11 Nov 2022

Week in review

Greetings,

AUSCERT is seeking a new team member in our security systems admin and development area to lead engineering efforts and coordinate projects across our Analyst Team. If you're interested in security automation, infrastructure-as-a-service and cybersecurity-specific open source projects such as MISP, apply now – applications close this Sunday!

AUSCERT’s Senior Manager, Mike Holm delivered a presentation on how to digest MISP data and draw meaningful conclusions from it during the 2022 AHECS Cybersecurity Summit held on the 7th-9th November in Canberra. The AHECS Cybersecurity Summit is a conference developed by the sector with a focus on the Higher Education and Research Cybersecurity, Identity Management and Privacy Community.

In Cyber security news this week, criminals released files on a dark web forum that are believed to contain stolen Medibank customer data. Australian Federal Police announced the expansion of Operation Guardian to protect Medibank Private customers whose personal data was unlawfully released to the internet. Operation Guardian was set up in September this year to deliver specialised protection to current and former Optus customers from identity crime and financial fraud following the Optus cybercrime incident.

AUSCERT advises its members who are impacted by the recent data breaches to be alert for any phishing scams via email, texts, voice calls or post and verify any communications received to ensure that they are from a legitimate source.

In other news this week, our celestial neighbour glowed a spectacular red colour as the last total lunar eclipse for three years illuminated the sky on Tuesday night. While most parts of Australia had a clear view of the total lunar eclipse, the stargazers from our neighbours across the ditch had the most spectacular full show. The next total lunar eclipse is expected to grace our skies on March 14, 2025.

Last but not least, AUSCERT acknowledges Remembrance Day and remembers the armed forces members who gave their lives in the line of duty to protect the nation.

Have a good weekend!


Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data
Date: 2022-11-07
Author: The Hacker News

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs.

Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft
Date: 2022-11-07
Author: Security Week

According to Microsoft’s 2022 Digital Defense Report, nation-state hacker attacks on critical infrastructure have soared, largely due to Russian cyber operations targeting Ukraine and its allies.
Between June 2020 and June 2021, 20% of all nation-state attacks observed by Microsoft were aimed at critical infrastructure. That percentage increased to 40% in the period between July 2021 and June 2022.

Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws
Date: 2022-11-08
Author: Bleeping Computer

Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.
Eleven of the 68 vulnerabilities fixed in today's update are classified as 'Critical' as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.

‘Cyberspace has become a battleground,’ warns Australian Cyber Security Centre
Date: 2022-11-04
Author: The Record

The Australian Cyber Security Centre received over 76,000 cybercrime reports during the last financial year — an increase of nearly 13% — and warned in its latest annual report that “cyberspace has become a battleground.”
The agency also warned that the regional dynamics in the Indo-Pacific were “increasing the risk of crisis” and cautioned that “cyber operations are likely to be used by states to challenge the sovereignty of others.”

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network
Date: 2022-11-09
Author: The Hacker News

A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks.
"Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News.
The research mirrors similar findings from Trustwave SpiderLabs in July 2022, which found more than 3,000 emails containing IPFS phishing URLs as an attack vector, calling IPFS the new "hotbed" for hosting phishing sites.

Medibank hackers target high-profile drug and mental health patients as AFP steps up action
Date: 2022-11-09
Author: ABC News

Medibank customers remain in the dark about whether any of their personal information is among that leaked onto the dark web by hackers overnight. It appears the cybercriminals have published what they have termed "naughty" and "nice" lists of prominent people amongst the leaked data.


ASB-2022.0199.5 – UPDATE Medibank Cyber Security Incident :

Medibank released further information on the Medibank cyber security incident and confirmed that customer data has been released on a dark web forum.

ESB-2022.5782 – Nessus : CVSS (Max): 9.8

Tenable released Nessus Version 8.15.7 to address multiple vulnerabilities in its third-party components.

ASB-2022.0234 – ALERT Exchange Server: CVSS (Max): 8.8

Microsoft's most recent security patch update includes a fix to resolves 4 vulnerabilities across Microsoft Exchange Server.

ASB-2022.0233 – ALERT Windows 7 and Windows Server 2008: CVSS (Max): 8.8*

Microsoft has released its patch update for the month of November 2022 which resolves 24 vulnerabilities in Windows 7 and Windows Server 2008.

ASB-2022.0231 – ALERT Windows and Windows Server: CVSS (Max): 8.8*

Microsoft released fixes for 40 vulnerabilities across Windows 8.1, 10, 11 and Windows Server 2012, 2016, 2019, 2022.

ESB-2022.5792.2 – UPDATE iOS and iPadOS: CVSS (Max): 8.2

Apple released iOS 16.1.1 and iPadOS 16.1.1 to address issues in libxml which if exploited could result in arbitrary code execution or denial of service.


Stay safe, stay patched and have a good weekend!

The AUSCERT team