30 Jun 2023
Week in review
Greetings,
As we approach the end of the financial year, we find ourselves in a critical season where scammers are actively targeting individuals and businesses. It is important to stay aware this tax time as scams impersonating the Australian Taxation Office (ATO) are likely to spike in the following weeks. The ATO reported in May this year they had already received 1,978 reports of impersonation scams a 70% increase from the previous month. Together let’s explore the primary channels that scammers have recently been using to deceive unsuspecting citizens.
Social Media Scams
The ATO has reported a huge increase in social media accounts impersonating them on Facebook, Twitter, Instagram, and other platforms. Fake accounts have been asking users to send their personal and sensitive information to help process their enquiry. The best way to verify an account is to investigate their followers and recent activity to see if there is anything suspicious. The ATO’s Facebook & LinkedIn has over 200,000 followers and its Twitter account has over 65,000. Also, they should have been operating for over 10 years and have a verified tick next to their account name.
Phone & SMS Scams
Phone scams impersonating the ATO are a common trend usually using a pre-recorded message alerting you of your outstanding debt or fee and requiring your sensitive personal information. Similarly SMS scams will include a payment link that will direct you to a fake ATO webpage and ask for your details. The ATO has confirmed that they will never send a pre-recorded message to your phone, threaten you with immediate arrest or demand immediate payment through unusual methods or links.
Email Scams
Email is probably the most common method used by scammers to impersonate the ATO or MyGov utilising authentic looking content to seem legitimate. These emails usually contain phishing links or attachments that request your banking details or other sensitive information. It is very important to be extra cautious and do not open any attachments or links until you can 100% verify the identity. Remember the ATO or MyGov would not usually send an email directly asking for any personal information. They will usually instruct you to lodge it via their online portals.
Stay aware this tax time! If you think something isn’t genuine do not engage with it. You can contact the ATO directly on 1800 008 540 to check with them. Or click here to see how to verify or report a scam
Exploit released for new Arcserve UDP auth bypass vulnerability
Date: 2023-06-28
Author: Bleeping Computer
Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges.
According to the company, Arcserve UDP is a data and ransomware protection solution designed to help customers thwart ransomware attacks, restore compromised data, and enable effective disaster recovery to ensure business continuity.
Fortinet fixes critical FortiNAC remote command execution flaw
Date: 2023-06-23
Author: Bleeping Computer
[See AUSCERT Security Bulletin https://portal.auscert.org.au/bulletins/ESB-2023.3637]
Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands.
FortiNAC is a allows organizations to manage network-wide access policies, gain visibility of devices and users, and secure the network against unauthorized access and threats.
The security issue is tracked as CVE-2023-33299 and received a critical severity score of 9.6 out of 10. It is a deserialization of untrusted data that may lead to remote code execution (RCE) without authentication.
Governments across Australia embark on identity reform
Date: 2023-06-27
Author: iTnews
Commonwealth, state and territory digital ministers have signed off on sweeping identity reforms, designed to make Australians’ digital identities harder to steal, and easier to restore.
After a Data and Digital Ministers’ meeting last week, the group published a National Strategy for Identity Resilience.
Under the strategy, the ministers have pledged to make government-issued digital IDs more interoperable.
Two major energy corporations added to growing MOVEit victim list
Date: 2023-06-27
Author: CyberScoop
Two major energy corporations have fallen victim to the MOVEit breach, the latest targets in an ongoing hacking campaign that has struck a growing number of organizations including government agencies, states and universities. CL0P, the ransomware gang executing the attacks, added both Schneider Electric and Siemens Energy to its leak site on Tuesday. Siemens confirmed that it was targeted; Schneider said it is investigating the group’s claims.
Hundreds of devices found violating new CISA federal agency directive
Date: 2023-06-27
Author: Bleeping Computer
Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive. An analysis of the attack surfaces of more than 50 Federal Civilian Executive Branch (FCEB) organizations led to the discovery of more than 13,000 individual hosts exposed to Internet access, distributed across over 100 systems linked to FCEB agencies.
Dozens of Businesses Hit Recently by ‘8Base’ Ransomware Gang
Date: 2023-06-28
Author: Security Week
A ransomware gang named 8Base was the second most active group in June 2023, claiming roughly 30 victims, VMware reports. Active since March 2022 and mainly focused on small businesses, the group engages in double extortion tactics, publicly naming and shaming victims to compel them to pay the ransom. To date, the 8Base gang has hit approximately 80 organizations across sectors such as automotive, business services, construction, finance, healthcare, hospitality, IT, manufacturing, and real estate.
ESB-2023.3637 – FortiNAC: CVSS (Max): 9.6
Fortinet has released software updates that address a vulnerability in FortiNAC that if exploited could allow an unauthenticated user to execute unauthorized code or commands.
ESB-2023.3638 – IBM QRadar SIEM: CVSS (Max): 6.5
IBM has addressed the verification bypass vulnerability in Google OAuth Client Library for Java as used by IBM QRadar SIEM.
ESB-2023.3646 – Tenable.io, Tenable Security Center and Nessus: CVSS (Max): 6.3
Tenable has discovered vulnerability in Nessus Plugin, and released updates to address this issue. The updates have been distributed via the
Tenable plugin feed ID #202306261202.
ESB-2023.3752 – GitLab Community Edition & Enterprise Edition: CVSS (Max): 7.5
Gitlab released security updates for GitLab Community Edition (CE) and Enterprise Edition (EE) which contain important security fixes.
Stay safe, stay patched and have a good weekend!
The AUSCERT team