24 Jun 2022

Week in review

Greetings,

Just like a bad smell or that one annoying neighbour, Log4Shell wonโ€™t go away. It has been reported that threat actors are still utilising the Log4Shell (CVE-2021-44228) vulnerability to gain access to internal systems.

AUSCERT issued a Security Bulletin earlier this month providing further details on the vulnerability and affected products and versions whilst Bleeping Computer offers additional information following a warning issued by CISA.

Meanwhile, the ongoing war in Ukraine continues to see tactics deployed that include the integration of cyber-attacks into overall strategies. The scope and nature of these attacks are also becoming more complex as they seemingly become more intrinsic in the landscape of modern warfare.

The Hill dissects current methods being deployed along with the potentially significant impact a well-timed and placed cyber-attack can have.

On a more โ€˜Zenโ€™ note, June 21st was World Yoga Day, which aimed to raise awareness of the numerous benefits of yoga. The date is the longest day in the northern hemisphere and shortest in the southern hemisphere โ€“ the summer and the winter solstices โ€“ which have significance in yoga.

Some benefits of yoga include balancing the hemispheres of our brains and learning ways to help improve memory, intellect, coordination, and mental health. There are several ways that you can help you boost your brain health with a few yoga-based exercises.


Snake Keylogger identified as top malware circulating in Australia
Date: 2022-06-20
Author: Cyber Security Connect

Check Point Research (CPR) has reported that the Snake Keylogger malware has claimed first place in Australia and eighth place globally after a long absence from the Global Threat Index.
Snake Keylogger records users’ keystrokes and transmit collected data to threat actors. It is usually spread through emails that include docx or xlsx attachments with malicious macros, but CPR researchers have also noticed that Snake Keylogger has also been spreading via PDF files. The CPR data has revealed Snake Keylogger is the leading malware family impacting Australian organisations, accounting for 2.48 per cent of Australian cyber incidents.

Google Chrome extensions can be fingerprinted to track you online
Date: 2022-06-19
Author: Bleeping Computer

A researcher has created a website that uses your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online.
To track users on the web, it is possible to create fingerprints, or tracking hashes, based on various characteristics of a device connecting to a website. These characteristics include GPU performance, installed Windows applications, a device’s screen resolution, hardware configuration, and even the installed fonts.
It is then possible to track a device across sites using the same fingerprinting method.

China-linked APT hacking group targeting Australia and South-East Asia
Date: 2022-06-22
Author: Cyber Security Connect

SentinelLabs reports that it has newly discovered a China-linked APT named โ€œAoqin Dragonโ€ that has been spying on organisations in Australia and South-East Asia for over a decade.
The SentinelLabs researchers have revealed that this new advanced persistent threat (APT) group linked to China had been discovered “only after conducting cyber espionage campaigns under the radar since 2013”.
Dubbed “Aoqin Dragon”, the Chinese hackers lure victims with malicious documents, according to SentinelLabs data, which appear to be salacious ads for pornography sites.

Massive Cloudflare outage caused by network configuration error
Date: 2022-06-21
Author: Bleeping Computer

Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience.
“Today, June 21, 2022, Cloudflare suffered an outage that affected traffic in 19 of our data centers,” Cloudflare said after investigating the incident.
“Unfortunately, these 19 locations handle a significant proportion of our global traffic. This outage was caused by a change that was part of a long-running project to increase resilience in our busiest locations.”
According to user reports, the full list of affected websites and services includes, but it’s not limited to, Amazon, Twitch, Amazon Web Services, Steam, Coinbase, Telegram, Discord, DoorDash, Gitlab, and more.

Capital One Attacker Exploited Misconfigured AWS Databases
Date: 2022-06-21
Author: Dark Reading

The 36-year-old Seattle tech worker behind the infamous 2019 Capital One data breach has been convicted on seven charges related to the data theft โ€” which are punishable by up to 20 years in jail.
In the incident, Paige Thompson, who operated under the hacker handle “erratic,” made off with more than 100 million credit applications that were held in a misconfigured Amazon Web Services storage bucket in the cloud. She was arrested shortly thereafter, after the banking giant traced the malicious activity back to her and alerted the FBI.

There are 24.6 billion pairs of credentials for sale on dark web
Date: 2022-06-20
Author: The Register

More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.
Data recorded from last year reflected a 64 percent increase over 2020’s total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said.

From text messages to fraudulent ads, how scammers are draining bank accounts
Date: 2022-06-21
Author: ABC News

There have been more than 35,000 reported attempts to gain the personal information of Australians since January.
The Australian Cybersecurity Centre reported cybercrime cost the economy an estimated $33 billion in 2021.
National identity and cyber-support service IDCARE has never been busier, according to its managing director, Mr Lacy.
“I don’t think there are many crimes that you can say penetrate the family home almost on a daily basis,” he said.
A popular method used by scammers is what’s known as “phishing”, where things like an email imitating a bank or telco are used to encourage people to share their personal information.
“Smishing” is a similar method, involving text messages.
“So smishing is via SMS and phishing more generally is via email or telephone,” Mr Lacy said.


ESB-2022.3017 – Python-Twisted: CVSS (Max): 7.5

Suse has released a security update for a denial of service vulnerability in Python-twisted which affects multiple Suse products

ESB-2022.3069 – Jenkins (core) and Jenkins Plugins: CVSS (Max): 8.8

Multiple vulnerabilities affecting Jenkins core and various plugins have been addressed by Jenkins

ESB-2022.3066 – Google Chrome: CVSS (Max): None

Google released Chrome 103.0.5060.53 that contains 14 security fixes and a number of improvements

ESB-2022.3062 – Adaptive Security Device Manager and Adaptive Security Appliance Software: CVSS (Max): 9.1

Cisco has released patches for ASA to address a vulnerability which allows an attacker to execute arbitrary code on the machine


Stay safe, stay patched and have a good weekend!

The AUSCERT team