18 Nov 2022

Week in review

Greetings,

With the increasing frequency and, in some cases severity, of recent cyber attacks in Australia, now might be the time to look back at this year’s AUSCERT2022 conference presentations.

Covering a range of topics from Incident Response and Handling to Governance, Risk Management and Compliance and of course, Cybercrime, there is a wealth of knowledge and experience from over 50 presenters available for your education and enjoyment!

As Australia’s growing digital economy requires individuals to increase the frequency and amount of personal and sensitive data to access services, greater reforms and protection for consumers are needed.

This has been made abundantly clear and reinforced by recent cyber attacks. The New South Wales government has recently launched a pilot program, part of a 2015 strategy, that will allow individuals to store their encrypted information on their own device, not held by a government agency or private entity.

In case you weren’t aware, November 18 (that’s today) is the 94th birthday of the world’s most famous mouse, Mickey!

That’s right, the perennial favourite of children and the young at heart, Mickey Mouse, has been around for almost a century. From the ground-breaking short film ‘Steamboat Willie’ (which was released on this day) to the global sensation he is today, this icon can inspire joy, elicit smiles, and spark the imagination.

Mickey’s birthday is the perfect excuse to enjoy some family fun by grabbing some snacks and watching a classic animated film!


Advanced threat predictions for 2023
Date: 2022-11-14
Author: Securelist

It is fair to say that since last year’s predictions, the world has dramatically changed. While the geopolitical landscape has durably shifted, cyberattacks remain a constant threat and show no signs of receding – quite the contrary. No matter where they are, people around the world should be prepared for cybersecurity incidents. A useful exercise in that regard is to try to foresee the future trends and significant events that might be coming in the near future.
We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. But first, let’s examine how they fared with the predictions for 2022.

Why CVE Management as a Primary Strategy Doesn’t Work
Date: 2022-11-12
Author: Dark Reading

While IT and security teams dislike CVEs because of the threat they pose and the mountain of remediation work they create for them, what troubles me is the way our modern security procedures relate to CVEs. Our mitigation strategies have become too focused on “vulnerability management” and are too CVE-centric, when what we really need is a hacker-centric approach to effectively reduce our exposure.

Unpatched Zimbra Platforms Are Probably Compromised, CISA Says
Date: 2022-11-15
Author: Dark reading

Security teams running unpatched, Internet-connected Zimbra Collaboration Suites (ZCS) should just go ahead and assume compromise, and take immediate detection and response action.
That’s according to a new alert issued by the Cybersecurity and Infrastructure Security Agency, which flagged active Zimbra exploits for CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, which are being chained with CVE-2022-37042, and CVE-2022-30333. The attacks lead to remote code execution and access to the Zimbra platform.

Australia sets up 100-strong permanent ‘operation’ to target hackers
Date: 2022-11-12
Author: iTnews

Australia will set up a permanent operation comprising around 100 police and defence personnel to “hack the hackers”, with an immediate priority to target ransomware groups.

Updated RapperBot malware targets game servers in DDoS attacks
Date: 2022-11-16
Author: Bleeping Computer

The Mirai-based botnet ‘RapperBot’ has re-emerged via a new campaign that infects IoT devices for DDoS (Distributed Denial of Service) attacks against game servers.
The malware was discovered by Fortinet researchers last August when it used SSH brute-forcing to spread on Linux servers.
By tracing its activities, the researchers found that RapperBot has been operational since May 2021, but its exact goals were hard to decipher.
The recent variant uses a Telnet self-propagation mechanism instead, which is closer to the approach of the original Mirai malware.

MFA Fatigue attacks are putting your organization at risk
Date: 2022-11-15
Author: Bleeping Computer

The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA fatigue attacks—a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.
MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.

Misconfigurations, Vulnerabilities Found in 95% of Applications
Date: 2022-11-16
Author: Dark Reading

Nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability, a new study shows.
Weak SSL and TLS configuration, missing Content Security Policy (CSP) header, and information leakage through server banners topped the list of software issues with security implications, according to findings in software and hardware tools conglomerate Synopsys’ new Software Vulnerabilities Snapshot 2022 report published today. While many of the misconfigurations and vulnerabilities are considered to be of medium severity or less, at least 25% are rated highly or critically severe.


ESB-2022.5996 – F5 Products: CVSS (Max): 8.8

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP (CVE-2022-41622)

ESB-2022.5982 – Firefox: CVSS (Max): 9.8*

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, cross-site tracing or execute arbitrary code

ESB-2022.5843 – Intel DCM: CVSS (Max): 8.8

A potential security vulnerability in the Intel Data Center Manager (DCM) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability

ESB-2022.6008 – asterisk: CVSS (Max): 9.8

Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.


Stay safe, stay patched and have a good weekend!

The AUSCERT team