14 Oct 2022

Week in review

Greetings,

As Marie Antoinette is said to have proclaimed, “Let them eat cake!”, for today, October 14 is National Dessert Day.

Given the need to celebrate such an auspicious occasion, it’s official that today is the day when calories don’t count. As such, we implore everyone to consider their preferred sugary, tasty treat to indulge in and if you’re stuck for ideas, the following site may be able to assist. Simply click HERE.

The Optus saga moves forward with ongoing commentary made about the situation which only increases as more details and issues arise, seemingly every day.

A recent article in the Financial Review posits that “Companies and individuals don’t rise to the occasion. They fall to their level of preparedness.”

The comment comes as banks, such as the CBA, experience an increase in the number of calls received each day from concerned customers about their financial security. The article also states that whilst risks can never be completely removed, those responsible should be aware of the risks and plan for how to respond should an incident occur.

We’d like to remind those that wish to share their thoughts, experience, and insights into the dynamic and ever-changing landscape of cyber security that the annual BDO and AUSCERT Cyber Security Survey is now open!

The annual BDO and AUSCERT cyber security survey identifies the current cyber security trends, issues and threats facing organisations across Australia and New Zealand.


Zimbra remote code execution vulnerability actively exploited in the wild
Date: 2022-10-10
Author: The Daily Swig

[AUSCERT has been in touch with the affected members]
A zero-day remote code execution (RCE) vulnerability in Zimbra is being actively exploited in the wild.
The bug was assigned the tracker CVE-2022-41352 in late September. Issued a CVSS severity score of 9.8, the critical issue can be exploited to plant a shell in the software’s root directly, achieving RCE and enabling attackers to wreak havoc on a vulnerable system.
Zimbra, once known as the Zimbra Collaboration Suite (ZCS), is an open source email suite. The software is relied upon by millions of users and is designed for managing enterprise and SMB email and collaboration tools.

Fortinet says critical auth bypass bug is exploited in attacks
Date: 2022-10-10
Author: Bleeping Computer

[See also ASB-2022.0192.2]
Fortinet has confirmed today that a critical authentication bypass security vulnerability patched last week is being exploited in the wild.
The security flaw (CVE-2022-40684) is an auth bypass on the administrative interface that enables remote threat actors to log into FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances.
“An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,” Fortinet said in an advisory issued today.

Medibank takes systems offline after ‘cyber incident’
Date: 2022-10-13
Author: iTnews

[See also ASB-2022.0199 ]
Investigates extent of unauthorised access.
Medibank has taken two customer-facing systems offline “to reduce the likelihood of damage to systems or data loss” stemming from a cyber security incident.
The insurer said that policy management systems covering its ahm brand as well as international students are now offline, and would remain that way “for most of the day”.
It did not detail what had exactly occurred, aside from the detection of “unusual activity on its network.”

Optus data breach response ‘cracking’ as cyber support charity fields 15,000 queries and counting
Date: None
Author: ABC News

A national identity and cyber support charity say they are enduring the “toughest” period in the organisation’s history following the Optus data breach.
IDCARE fielded a months’ worth of calls in just three days following the incident, and in the past three weeks has dealt with more than 15,000 interactions with no signs of slowing down.

Darkweb market BidenCash gives away 1.2 million credit cards for free
Date: 2022-10-09
Author: Bleeping Computer

[AUSCERT has been in touch with the affected members]
A dark web carding market named ‘BidenCash’ has released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud.
Carding is the trafficking and use of credit cards stolen through point-of-sale malware, magecart attacks on websites, or information-stealing malware.
BidenCash is a stolen cards marketplace launched in June 2022, leaking a few thousand cards as a promotional move.

Indicators of Behavior and the Diminishing Value of IOCs
Date: 2022-10-12
Author: Cyber reason

How secure is your organization if you can only stop attacks that have already been detected in other environments based on Indicators of Compromise (IOCs)? Secure enough, if those were the only attacks you needed to be concerned with.
But what about targeted attacks with bespoke tactics, techniques, and procedures (TTPs) that have never been documented because they were designed only to be used against your organization?
In today’s threat landscape that’s what’s happening: zero-day exploits, never-before-seen malware strains, and advanced techniques developed specifically for high-value targets are plaguing security teams.


ASB-2022.0199 – Medibank Cyber Security Incident

AUSCERT shares information on a security incident targeting Medibank. AUSCERT will continue to share further information as they become available.

ASB-2022.0192.2 – UPDATED ALERT FortiOS,FortiProxy and FortiSwitchManager: CVSS (Max): 9.6

Fortinet reported a critical vulnerability in 3 of its products which may allow an unauthenticated attacker to perform operations on the compromised devices. Fortinet released important mitigation information as well as security updates.

ESB-2022.5034 – wordpress: CVSS (Max): 9.8

Several security vulnerabilities were discovered in WordPress for which a security patch has been released.

ASB-2022.0195 – ALERT Azure: CVSS (Max): 10.0

Microsoft’s monthly security patch update for October included an update to resolves 3 vulnerabilities in Azure.

ASB-2022.0193 – ALERT Windows and Windows Server: CVSS (Max): 8.8

Microsoft’s most recent patch update fixes 68 vulnerabilities in Windows and Widows Server.

ESB-2022.5091 – Google Chrome: CVSS (Max): None

Google announced updates to the Google Chrome Stable channel and Extended stable channel.


Stay safe, stay patched and have a good weekend!

The AUSCERT team