3 Jun 2022

Week in review

Greetings,

Change is inevitable, often with mixed results. But one change that we hope will see improvements for our industry, is the appointment of the first-ever dedicated Cyber Security Minister.

During the recent federal election campaign, new Prime Minister Anthony Albanese assured Australians that his government would “..lift cyber-resilience across the whole nation”. With the appointment of Clare O’Neil as the Minister for Home Affairs and Minister for Cyber Security, it seems that Australia may just achieve the goal of better and smarter cybersecurity.

This is especially important with our industry developing at an increasingly rapid pace which can make it difficult to keep up. One term that has many scratching their heads or shrugging shoulders is IoT, also known as the Internet of Things.

As technology becomes increasingly incorporated into our daily lives, it’s important for as many of us to understand what these are and, how they both benefit society and create potential threats.

itNews provides an overview of IoT, including examples, along with key factors that are fuelling the rapid growth in the IoT network and our dependency on it.

Seasonal change has also been afoot this week and, if you live on the east coast of Australia, you will be all too aware that winter has truly arrived following the polar blast that saw temperatures plummet.

With the recent spate of extreme weather, many of us ponder our footprint on our blue and green sphere in space and how we can improve things for future generations. This Sunday, June 5, is World Environment Day with this year’s theme calling for collective, transformative global action to celebrate and protect and restore our planet. Because there is only one Earth.


No patch for actively exploited Atlassian Confluence zero-day – Security – iTnews
Date: 2022-06-03
Author: itnews.com.au

Refer to [ESB-2022-2737]
Remote code execution, with webshells written to disk.
All versions of Atlassian’s corporate Wiki system, Confluence, are affected by a serious bug under active exploitation, possibly by Chinese threat actors.
Atlassian has confirmed the critical vulnerability in Confluence Server and Data Center, and the company said there is currently no fix but it is working on a patch.
Administrators should not expose Confluence to the Internet, and disable instances of the corporate Wiki, as options to keep themselves secure.

NDIS case management system provider breached
Date: 2022-05-31
Author: iTnews

A security breach of a cloud-based client management system used by National Disability Insurance Scheme (NDIS) service providers has exposed a “large volume” of health and other sensitive data.
CTARS, a Sydney-based software and analytics provider for the disability and care sectors, this week revealed an unauthorised third-party had gained access to its systems on May 15.
Less than a week later, on May 21, the company became aware that “a sample of that data had been posted on a [dark] web form” after the third-party claimed it had “taken a large volume of data”.

New Windows Search zero-day added to Microsoft protocol nightmare
Date: 2022-06-01
Author: Bleeping Computer

A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.
The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows applications and HTML links to launch customized searches on a device.
While most Windows searches will look on the local device’s index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.

Zero-day vuln in Microsoft Office: ‘Follina’ will work even when macros are disabled
Date: 2022-05-30
Author: The Register

Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft’s ubiquitous Office software. Dubbed “Follina”, the vulnerability has been floating around for a while (cybersecurity researcher Kevin Beaumont traced it back to a report made to Microsoft on April 12) and uses Office functionality to retrieve a HTML file which in turn makes use of the Microsoft Support Diagnostic Tool (MSDT) to run some code.

Albanese unveils Minister for Cyber Security
Date: 2022-05-31
Author: Cyber Security Connect

Prime Minister Anthony Albanese has unveiled his new ministry, introducing a new portfolio to oversee cyber security.
Clare O’Neil has been announced as minister for home affairs and minister for cyber security during a press conference by Prime Minister Albanese this evening.
Minister O’Neil succeeds former Minister Karen Andrews, who also supported the implementation of much of the previous government’s cyber security policy as home affairs minister.


ASB-2022.0127 – ALERT Microsoft Office: CVSS (Max): 7.8

A new zero-day vulnerability has been identified allowing remote code execution in Microsoft Office via the ms-msdt protocol scheme

ESB-2022.2686 – Mozilla Firefox: CVSS (Max): 7.5*

Mozilla has released Firefox 101 addressing multiple vulnerabilities

ESB-2022.2712 – GitLab Community Edition and Enterprise Edition: CVSS (Max): 9.9

GitLab has released patches for several vulnerabilities including a critical account takeover vulnerability in both Community Edition and Enterprise Edition

ESB-2022.2737 – ALERT Confluence Server and Confluence Data Center: CVSS (Max): None

A remote code execution vulnerability has been identified in Confluence Server and Data Center. Atlassian is working on a patch for the impacted versions


Stay safe, stay patched and have a good weekend!

The AUSCERT team