act efficiently on scam trends. After the ACCC reported a loss of billions due to scams last year, the government and banks have been put under considerable pressure by consumers to develop safer systems, including a new method of dealing with fraudulent transactions. The Australian Banking Association has announced its new digital platform called ‘Fraud Reporting Exchange’, which will allow banks to share information about scam transactions quickly between each other. At least we are taking steps in the right direction to work together to put a stop to scammers. TechnologyOne still investigating impact of M365 cyber incident Date: 2023-05-12 Author: iTnews TechnologyOne said it had managed to contain an incident that impacted its internally-used Microsoft 365 instance earlier this week, and that the system is operating again. In an update [pdf], the software maker said M365 was “successfully restored and is fully operational”. On Wednesday, TechnologyOne disclosed there had been unauthorised access to its M365 instance. It said that “security experts” had since “confirmed our Microsoft 365 system is secure”. Google's .zip Top Level domain is already used in phishing attacks Date: 2023-05-15 Author: ghacks.net Google released the top-level domain .zip to the public recently, which means that interested organizations and users may register .zip domains. Cyber criminals are already using .zip domains in phishing campaigns. According to the SANS Internet Storm Center, about 1230 names have been registered so far. The top level domain was approved in 2014 but it took Google until May 2023 to unlock it for public registration alongside seven other domain extensions. It seems that Google has reduced the registration price to $15 per year for a .zip domain last week, which appears to be less than halve the previous price. Drug and alcohol tests of graduate paramedics revealed in Ambulance Victoria data breach Date: 2023-05-12 Author: The Guardian The confidential drug and alcohol test results of graduate paramedics were available for every Ambulance Victoria staff member to view under a significant breach that has been reported to the state’s privacy watchdog. The Ambulance Victoria chief executive, Jane Miller, confirmed on Friday afternoon that the “unacceptable” breach involved 600 test results relating to a “few hundred” people, and offered her unreserved apology to those impacted. Parental control app with 5 million downloads vulnerable to attacks Date: 2023-05-16 Author: Bleeping Computer Kiddowares 'Parental Control – Kids Place' app for Android is impacted by multiple vulnerabilities that could enable attackers to upload arbitrary files on protected devices, steal user credentials, and allow children to bypass restrictions without the parents noticing. The Kids Place app is a parental control suite with 5 million downloads on Google Play, offering monitoring and geolocation capabilities, internet access and purchasing restrictions, screen time management, harmful content blocking, remote device access, and more. MalasLocker ransomware targets Zimbra servers, demands charity donation Date: 2023-05-17 Author: Bleeping Computer A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking. The ransomware operation, dubbed MalasLocker by BleepingComputer, began encrypting Zimbra servers towards the end of March 2023, with victims reporting in both the BleepingComputer and Zimbra forums that their emails were encrypted. Microsoft is scanning the inside of password-protected zip files for malware Date: 2023-05-16 Author: Ars Technica Microsoft cloud services are scanning for malware by peeking inside users’ zip files, even when they’re protected by a password, several users reported on Mastodon on Monday. Compressing file contents into archived zip files has long been a tactic threat actors use to conceal malware spreading through email or downloads. Eventually, some threat actors adapted by protecting their malicious zip files with a password the end user must type when converting the file back to its original form. Microsoft is one-upping this move by attempting to bypass password protection in zip files and, when successful, scanning them for malicious code. ESB-2023.2867 – WordPress: CVSS (Max): None WordPress released WordPress 6.2.1 that features 20 bug fixes in Core and 10 bug fixes for the block editor. ESB-2023.2892 – Cisco Small Business Series Switches: CVSS (Max): 9.8 Cisco has released software updates that address multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches. ESB-2023.2910 – Google Chrome: CVSS (Max): None Google released Chrome 113.0.5672.126 for Mac and Linux and 113.0.5672.126/.127 for Windows that contains 12 security fixes. ESB-2023.2911 – Jenkins Plugins: CVSS (Max): 8.8 Multiple vulnerabilities affecting various Jenkins plugins have been addressed by Jenkins Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, What an amazing week it’s been at AUSCERT2023! Attending cyber security conferences can be wonderfully rewarding, but also quite daunting for first time attendees or those with a neuro-diverse background. This year at AUSCERT2023 we once again featured an onsite psychologist