25 Nov 2022

Week in review

Greetings,

Australians have recently been subjected to situations that have tested the resilience and resolve of most of us. Weather events, the lingering presence of COVID and, as seen recently, cyber-attacks, have individually and collectively, taken their toll.

The spate of security breaches, including Optus and Medibank, doesn’t only concern identity theft or money. An individual’s mental health can also be affected, with feelings of vulnerability, anger, and being violated.

IDCARE is Australia and New Zealand’s national identity and cyber support service, assisting those that have been impacted by data breaches, through effective response and mitigation. If you or someone you know might need help, it’s worth reaching out.

Digital billboards are now commonplace, going beyond Times Square in New York, and popping up in cities and suburbia alike. Recently, a billboard in Brisbane was hacked, showing pornographic images, visible to passers-by on a busy road, for three minutes.

This case demonstrates a vulnerability with the convergence of information technology (IT) systems and operational technology (OT) as part of the global digital transformation.

Integrating cloud computing, e-commerce, industrial control systems, automated manufacturing and more, the benefits of convergence between IT and OT systems are many, but so are the potential cybersecurity threats for the converged environment. A Forbes article published earlier in the year discusses potential strategies to help bridge the cybersecurity gap of ITOT Convergence.

With all this going on concurrently, evolving and stretching out for indefinite periods, it may be hard to know where to look for answers. Luckily, AUSCERT’s podcast series, Share Today, Save Tomorrow features episodes ‘ITOT Convergence’, ‘Understanding and Combatting Cyber Attacks’ and our brand new episode ‘Digital Forensics and Incident Response’, to name but a few.

So, peruse what’s on offer, there’s sure to be something for everybody!


Essential Eight Maturity Model
Date: 2022-11-24
Author: Cyber.gov.au

[ACSC has updated the Essential Eight Maturity Model]
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight.

Hackers breach energy orgs via bugs in discontinued web server
Date: 2022-11-22
Author: Bleeping Computer

Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector.
As cybersecurity company Recorded Future revealed in a report published in April, state-backed Chinese hacking groups (including one traced as RedEcho) targeted multiple Indian electrical grid operators, compromising an Indian national emergency response system and the subsidiary of a multinational logistics company.

WhatsApp data leak: 500 million user records for sale
Date: 2022-11-24
Author: Cybernews

On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers.
The dataset allegedly contains WhatsApp user data from 84 countries. Threat actor claims there are over 32 million US user records included.
Another huge chunk of phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million).
The dataset for sale also allegedly has nearly 10 million Russian and over 11 million UK citizens’ phone numbers.

NSW govt eyes law change to spur ‘good faith’ hacking
Date: 2022-11-22
Author: Innovation Aus

The New South Wales government will push for changes to Commonwealth criminal laws to prevent cybersecurity researchers being prosecuted for reporting potential bugs and vulnerabilities, including in the systems of public sector agencies, in “good faith”.
Customer Service and Digital Government minister Victor Dominello is planning to pursue the changes before he retires from politics in March 2023, to pave the way for the state’s first whole-of-government policy framework for cyber security vulnerability disclosure.

Google releases 165 YARA rules to detect Cobalt Strike attacks
Date: 2022-11-21
Author: Bleeping Computer

The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks.
Security teams will also be able to identify Cobalt Strike versions deployed in their environment using these detection signatures.

Lorenz Ransomware Alert: Risk to Healthcare, Public Sector
Date: 2022-11-24
Author: Bankinfo Security

Large healthcare and public sector organizations are continuing to get hit by attackers wielding Lorenz ransomware, cybersecurity experts warn.
“It is used to target larger organizations in what is called ‘big-game hunting,’ and publishes data publicly as part of pressuring victims in the extortion process,” according to a new security alert from the U.S. Department of Health and Human Services.
“Relatively little is known about Lorenz as compared to many other ransomware operators,” says HHS’ Health Sector Cybersecurity Coordination Center, or HC3.


ESB-2022.6094 – Git: CVSS (Max): 8.8

Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.

ESB-2022.6112 – IBM QRadar: CVSS (Max): 9.8

IBM QRadar Network Security is affected by multiple vulnerabilities.

ESB-2022.6133 – Ruby: CVSS (Max): 8.8

Ruby 2.7.7 has been released and this release includes a few security fix.

ESB-2022.6139 – nginx: CVSS (Max): 7.4

SUSE released an update that fixed the ALPACA attack that limiting the number of errors after closing a connection.


Stay safe, stay patched and have a good weekend!

The AUSCERT team