5 May 2023

Week in review

Greetings,

The first known use of an authentication system dates back to the Ancient Roman times where the military would use “watchwords” to prove membership to a unit. In those days, passwords became used as ways to signal affiliation with a particular societal position. In 1961 the password evolved to a digital platform when MIT computer science professor Fernando Corbato created the first computer password, as he needed individual users to have their own private access. Just two years later, the first recorded password theft occurred as one of the users printed the system’s password file to gain more privileges.

Back to the future: this week, some sixty years later we celebrated world password day! As our use of passwords rapidly increased so did their predictability. With so many passwords to remember we became obvious in our choices to ensure it could be easily remembered, often using our birthdays, family names, beloved pets or even simply “password123”. Password cracking became even simpler for hackers as they caught on to the “best practice” trends promoted within the community. While encryption and hashing technology improved, so has the technology available to attackers, meaning that even our longer and more complex passwords were no longer a barrier of entry. Here’s what you should know about the latest recommended password security and best practices:

  1. Choose a strong password & keep it confidential – combine uppercase and lowercase letters, numbers and special characters in a random order. The more random the better! Also the longer the better – a minimum of 8 characters. The best password is a “passphrase” combining four or five random words that you’ll easily remember.

  2. Don’t reuse passwords for important systems. That means you’ll also need to keep track of all your passwords securely. Write it on paper and lock it in a secure location or better yet, use a password manager system that stores all your passwords securely in one location.

  3. Use a multi-factor authentication (MFA) system. By requiring a factor other than just your password (for example a verification code sent to your phone), multi-factor authentication can keep a hacker from being able to log onto your account even if they do get a hold of your password.

Spread the word about this both at home and at work – remember that if we’re all used to employing these protective layers at home, it’s also more likely we’ll take the same care in the workplace!

See you at AUSCERT2023 next week!


Fortinet warns of a spike in attacks against TBK DVR devices
Date: 2023-05-02
Author: Security Affairs

FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.
The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker can trigger the flaw to obtain administrative privileges and eventually gain access to camera video feeds.
TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities.

Apple pushes first-ever 'rapid' patch – and rapidly screws up
Date: 2023-05-02
Author: The Register

Apple on Monday pushed to some iPhones and Macs its first-ever rapid security fix.
This type of patch is supposed to be downloaded and applied automatically and seamlessly by the operating system to immediately protect devices from exploitation, thus avoiding the usual system update cycle that users may put off or miss and thus leave their stuff vulnerable to attack.
As luck would have it, though, this first-of-its-kind patch didn't go off without a hitch. Some Cupertino fans reported problems actually getting the update.

CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service
Date: 2023-05-02
Author: Zero Day Initiative

A heap-based buffer overflow has been reported in Microsoft DHCPv6 Server. The vulnerability is due to improper processing of DHCPv6 Relay-forward messages. A remote attacker can exploit this vulnerability by sending crafted DHCPv6 Relay-forward messages to the target server. Successful exploitation could result in the execution of arbitrary code with administrative privileges.

Australian law firm HWL Ebsworth hit by Russian-linked ransomware attack | Data and computer security
Date: 2023-05-02
Author: The Guardian

The Australian commercial law firm HWL Ebsworth has fallen victim to a ransomware attack, with Russian-linked hackers claiming to have obtained client information and employee data.
Late last week, the ALPHV/Blackcat ransomware group posted on its website that 4TB of company data had been hacked, including employee CVs, IDs, financial reports, accounting data, client documentation, credit card information, and a complete network map.

Meta says ChatGPT-related malware is on the rise
Date: 2023-05-04
Author: iTnews

Lures users into downloading malicious apps and browser extensions.
Meta said it had uncovered malware purveyors leveraging public interest in ChatGPT to lure users into downloading malicious apps and browser extensions, likening the phenomenon to cryptocurrency scams.
Since March, the social media giant has found around 10 malware families and more than 1000 malicious links that were promoted as tools featuring the popular artificial intelligence-powered chatbot, it said in a report.
In some cases, the malware delivered working ChatGPT functionality alongside abusive files, the company said.


ESB-2023.2453 – Android OS: CVSS (Max): 9.8*

Android's most recent security bulletin contains details of vulnerabilities affecting Android devices. The most severe vulnerability affects the Framework component which could lead to local escalation of privilege.

ESB-2023.2463 – GitLab Community Edition (CE) and GitLab Enterprise Edition (EE): CVSS (Max): 7.5*

GitLab has released versions 15.11.1, 15.10.5, and 15.9.6 for GitLab Community Edition and Enterprise Edition which contain important security fixes.

ESB-2023.2504 – chromium: CVSS (Max): None

Multiple security issues have been reported in Chromium, which if exploited could result in the execution of arbitrary code, denial of service or information disclosure.

ESB-2023.2501 – AirPods and Beats: CVSS (Max): None

Apple has released updates for AirPods Firmware and Beats Firmware to address multiple security issues.

ESB-2023.2502 – Cisco SPA112 2-Port Phone Adapters: CVSS (Max): 9.8

As SPA112 2-Port Phone Adapters have reached end of life, Cisco advises its customers to migrate to the ATA 190 Series Analog Telephone Adapter.


Stay safe, stay patched and have a good weekend!

The AUSCERT team