for attendees to visit and discuss anything from mental wellbeing right through to life coaching. In addition, The University of Queensland’s Shelly Mills coordinated a panel discussion with Trinity McNicol from Sunshine Coast University on neurodiversity in the workplace, and how employers and team members can support these individuals. With “Back to the Future” for our theme, past AUSCERT team member Mark McPherson joined forces with present-day AUSCERT Senior Analyst Eric Halil to present a wonderful trip down memory lane beginning in the late 1980s, when the seeds were planted to form the AUSCERT we know today. If you missed this or any of the presentations, watch out for the YouTube uploads later on. Organisations are realising that data governance is an extremely important mitigating control against breaches, and this shift has brought professionals from both the cybersecurity and data governance fields together. The AUSCERT2023 Conference featured Troy Hunt, long-time cyber security expert and creator of the Have I Been Pwned website, Craig Rowlands, Director of Technology Data at Bupa, Kate Carruthers, Chief Data & Insights Officer for UNSW Sydney and The University of Queensland’s Sasenka Abeysooriya, Strategist and Data Governance Expert in a cross-discipline discussion on the importance of data governance and cyber security strategy. At the heart of this week’s AUSCERT2023 Conference was a strong theme of working together to achieve common goals. An amazing number of “hallway conversations” took place amongst the delegates, sharing ideas and comparing notes with other professionals from many disciplines. Next week delegates will return to their workplaces armed with a wealth of knowledge from those conversations, tutorials and the very latest content from the presentations. The coming weekend will hopefully give our delegates a chance to restore a healthy work-life balance and rest up, especially after celebrating last night at the Back to the Future themed gala dinner, featuring once again the amazing DJ Clariti and AUSCERT Awards! In case you missed this week’s cyber security news while attending AUSCERT2023, here’s the top stories: Western Digital says hackers stole customer data in March cyberattack Date: 2023-05-07 Author: Bleeping Computer Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. The company emailed the data breach notifications late Friday afternoon, warning that customers’ data was stored in a Western Digital database stolen during the attack. “Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers,” Western Digital said. Microsoft: Iranian hacking groups join Papercut attack spree Date: 2023-05-08 Author: Bleeping Computer Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers. These groups are tracked as Mango Sandstorm (aka Mercury or Muddywater and linked to Iran’s Ministry of Intelligence and Security) and Mint Sandstorm (also known as Phosphorus or APT35 and tied to Iran’s Islamic Revolutionary Guard Corps). 1 Million Impacted by Data Breach at NextGen Healthcare Date: 2023-05-08 Author: Security Week Healthcare solutions provider NextGen Healthcare has started informing roughly one million individuals that their personal information was compromised in a data breach. Headquartered in Atlanta, Georgia, the company makes and sells electronic health records software and provides doctors and medical professionals with practice management services. FluHorse: New Android Threat Stealing 2FA Codes and Passwords Date: 2023-05-08 Author: Cyware Hacker News According to a recent report by Check Point Research, a new type of malware, named FluHorse, has been discovered. The malware comprises a cluster of Android apps that masquerade as genuine applications. Shockingly, the fake apps have already been downloaded by more than one million users. FluHorse is created to pilfer personal information such as usernames, passwords, and 2FA codes. The distribution of the FluHorse malware occurs through email, and it targets various sectors in the Eastern Asian market. NodeStealer: New Information-stealing Threat Terminated by Facebook Date: 2023-05-09 Author: Cyware Hacker News A new information-stealing malware, named NodeStealer, has been discovered by Facebook. It can steal browser cookies to hijack accounts on the platform, as well as Outlook and Gmail accounts. Furthermore, it allows its operator to bypass 2FA. About the campaign Facebook’s engineers spotted the NodeStealer malware first in late January and linked the attacks to Vietnamese threat actors. Cybercriminals aim to hijack the Facebook account’s ability to run advertising campaigns and push misinformation or lead audiences to sites spreading malware. ESB-2023.2521 – GitLab Community Edition and Enterprise Edition: CVSS (Max): 9.6 GitLab has released versions 15.11.2, 15.10.6, and 15.9.7 for Community Edition (CE) and Enterprise Edition (EE). ASB-2023.0103 – ALERT Microsoft Windows: CVSS (Max): 9.8 Microsoft’s most recent patch update resolves 27 vulnerabilities across Windows, Windows Server, Remote Desktop and Av1 Video Extension. ASB-2023.0105 – ALERT Microsoft ESU: CVSS (Max): 9.8 Microsoft has resolved 14 vulnerabilities with Windows Server 2008 variants. ESB-2023.2691 – emacs: CVSS (Max): 9.8 Issues have been discovered in Emacs which, if exploited, could result in the execution of arbitrary shell commands. This has been fixed in a new version. ESB-2023.2694 – Citrix ADC and Citrix Gateway: CVSS (Max): 6.3 Citrix reports vulnerabilities in ADC and Gateway, and advises its users to install relevant updated versions. ESB-2023.2693 – Nessus Network Monitor: CVSS (Max): 9.8 Tenable has discovered vulnerabilities in Nessus Network Monitor, and released a critical patch to address these issues. