26 Jun 2020

Week in review

AUSCERT Week in Review for 26th June 2020

Greetings,

This week we’ve observed an increase in business email compromise cases so we thought it was pertinent to share this updated blog post here.

Our top 3 tips to combat this threat are listed below; please help us spread this message along to your colleagues:

  • Educate users, particularly those that handle payments, of the nature of the attack

  • Follow up email requests with a telephone call to verify their veracity

  • Implement appropriate checking of financial transactions

Following on from the ACSC advisory issued on Friday last week, we would like to feature (and reiterate again) the following blog post containing practical tips on “How to use the YARA rules for the copy-paste compromises”. If you’ve received YARA rules, then this will help you use them. If not, we aren’t able to share them with you.

And last but not least, members, a reminder that with the effective establishment of Slack, our member IRC channel will be decommissioned from Wednesday 1st July, 2020.

For those of you wanting to join us on Slack, please do so by logging in with your member portal credentials here.

We hope that everyone enjoys a safe and restful weekend.


NVIDIA patches high severity flaws in Windows, Linux drivers
Date: 2020-06-24
Author: Bleeping Computer

NVIDIA has released security updates to address security vulnerabilities found in GPU Display and CUDA drivers and Virtual GPU Manager software that could lead to code execution, denial of service, escalation of privileges, and information disclosure on both Windows and Linux machines.
Although all the flaws patched today require local user access and cannot be exploited remotely, with attackers having to first get a foothold on the exposed machines to launch attacks designed to abuse these bugs.
Once that is achieved, they could take exploit them by remotely planting malicious code or tools targeting one of these issues on devices running vulnerable NVIDIA drivers.

Twitter is “very sorry” for a security breach that exposed private data of business accounts
Date: 2020-06-24
Author: The Tech Portal

Twitter is back in cybersecurity news, as the company reports yet another data breach via its platform.
In an email sent to its business users, Twitter said that there is a “possible” data breach that may have exposed private information of these accounts. Business users are generally those accounts which advertise on the platform.

Australian security cameras hacked, streamed on a Russian-based website
Date: 2020-06-24
Author: ABC News

Australians are being filmed through private security cameras that are being streamed on a website based in Russia.
Key points:
* The Insecam website broadcasts live streams of compromised web-connected security cameras and webcams
* The site allows people to control the cameras by zooming in and out and moving the camera around
* The group behind the website denied it hacked the cameras

Hackers use Google Analytics to steal credit cards, bypass CSP
Date: 2020-06-22
Author: Bleeping Computer

Hackers are using Google’s servers and the Google Analytics platform to steal credit card information submitted by customers of online stores.
A new method to bypass Content Security Policy (CSP) using the Google Analytics API disclosed last week has already been deployed in ongoing Magecart attacks designed to scrape credit card data from several dozen e-commerce sites.

New taskforce to push cyber security standards
Date: 2020-06-22
Author: iTnews

A cross-sector taskforce of experts from the defence, energy, health and financial services sectors has been created to accelerate the adoption of industry cyber security standards across Australia.
The taskforce, which held its first meeting on Monday, is the result of an “Australian-first” collaboration between the NSW government, AustCyber and Standards Australia. It follows earlier reports on Monday that the federal government is crafting minimum cyber security standards for businesses, including critical infrastructure, as part of its next cyber security strategy.


ESB-2020.2191 – telnet multiple vulnerabilities

A serious remote code execution vulnerability found in Cisco IOS XE Software.

ESB-2020.2116.2 – Cisco Webex Meetings Desktop App multiple vulnerabilities

Another code execution vulnerability was patched in the Cisco Webex Meetings Desktop App.

ESB-2020.2206 – kernel multiple vulnerabilities

Multiple Nvidia code execution vulnerabilities patched on Ubuntu.


Stay safe, stay patched and have a good weekend!

The AUSCERT Team