26 Feb 2021

Week in review

AUSCERT Week in Review for 26th February 2021

Greetings,

This week we are very excited to announce a number of updates with respect to AUSCERT2021.

For the first time ever, the annual AUSCERT conference will be delivered in a hybrid format. Registrations are now open, and we’d like to highlight several sections of the conference website which might be of interest: a list of our selected Speakers, our up-to-date Program details, details on our conference costs, details regarding our venue & accommodation and last but not least, a list of frequently asked questions.

To our AUSCERT members, look out for a separate email landing in your inbox next week detailing your member token privilege(s) – part of your AUSCERT membership perks for the conference this year.

Be sure to catch up on our summary of critical vulnerabilities and patches affecting VMware and Cisco. The list of relevant bulletins and further details can be found below.

And last but not least, AUSCERT is proud to be an official partner of the 4th Human Layer Security Summit hosted by the team from Tessian. This is a virtual event and by signing up to participate as a delegate, you’ll be able to catch up on all of its content on-demand.

Until next week, have a good weekend everyone.


More than 6,700 VMware servers exposed online and vulnerable to major new bug
Date: 2021-02-24
Author: ZDNet

[Please refer to the following AUSCERT security bulletin ESB-2021.0677.]
More than 6,700 VMware vCenter servers are currently exposed online and vulnerable to a new attack that can allow hackers to take over unpatched devices and effectively take over companies’ entire networks.
Scans for VMware vCenter devices are currently underway, according to threat intelligence firm Bad Packets.
The scans have started earlier today after a Chinese security researcher published proof-of-concept code on their blog for a vulnerability tracked as CVE-2021-21972.
This vulnerability impacts vSphere Client (HTML5), a plugin of VMware vCenter, a type of server usually deployed inside large enterprise networks as a centralized management utility through which IT personnel manage VMware products installed on local workstations.

Qantas urges govt to chip in for cyber incident interventions
Date: 2021-02-22
Author: iTnews

Qantas has joined other sectors in asking the government to at least partially cover the cost of complying with proposed laws aimed at better defending the country’s critical infrastructure networks and systems from cyber attacks.
In its submission to the parliamentary joint committee on intelligence and security review of the Security Legislation Amendment (Critical Infrastructure) Bill, the airline said funding was necessary to support the bill’s objectives.

Airplane maker Bombardier data posted on ransomware leak site following FTA hack
Date: 2021-02-23
Author: ZDNet

Canadian airplane manufacturer Bombardier has disclosed today a security breach after some of its data was published on a dark web portal operated by the Clop ransomware gang.
“An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network,” the company said in a press release today.
While the company did not specifically name the appliance, they are most likely referring to Accellion FTA, a web server that can be used by companies to host and share large files that can’t be sent via email to customers and employees.

Ransomware gangs are running riot – paying them off doesn’t help
Date: 2021-02-17
Author: The Conversation

In the past five years, ransomware attacks have evolved from rare misfortunes into common and disruptive threats. Hijacking the IT systems of organisations and forcing them to pay a ransom in order to reclaim them, cybercriminals are freely extorting millions of pounds from companies – and they’re enjoying a remarkably low risk of arrest as they do it.
At the moment, there is no coordinated response to ransomware attacks, despite their ever-increasing prevalence and severity. Instead, states’ intelligence services respond to cybercriminals on an ad-hoc basis, while cyber-insurance firms recommend their clients simply pay off the criminal gangs that extort them.
Neither of these strategies is sustainable. Instead, organisations need to redouble their cybersecurity efforts to stymie the flow of cash from blackmailed businesses to cybercriminal gangs. Failure to act means that cybercriminals will continue investing their growing loot in ransomware technologies, keeping them one step ahead of our protective capabilities.

Cyber Security Pilot to Bolster Small to Medium Business Against Hack Attacks
Date: 2021-02-23
Author: Cyber Security Cooperative Research Centre (CSCRC)

In an Australian first, the Cyber Security Cooperative Research Centre (CSCRC) will lead a ‘hands on’ pilot project focused on uplifting cyber security across Australia’s small to medium business sector (SMEs).
The pilot, which was launched in Adelaide yesterday, will involve six South Australian SMEs across a broad range of critical sectors, from medical services to satellite technologies, measuring their baseline cyber security and providing practical, cost effective uplift solutions over six months.
A collaboration between the CSCRC, CyberCX, CSIRO’s Data61 and the Australian Cyber Security Centre (ACSC), and supported by the Government of South Australia, the pilot will provide a blueprint for SME cyber uplift that can be rolled out across the nation.
The CSCRC is part of the Federal Government’s Cooperative Research Centres program, administered by the Department of Industry, Science, Energy and Resources.


ESB-2021.0677 – ALERT VMware Products: Multiple vulnerabilities

Remote Code Execution issue with multiple Proof-of-Concept exploits available

ESB-2021.0705 – ALERT Cisco NX-OS: Multiple vulnerabilities

Multiple remotely exploitable vulnerabilities have been patched

ESB-2021.0698 – Cisco ACI Multi-Site Orchestrator (MSO): Multiple vulnerabilities

Critical Cisco authentication bypass vulnerability

ESB-2021.0675 – Mozilla Firefox and Firefox ESR: Multiple vulnerabilities

Mozilla updates available


Stay safe, stay patched and have a good weekend!

The AUSCERT team