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, The first known use of an authentication system dates back to the Ancient Roman times where the military would use “watchwords” to prove membership to a unit. In those days, passwords became used as ways to signal affiliation with a particular societal position. In 1961 the password evolved to a digital platform when MIT computer science professor Fernando Corbato created the first computer password, as he needed individual users to have their own private access. Just two years later, the first recorded password theft occurred as one of the users printed the system’s password file to gain more privileges. Back to the future: this week, some sixty years later we celebrated world password day! As our use of passwords rapidly increased so did their predictability. With so many passwords to remember we became obvious in our choices to ensure it could be easily remembered, often using our birthdays, family names, beloved pets or even simply “password123”. Password cracking became even simpler for hackers as they caught on to the “best practice” trends promoted within the community. While encryption and hashing technology improved, so has the technology available to attackers, meaning that even our longer and more complex passwords were no longer a barrier of entry. Here’s what you should know about the latest recommended password security and best practices: Choose a strong password & keep it confidential – combine uppercase and lowercase letters, numbers and special characters in a random order. The more random the better! Also the longer the better – a minimum of 8 characters. The best password is a “passphrase” combining four or five random words that you’ll easily remember. Don’t reuse passwords for important systems. That means you’ll also need to keep track of all your passwords securely. Write it on paper and lock it in a secure location or better yet, use a password manager system that stores all your passwords securely in one location. Use a multi-factor authentication (MFA) system. By requiring a factor other than just your password (for example a verification code sent to your phone), multi-factor authentication can keep a hacker from being able to log onto your account even if they do get a hold of your password. Spread the word about this both at home and at work – remember that if we’re all used to employing these protective layers at home, it’s also more likely we’ll take the same care in the workplace! See you at AUSCERT2023 next week! Fortinet warns of a spike in attacks against TBK DVR devices Date: 2023-05-02 Author: Security Affairs FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker can trigger the flaw to obtain administrative privileges and eventually gain access to camera video feeds. TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. Apple pushes first-ever 'rapid' patch – and rapidly screws up Date: 2023-05-02 Author: The Register Apple on Monday pushed to some iPhones and Macs its first-ever rapid security fix. This type of patch is supposed to be downloaded and applied automatically and seamlessly by the operating system to immediately protect devices from exploitation, thus avoiding the usual system update cycle that users may put off or miss and thus leave their stuff vulnerable to attack. As luck would have it, though, this first-of-its-kind patch didn't go off without a hitch. Some Cupertino fans reported problems actually getting the update. CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service Date: 2023-05-02 Author: Zero Day Initiative A heap-based buffer overflow has been reported in Microsoft DHCPv6 Server. The vulnerability is due to improper processing of DHCPv6 Relay-forward messages. A remote attacker can exploit this vulnerability by sending crafted DHCPv6 Relay-forward messages to the target server. Successful exploitation could result in the execution of arbitrary code with administrative privileges. Australian law firm HWL Ebsworth hit by Russian-linked ransomware attack | Data and computer security Date: 2023-05-02 Author: The Guardian The Australian commercial law firm HWL Ebsworth has fallen victim to a ransomware attack, with Russian-linked hackers claiming to have obtained client information and employee data. Late last week, the ALPHV/Blackcat ransomware group posted on its website that 4TB of company data had been hacked, including employee CVs, IDs, financial reports, accounting data, client documentation, credit card information, and a complete network map. Meta says ChatGPT-related malware is on the rise Date: 2023-05-04 