12 Nov 2021

Week in review

AUSCERT Week in Review for 12th November 2021

Greetings,

This Saturday, November 13, is World Kindness Day which aims to help everyone understand that compassion for others is what binds us together.

The Kindness Factory is on a mission it is to make the world a kinder place! This not-for-profit organisation was founded by former elite cricketer, Kath Koschel, following a series of events that saw her life spiral into despair and darkness without warning. But Kath fought through her ordeal and emerged with a new passion for life and complete understanding of how powerful kindness can be.

The Kindness Log is a platform for anyone to log an act of kindness allowing people to share experiences that demonstrate how one small act of kindness can make a really big difference.

Remember, the world is full of kind people. If you can’t find one, be one!

Earlier this week, AUSCERT Director, Dr David Stockdale, was a guest speaker at the UQ School of IT and Electrical Engineering Cybersecurity Workshop. The topics discussed covered Cyber Incidence Response within Critical Infrastructure and how to uplift our resilience.

The session was one of four conducted throughout the day that also discussed diversity in the cybersecurity workforce, upskilling and inter-disciplinary cyber education, to name a few.

The experiences, insights and knowledge sharing by the speakers is just one of the many ways AUSCERT collaborates, informs and helps those within the field.

But with the strong held belief that cyber security is everyone’s problem, particularly with the shift to remote working over the past eighteen months, what is being done to counter the growing cyber threat?

A recent article on Cyber Security Connect discusses what businesses should be doing to help employees, and themselves, tackle the issue.


Beyond the Basics: Tips for Building Advanced Ransomware Resiliency
Date: 2021-11-05
Author: Threatpost

The rate at which ransomware attacks occur is rapidly increasing. Not only have we witnessed the rise in the frequency of these attacks, but have also seen them evolve into more sophisticated, successful and damaging events.
The potential monetary gain from a ransomware attack is now so lucrative that many ransomware developers have established affiliate programs for their tools and expertise, offering ransomware-as-a-service. Ransomware demands also continue to skyrocket as more than 80 percent of victim organizations admit to paying ransom demands.

Op-Ed: What a house cat can teach us about cybersecurity
Date: 2021-11-07
Author: Los Angeles Times

The news today often contains reports about cybersecurity breaches that steal our data or threaten our national security. The nation spends billions of dollars on cybersecurity measures, and yet we seem unable to get ahead of this problem. Why are our computers so hard to protect?
Recent experience with a house cat provided insights into the nature of this problem. I am allergic to cats. My daughter came home, cat in hand, for an extended stay, and I had to find a way of confining Pounce to a limited area. However, as many cat parents would have known — though I did not — this was doomed to be a losing battle.

Businesses don’t know how to manage VPN security properly – and cyber criminals are taking advantage
Date: 2021-11-11
Author: ZDNet

Cyber attacks targeting vulnerabilities in virtual private networks (VPN) are on the rise, and many organisations are struggling to protect their networks.
The Covid-19 pandemic forced many businesses to suddenly move to higher levels of remote working than before, with many organisations dealing with it for the first time.
While this was necessary to keep businesses operating, the sudden rise in remote working also provided benefits for cyber criminals, who looked to take advantage of it to carry out attacks against public-facing VPN and cloud services in order to breach networks.

Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach
Date: 2021-11-11
Author: ABC News

It has been revealed that hackers left suspicious files on a webserver to redirect visitor traffic to an online video platform last year.
Queensland’s largest regional water supplier, Sunwater, says it was targeted by hackers in a cyber security breach that went undetected for nine months.
Sunwater admitted the cyber breach after the tabling of a Queensland’s Audit Office report into the state’s water authorities, which mentioned the incident but did not say which authority was targeted.

Microsoft November 2021 Patch Tuesday: 55 bugs squashed, two under active exploit
Date: 2021-11-10
Author: ZDNet

Microsoft has released 55 security fixes for software including patches that resolve zero-day vulnerabilities actively exploited in the wild.
The Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, includes fixes for six critical vulnerabilities, 15 remote code execution (RCE) bugs, information leaks, and elevation of privilege security flaws, as well as issues that could lead to spoofing and tampering.
Products impacted by November’s security update include Microsoft Azure, the Chromium-based Edge browser, Microsoft Office — as well as associated products such as Excel, Word, and SharePoint — Visual Studio, Exchange Server, Windows Kernel, and Windows Defender.

Vagabon PhishKit – An Example of Shared Code Modularity
Date: 2021-11-03
Author: RiskIQ

In early 2021, RiskIQ first detected a new phishing campaign targeting PayPal. The campaign, authored by an actor calling themself “Vagabon”, looks to collect PayPal login credentials, as well as complete credit card information from the victim.
While the kit itself doesn’t display many unique characteristics, it does contain bits and pieces of other known, familiar phish kits. This “Frankenstein” technique of piecing together modular, free or readily available kits and services has become increasingly popular.


ASB-2021.0236 – Microsoft Apps: Execute arbitrary code/commands – Existing account

Microsoft has released its monthly security patch update for the month of November 2021

ESB-2021.3714 – docker.io: Access confidential data – Remote/unauthenticated

An information disclosure issue was discovered in the command line interface of docker.io

ESB-2021.3716.2 – UPDATE Adobe Creative Cloud Desktop Application: Multiple vulnerabilities

Adobe has released an update for the Creative Cloud Desktop for Windows and macOS

ESB-2021.3818 – tcpdump: Denial of service – Remote/unauthenticated

Denial of Service vulnerability found on tcpdump network traffic tool and an update is now available

ESB-2021.3856 – postgresql: Multiple vulnerabilities

Two vulnerabilities discovered in the PostgreSQL database system, which could result in man-in-the-middle attacks


Stay safe, stay patched and have a good weekend!

The AUSCERT team