23 Oct 2020

Week in review

AUSCERT Week in Review for 23rd October 2020

Greetings,

A number of important security patches to pay attention to this week (Oracle, Google and Cisco) – please refer to our highlighted articles and Security Bulletins section below.

Members, a copy of our October edition of the AUSCERT membership newsletter aka The Feed, landed in your inbox earlier this week. Be sure to catch up on all of our membership-related news; it was a bumper edition which also contained a copy of our Q3 2020 report.

Our team is looking forward to participating in the range of AustCyber CyberWeek2020 initiatives taking place next week; as well as supporting the Inaugural AHECS Cybersecurity Summit “Bridging the Gap” in early November.

Last but not least, don’t forget to complete the 2020 BDO in Australia and AUSCERT Cyber Security Survey. This anonymous survey closes at midnight next Friday, 30 October 2020 and takes less than 10 minutes to complete and by taking part, you will be offered the chance to win one of two Apple Watches.

Until next week, have a wonderful weekend everyone.


Google releases Chrome security update to patch actively exploited zero-day
Date: 2020-10-20
Author: ZDNet

[Refer to AUSCERT bulletin ESB-2020.3611]
Google has released Chrome version 86.0.4240.111 earlier today to deploy security fixes, including a patch for an actively exploited zero-day vulnerability.
The zero-day is tracked as CVE-2020-15999 and is described as a memory corruption bug in the FreeType font rendering library that’s included with standard Chrome distributions.

Cisco warns of attacks targeting high severity router vulnerability
Date: 2020-10-20
Author: Bleeping Computer

[Refer to AUSCERT bulletin ESB-2020.0424.10]
Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software.
The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug
Date: 2020-10-16
Author: Bleeping Computer

The U.K. National Cyber Security Centre (NCSC) today issued an alert highlighting the risks behind the recently addressed CVE2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server.
NCSC, the cybersecurity arm of the UK’s GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts.

Watch out for Emotet malware’s new ‘Windows Update’ attachment
Date: 2020-10-18
Author: Bleeping Computer

The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word.
Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim’s computer, which uses the computer to send spam email and ultimately leads to a ransomware attack on a victim’s network.

Big engineering consultancy takes a hit from REvil ransomware
Date: 2020-10-22
Author: iTWire

The Meinhardt Group, an engineering consultancy with 51 offices worldwide and 5000 employees, appears to have been attacked by a group using the REvil ransomware last month.
The group has offices in Greater China, United Kingdom, India, Pakistan, Singapore, Malaysia, Indonesia, Thailand, Vietnam, the Philippines, the Middle East and Africa, according to information on its website.
The group says that, by revenue, it is ranked among the largest independent engineering consulting firms globally.


ESB-2020.3611 – Google Chrome: Multiple vulnerabilities

The new stable desktop release for Google Chrome patches a zero-day exploit, as seen above it has made the news cycle.

ESB-2020.0424.10 – UPDATE ALERT Cisco products using Cisco Discovery Protocol: Multiple vulnerabilities

As mentioned above Cisco has warned that CVE-2020-3118 is being actively targeted in the wild.

ASB-2020.0176 – ALERT Oracle MySQL Products: Multiple vulnerabilities

Part of Oracle’s quarterly patch day this contains a CVE rated at 9.8 that can result in a total takeover of a MySQL cluster.


Stay safe, stay patched and have a good weekend!

The AUSCERT team