Author: iTnews Lures users into downloading malicious apps and browser extensions. Meta said it had uncovered malware purveyors leveraging public interest in ChatGPT to lure users into downloading malicious apps and browser extensions, likening the phenomenon to cryptocurrency scams. Since March, the social media giant has found around 10 malware families and more than 1000 malicious links that were promoted as tools featuring the popular artificial intelligence-powered chatbot, it said in a report. In some cases, the malware delivered working ChatGPT functionality alongside abusive files, the company said. ESB-2023.2453 – Android OS: CVSS (Max): 9.8* Android's most recent security bulletin contains details of vulnerabilities affecting Android devices. The most severe vulnerability affects the Framework component which could lead to local escalation of privilege. ESB-2023.2463 – GitLab Community Edition (CE) and GitLab Enterprise Edition (EE): CVSS (Max): 7.5* GitLab has released versions 15.11.1, 15.10.5, and 15.9.6 for GitLab Community Edition and Enterprise Edition which contain important security fixes. ESB-2023.2504 – chromium: CVSS (Max): None Multiple security issues have been reported in Chromium, which if exploited could result in the execution of arbitrary code, denial of service or information disclosure. ESB-2023.2501 – AirPods and Beats: CVSS (Max): None Apple has released updates for AirPods Firmware and Beats Firmware to address multiple security issues. ESB-2023.2502 – Cisco SPA112 2-Port Phone Adapters: CVSS (Max): 9.8 As SPA112 2-Port Phone Adapters have reached end of life, Cisco advises its customers to migrate to the ATA 190 Series Analog Telephone Adapter. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This week we commemorated the Anzac soldiers for their bravery, courage, and ultimate sacrifice for our great nations. We pay respect to the victims and their families and vow to always honour and remember them. Lest we forget! In other less sombre news we released our new podcast episode this week featuring Eric Pinkerton titled ‘Changing Behaviour in Cyber’. Eric, CEO of Phronesis, Australia’s first B-Corp certified cyber security company committed to doing good. In this episode Eric and Anthony examine how people’s behaviours changed during the pandemic and how we can use this knowledge to influence the cyber world. Understanding people’s behaviours is important to understanding the tactics that hackers may take. Hackers pry on our natural instincts and emotions as humans to bait us into a vulnerable position. Scammers are luring naïve consumers into becoming their money mules and exploiting the widening knowledge gap of fraudulent activity. Sadly, emotionally vulnerable people are the most targeted as hackers utilise key methods to exploit their feelings and reap rewards. The Australian Competition and Consumer Commission (ACCC) reported investment scams or ‘get rich schemes’ were the highest reported scams with an astonishing $377 million lost. Dating and Romance scams were the second most targeted approach with the ACC reporting 40 million lost to this last year. Hackers would pull at heart strings to get funds from helpless victims, arguably one of the cruellest forms of consumer-facing fraud as it would often cause significant distress. The preferred method of contact that scammers preferred was phone calls or text messages with 55% of all scams last year being via phone devices. Angry consumers believe the accountability lies with banks to provide reimbursement if they fall victim to a scam or a third-party fraud. To combat scam losses the government is looking into different initiatives to better safeguard consumers. A $10million commitment has been announced to fund a SMS sender register to prevent sender ID scams imitating key industry or government brand names in text message headers. As criminals get more authentic we as a society must also be more vigilant on the warning signs of a scam and ensure not to fall victim to their emotive baiting techniques. New SLP bug can lead to massive 2,200x DDoS amplification attacks Date: 2023-04-25 Author: Bleeping Computer A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service attacks with 2,200X amplification. This flaw, tracked as CVE-2023-29552, was discovered by researchers at BitSight and Curesec, who say that over 2,000 organizations are using devices that expose roughly 54,000 exploitable SLP instances for use in DDoS amplification attacks. Vulnerable services include VMware ESXi Hypervisors, Konica Minolta printers, IBM Integrated Management Modules, and Planex Routers deployed by unsuspecting organizations worldwide. Clop, LockBit ransomware gangs behind PaperCut server attacks Date: 2023-04-26 Author: Bleeping Computer "Members who potentially utilize this product have been notified" Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Last month, two vulnerabilities were fixed in the PaperCut Application Server that allows remote attackers to perform unauthenticated remote code execution and information disclosure. Decoy Dog malware toolkit found after analyzing 70 billion DNS queries Date: 2023-04-23 Author: Bleeping