3 Mar 2023

Week in review

Greetings,

It’s the first week of Autumn, symbolising harvest and abundance as well as the yellowing of leaves and, hopefully, cooler temperatures.

Cooling things down might give cyber security practitioners a chance to catch up with the latest phishing trend – mimicking OpenAI’s ChatGPT payment pages, apps and downloads to commit a variety of crimes. As with any trend or current event, criminals will find a way to exploit other humans for their own gain.

There’s been plenty of talk about using AI to recognise when other AI has created content, but a new concern arose this week when a software update caused Replika users to “lose” their digital companion. Some felt genuine grief over the loss of a loved one, although hopefully that’s an example of a learned behaviour pattern that can be overcome – just like imposter syndrome which affects many cyber security professionals. At this year’s AUSCERT2023 Cyber Security Conference, The University of Queensland’s Shelly Mills will lead a tutorial on that topic: “Tackling imposter syndrome: using psychology to disrupt (cognitive) malicious activity”.

Speaking of AUSCERT2023’s tutorials, don’t forget to get in quickly with your selections, as some tutorials have limited capacity and registrations are on a ‘first come, first served’ basis. We have however reserved some spaces which we will fill from our waitlist by selecting people that identify as women, creating more opportunities for skills-improvement as part of the conference experience.

For this year’s “Back to the Future” themed conference you’ll notice we’ve finalised the tutorial schedule early, so that attendees can choose from the wide range of topics during the registration process. Members of AUSCERT have already received their Member Tokens – ask your AUSCERT member representative for more information.

Here’s selection of this week’s notable cyber security news articles, compiled by the AUSCERT Analyst Team:


Attackers stole LastPass data by hacking an employee’s home computer
Date: 2023-03-01
Author: The Verge

LastPass says that a threat actor was able to steal corporate and customer data by hacking an employee’s personal computer and installing keylogger malware, which let them gain access to the company’s cloud storage. The update provides more information about how the series of hacks happened last year that resulted in the popular password manager’s source code and customer vault data being stolen by an unauthorized third party.

Albanese government to appoint Coordinator for Cyber Security, amid increasing threat to systems and data
Date: 2023-02-26
Author: The Conversation

The federal government is further stepping up its efforts to improve Australia’s protection against increasing cyber threats, with Prime Minister Anthony Albanese on Monday [today] announcing the establishment of a Coordinator for Cyber Security.
The aim is to “ensure a centrally coordinated approach” to the government’s cyber security responsibilities. This would include coordinating and “triaging” action after a major incident.

Critical flaws in WordPress Houzez theme exploited to hijack websites
Date: 2023-02-27
Author: Bleeping Computer

Hackers are actively exploiting two critical-severity vulnerabilities in the Houzez theme and plugin for WordPress, two premium add-ons used primarily in real estate websites.
The Houzez theme is a premium plugin that costs $69, offering easy listing management and a smooth customer experience. The vendor’s site claims it is serving over 35,000 customers in the real estate industry.
The two vulnerabilities were discovered by Patchstack’s threat researcher Dave Jong and reported to the theme’s vendor, ‘ThemeForest,’ with one flaw fixed in version 2.6.4 (August 2022) and the other in version 2.7.2 (November 2022).

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability
Date: 2023-02-28
Author: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive information via specially crafted requests.

Westpac DataX to supply data to NSW government
Date: 2023-03-02
Author: iTnews

Westpac DataX will provide de-identified credit card transaction data to support multiple NSW government agencies.
DataX will support the NSW Data Analytics Centre with functions like disaster recovery, NSW minister for customer service and digital government Victor Dominello said.
The Data Analytics Centre, housed within the NSW Department of Customer Service, will use DataX’s insights to “further embed data-driven decision making across many of our agencies,” Dominello added.


ESB-2023.1306 – Cisco IP Phones: CVSS (Max): 9.8

Cisco has released software updates that address multiple vulnerabilities in certain IP phones

ESB-2023.1327 – Tenable.sc: CVSS (Max): 7.5

Tenable.sc has been updated to address multiple vulnerabilities in OpenSSL

ESB-2023.1316 – OpenShift Container Platform 4.10.53: CVSS (Max): 9.8

Red Hat Openshift Container Platform is now updated to address multiple vulnerabilities

ESB-2023.1345 – Sudo: CVSS (Max): None

A privilege escalation vulnerability in sudo package utilized by Ubuntu has been addressed


Stay safe, stay patched and have a good weekend!

The AUSCERT team