Computer A new enterprise-targeting malware toolkit called ‘Decoy Dog’ has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity. Decoy Dog helps threat actors evade standard detection methods through strategic domain aging and DNS query dribbling, aiming to establish a good reputation with security vendors before switching to facilitating cybercrime operations. Researchers from Infoblox discovered the toolkit in early April 2023 as part of its analysis of over 70 billion DNS records daily to look for signs of abnormal or suspicious activity. Gov to fund SMS sender ID register with $10m Date: 2023-04-24 Author: itnews A government-run register of SMS sender IDs will go ahead courtesy of a $10 million commitment to be made in next month’s federal budget. Communications minister Michelle Rowland said yesterday that the funding, to be announced as part of the 2023-24 Budget on May 9, would run over four years. Rowland had asked the ACMA to investigate a local register, and other models, back in February as a way to combat rising scam losses. Investigation into PostalFurious: a Chinese-speaking phishing gang targeting Singapore and Australia Date: 2023-04-21 Author: Group-IB Phishing attacks are becoming ever more sophisticated and their scale is increasing exponentially. The automation of many processes and the growing popularity and accessibility of phishing kits over recent years has made it much easier for cybercriminals to set up fraudulent infrastructure to steal user credentials, bank card details, addresses, OTP codes, IP addresses, and other sensitive information. ESB-2023.2371 – Tenable.sc: CVSS (Max): 8.1 One of the third-party components (PHP) of Tenable.sc was found to contain vulnerabilities, and updated versions have been made available by the providers ESB-2023.2370 – VMware Workstation Pro / Player (Workstation) and VMware Fusion: CVSS (Max): 9.3 Multiple security vulnerabilities in VMware Workstation and Fusion were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in the affected VMware products ESB-2023.2311 – thunderbird: CVSS (Max): 8.2 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code ESB-2023.2293 – curl: CVSS (Max): 9.8 This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system Stay safe, stay patched and have a good weekend! The AUSCERT team

LISTEN HERE: AUSCERT “Share Today, Save Tomorrow”, Changing behaviour in cyber In this episode, AUSCERT features the following guests: Eric Pinkerton, Phronesis Security Mark Carey-Smith, AUSCERT Anthony sits down with Eric Pinkerton CEO to discuss if there is lessons to be learnt from how peoples behaviour changed during the pandemic that we can use to influence cyber. Bek returns with colleague Mark Carey-Smith to chat about the importance of how we communicate and the range of people focused tutorials and presentations at this years AUSCERT conference. This episode was hosted by Anthony Caruana and Bek Cheb. Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know! The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.

Greetings, Earth Day is tomorrow! A great opportunity to be grateful for the world we live in and reflect on ways we as individuals can reduce our environmental footprint. Avoid single use items, reduce energy consumption, encourage recycling, conserve water, and plant a tree! Established in 1970 Earth Day has become a world phenomenon with over 190 countries participating in a wide variety of environmental activities to drive change. President of Earth Day, Kathleen Rogers, proclaimed this year’s theme is to invest in a green economy to pave a path for a healthy, prosperous and equitable future. So tomorrow make sure to take the time to do something to benefit our beautiful green world! Just as we must invest in protecting our natural environment so too must we protect our cyber environment too. With the increasingly growing rate of scams, it has become imperative for every organisation to invest in their cyber security by providing their employees with the latest education, training and resources to prepare for any attack. The ACCC reported a record loss of $3.1billion to scams last year an astonishing 80% increase over last year. Scammers and hackers have become far more sophisticated in the tactics they are utilising, making them appear genuine, believable, and very difficult to detect. Experts worry this will only continue to increase as artificial intelligence scams are on a rapid rise with hackers now using voice cloning technologies to trick people. Microsoft revealed a new AI system which could recreate a person's voice after listening to them speak for only 3 seconds, a spine tingling sign of how quickly technology could be used to convincingly replicate a key piece of someone’s identity. At this year’s AUSCERT2023 conference we are featuring a new tutorial delivered by global cyber security company, Palo Alto Networks. Their zero trust architects will be hosting a Security Posture Assessment workshop to provide an in-depth analysis of the current state of your security environment. The experts will consult your cyber teams on the vulnerabilities present and priority areas of your organisation, providing recommendations and objectives to strengthen against cyber attacks.Register today to invest in your cyber security protection, hurry spaces limited! … Google patches another actively exploited Chrome zero-day Date: 2023-04-19 Author: Bleeping Computer Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year. "Google is aware that an exploit for CVE-2023-2136 exists in the wild," reads the security bulletin from the company. The new version is 112.0.5615.137 and fixes a total of eight vulnerabilities. The stable release is available only for Windows and Mac users, with the Linux version to roll out "soon," Google says. Hackers actively exploit critical RCE bug in PaperCut servers Date: 2023-04-19 Author: Bleeping Computer [See AUSCERT Security Bulletin 21 April 2023 ASB-2023.0102] https://portal.auscert.org.au/bulletins/ASB-2023.0102 Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers. PaperCut makes printing management software compatible with all major brands and platforms. It is used by large companies, state organizations, and education institutes, while the official website claims it serves hundreds of millions of people from over 100 countries. Australian insurers warn against outright ransomware payment ban Date: 2023-04-18 Author: iTnews The Insurance Council of Australia has warned the government to tread carefully in its contemplation of an outright ban on paying ransoms and extortion demands in data breach incidents. The council also wants the federal government to simplify and “harmonise” cyber security requirements on business, while it contemplates drafting a specific Cyber Security Act. Fortra attributes GoAnywhere breach to a zero day vulnerability Date: 2023-04-20 Author: iTnews Fortra has published a post mortem of the GoAnywhere hack that compromised end user data in January and February. Australian organisations affected by the data breach include Tasmania’s education department, Rio Tinto, and Crown Resorts. The company said the attack used a zero-day vulnerability, CVE-2023-0669, which it said is a “pre-authentication command injection vulnerability … due to deserialising an arbitrary attacker-controlled object”. UK and US issue warning about APT28 actors exploiting poorly maintained Cisco routers Date: 2023-04-18 Author: NCSC UK and US agencies have today (Tuesday) issued a joint advisory to help organisations counter malicious activity used by Russian cyber actors to exploit poorly maintained Cisco routers. APT28 – a threat group attributed to Russia’s military intelligence service the GRU – has been observed taking advantage of poorly configured networks and exploiting a known vulnerability to deploy malware and access Cisco routers worldwide. ASB-2023.0098 – Oracle PeopleSoft: CVSS (Max): 9.8 Oracle's Critical Patch Update release contains 10 new security patches for Oracle PeopleSoft. 8 of these vulnerabilities may be remotely exploitable without authentication. ESB-2023.2198 – Google Chrome: CVSS (Max): None Google released an update for Chrome which addresses a type confusion in V8 vulnerability that has been exploited in the wild. ESB-2023.2257 – Schneider Electric Easy UPS Online Monitoring Software: CVSS (Max): 9.8 Schneider Electric has released security updates for Schneider Electric Easy UPS Online Monitoring Software which fix remote code execution, escalation of privileges, and authentication bypass. ESB-2023.2282 – VMware Aria Operations for Logs: CVSS (Max): 9.8 VMware released updates and workarounds which address multiple vulnerabilities in VMware Aria Operations for Logs. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, With Easter celebrations now behind us, let us embrace the spirit of this holiday as a chance to embark on new adventures, pursue new goals and embrace new experiences. As Autumn unfolds around us temperatures begin to cool and leaves begin to change, it is a powerful reminder of the ever-evolving nature of our world. With it we must ensure to be constantly developing new skills and acquiring knowledge to continue our own self-growth and improvement. Just like nature the digital world is constantly growing and evolving, with new technologies, platforms and applications emerging at an unprecedented rate. The rapid growth and evolution of technological advancements has transformed the digital landscape, and today we are witnessing a whole new era of innovation. We encourage members to undertake frequent cyber security training and courses to promote a culture of awareness and help protect against threats and attacks as new vulnerabilities emerge in the ever-evolving digital environment. This year we have a wide variety of exciting tutorials featured in our AUSCERT2023 conference program specifically designed to ensure your organisation is properly equipped. Particularly the workshops from the SANS Institute ,the world’s largest provider of cyber security training. Spaces are limited so register now! Recently popular targets of cyber-attacks include Microsoft and Adobe software, with increasing reports of vulnerabilities. For the second month in a row Microsoft is pushing out urgent updates to fix an already exploited vulnerability in its flagship windows operating systems. This was announced the same day that Adobe rolled out security fixes to 56 vulnerabilities in a wide range of its products. With high profile software companies under constant threat of malicious activity and potential exposure of consumer data it is important to work together and develop a better strategy to safeguard our cyber security. A reminder the government’s 2023-2030 Australian Cyber Security Strategy Discussion papers are due by tomorrow. Submit your views and recommendations on how the government can better secure the digital economy and thriving cyber ecosystem. … Exploit available for critical bug in VM2 JavaScript sandbox library Date: 2023-04-07 Author: Bleeping Computer [See ASB-2023.0060] Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment. The library is designed to run untrusted code in an isolated context on Node.js servers. It allows partial execution of the code and prevents unauthorized access to system resources or to external data. Microsoft Patches Another Already-Exploited Windows Zero-Day Date: 2023-04-11 Author: Security Week [See ASB-2023.0061] For the second month in a row, Microsoft is pushing out urgent patches to cover an already-exploited vulnerability in its flagship Windows operating system. The vulnerability, flagged as zero-day by researchers at Mandiant, is described as an elevation of privilege issue in the Windows Common Log File System driver. In an advisory documenting the CVE-2023-28252, Redmond warns that an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. 3CX confirms North Korean hackers behind supply chain attack Date: 2023-04-12 Author: Bleeping Computer VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month’s supply chain attack. “Based on the Mandiant investigation into the 3CX intrusion and supply chain attack thus far, they attribute the activity to a cluster named UNC4736. Mandiant assesses with high confidence that UNC4736 has a North Korean nexus,” 3CX CISO Pierre Jourdan said today. Windows admins warned to patch critical MSMQ QueueJumper bug Date: 2023-04-12 Author: Bleeping Computer Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month’s Patch Tuesday and exposing hundreds of thousands of systems to attacks. MSMQ is available on all Windows operating systems as an optional component that provides apps with network communication capabilities with “guaranteed message delivery,” and it can be enabled via PowerShell or the Control Panel. MSI hit in cyberattack, warns against installing knock-off firmware Date: 2023-04-07 Author: The Register Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device’s firmware or BIOS after the manufacturer revealed it has recently suffered a cyberattack. In a statement shared on Friday, MSI urged users “to obtain firmware/BIOS updates only from its official website,” and to avoid using files from other sources. ESB-2023.2108 – Adobe Acrobat and Reader: CVSS (Max): 8.6 Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS which fix arbitrary code execution, privilege escalation, security feature bypass and memory leak vulnerabilities. ASB-2023.0066 – ALERT Microsoft ESU: CVSS (Max): 9.8 Microsoft has released its monthly security patch update which resolves 44 vulnerabilities across Microsoft Extended Security Update (ESU). ASB-2023.0061 – ALERT Windows: CVSS (Max): 9.8 Microsoft’s most recent security patch update resolves 77 vulnerabilities in Windows and Windows Server. ESB-2023.2063 – ALERT macOS Monterey: CVSS (Max): None Apple has released macOS Monterey 12.6.5 which delivers important security enhancements to Mac devices running macOS Monterrey. ESB-2023.2065 – ALERT macOS Big Sur: CVSS (Max): None Apple released a security update for macOS Big Sur which according to Apple’s security updated notes fixes the vulnerability labeled CVE-2023-28206. ESB-2023.2062 – ALERT macOS Ventura: CVSS (Max): None Apple pushed a new macOS Ventura 13.3.1 update which includes bug fixes and security updates for CVE-2023-28206 and CVE-2023-28205. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, As data breaches and cyber attacks are progressively becoming more prevalent, organisations and individuals are now under threat more than ever. As a result it is increasingly important to properly equip yourself with the correct tools and training to ensure you and your organisation are prepared for the growing possibility of an attack. The recent threat on 3CX is a cause for concern for most people – and for good reason! The Voice Over Internet Protocol (VoIP) software development company’s system caters to more than 12 million daily users and 600,000 companies worldwide, including some very high-profile organisations. Hackers reportedly compromised the app to target the company’s customers which could have exposed sensitive personal and financial data for all users and organisations involved. As these data threats and breaches are increasingly becoming more common, organisations and individuals must do all they can to avoid the negative repercussions that can result. It's important for individuals and organizations to take steps to protect themselves against cyber attacks, such as using strong authentication, keeping software up to date, avoiding suspicious links and emails, and backing up important data. Additionally, organisations should invest in their people, to empower them to be an active part of cyber security risk reduction. Resources like IDCare’s fact sheets are great information sources to educate yourself and colleagues on the appropriate measures to take against common threats. Scam watch can keep you updated with the latest threats and statistics. Also, something practical most people can do to help protect themselves and their loved ones is to employ Multi Factor Authentication (MFA), here’s some helpful information on how to enable it for a variety of services – https://2fa.directory/au/ Before we finish up for the week I would like to do a final reminder that Early Bird Offers and Member tokens are expiring today, March 31, for our 2023 AUSCERT conference. There’s never been a better time to further you and your organisation’s knowledge and expertise in cyber security, make sure to register today! Google finds more Android, iOS zero-days used to install spyware Date: 2023-03-29 Author: Bleeping Computer Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices. The attackers targeted iOS and Android users with separate exploit chains as part of a first campaign spotted in November 2022. They used text messages pushing bit.ly shortened links to redirect the victims to legitimate shipment websites from Italy, Malaysia, and Kazakhstan after first sending them to pages triggering exploits abusing an iOS WebKit remote code execution zero-day (CVE-2022-42856) and a sandbox escape (CVE-2021-30900) bug. Crown Resorts confirms ransom demand after GoAnywhere breach Date: 2023-03-28 Author: Bleeping Computer Crown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability. The Blackstone-owned company has an annual revenue that surpasses $8 billion and operates complexes in Melbourne, Perth, Sydney, Macau, and London. This data breach was conducted by the Clop ransomware gang, which has shifted over the past year from encrypting files to performing data extortion attacks. In February, the threat actors claimed to have stolen data from 130 organizations over ten days utilizing a GoAnywhere zero-day vulnerability. This is the most detailed portrait yet of data breaches in Australia Date: 2023-03-28 Author: ABC News Every bubble in the chart [below] is a data breach that put Australians at likely risk of “serious harm”. It shows a total of 2,784 recorded breaches since the start of 2020 — covering everything from the Optus and Medibank breaches, which exposed the personal information of millions, to mistakenly sent emails only affecting a single unlucky person. The chart is based on the official record of data breaches reported to the Office of the Australian Information Commissioner (OAIC), obtained and published for the first time by the ABC. Hotel and property giant Meriton hit by data hack, personal documents may be at risk Date: 2023-03-29 Author: ABC News One of Australia's biggest property giants has been hit by cybercriminals who may have made off with highly sensitive personal data including birth certificates and bank details, as well as information about salaries and disciplinary proceedings. Guests and staff members employed by Meriton were affected by the data breach when hackers struck the luxury developer on January 14 this year. NGS Super says 'limited data' stolen in cyber attack – Security Date: 2023-03-28 Author: iTnews NGS Super, an industry superannuation fund serving the education and community sectors, said an attacker had stolen “limited data” from its systems. The fund said it detected and shut down an incident on March 17, but not before the attacker was able to exfiltrate some data. The stolen data was stored on “internal drives”, according to the fund; why it was stored there is a matter for investigation. “For our members we know that data was accessed, which for a group of members included their primary identifiers,” NGS Super said. Home Affairs to set up cyber and infrastructure security group Date: 2023-03-27 Author: iTnews Home Affairs will set up a new cyber and infrastructure security group from May that will lead industry partnerships and support the implementation of the next nation cyber security strategy. Secretary Michael Pezzullo told a Home Affairs cyber and infrastructure security conference that the new group would be led by Hamish Hansford in a new deputy secretary position. ESB-2023.1834 – macOS Ventura: CVSS (Max): 7.8* Apple has released the macOS Ventura 13.3 update which includes more than 30 security updates. ESB-2023.1847 – Tenable.sc: CVSS (Max): 9.8 Tenable has released updates for multiple vulnerabilities in third party software leveraged by Tenable.sc ESB-2023.1860 – OpenShift Container Platform 4.10.55: CVSS (Max): 7.8 Red Hat Openshift Container Platform is now updated to address multiple vulnerabilities. ESB-2023.1861 – Mozilla Thunderbird: CVSS (Max): None Mozilla has fixed denial of service attack in Thunderbird 102.9.1 for users who use the Matrix chat protocol. Stay safe, stay patched and have a good weekend! The AUSCERT team