7 Oct 2022

Week in review

Greetings,

It’s Cyber Security Awareness Month in October which, given the recent breadth and severity of data leaks seen in Australia, is an opportune reminder to be mindful of current threats and vulnerabilities.

Now in its seventh year, the BDO and AUSCERT Cyber Security Survey allows organizations to benchmark their approach to cyber risk. The information provided will then provide the chance to assess and optimise organizational cyber security.

There’s also the chance to win one of two Apple Airpod Pros so be sure to complete your survey before Friday, November 18!

It was announced yesterday that a proposal by the federal government had been made to allow Australian banks temporary access to government identification details by telcos in the wake of the Optus data breach.

The move is to assist in preventing fraud, but banks would need to adhere to strict requirements to reduce the risk of further compromise of customer data.

This Monday, October 10 will see the next full moon, referred to as the Pink Moon, signifying the arrival of the first spring flowers.

Apart from the pink moon, the other October full moon names in the southern hemisphere are Egg Moon, Seed Moon, and Waking Moon whilst in the northern hemisphere, they will experience the Hunter’s Moon.

The name derives from a time when the full moon signified the time to start preparing for the coming winter by hunting animals and preserving meat. If you live north of the equator, be sure to learn how you can view one of the year’s most stunning celestial events!


Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products
Date: 2022-10-06
Author: SECURITY WEEK

Cisco announced on Wednesday that it has patched potentially serious vulnerabilities in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence.

Windows 11 22H2 breaks provisioning with 0x800700b7 errors
Date: 2022-10-06
Author: Bleeping Computer

Microsoft says the Windows 11 2022 Update is breaking provisioning, leaving Windows 11 enterprise endpoints partially configured and failing to finish installing.

Meta sues app dev for stealing over 1 million WhatsApp accounts
Date: 2022-10-06
Author: BLEEPING COMPUTER

Meta has sued several Chinese companies doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing and allegedly using “unofficial” WhatsApp Android apps to steal over one million WhatsApp accounts starting May 2022.

Sydney man charged for allegedly trying to scam Optus breach victims – Telco/ISP – iTnews
Date: 2022-10-06
Author: ITNEWS

A 19-year-old Sydney man has been charged with allegedly trying to blackmail Optus customers whose data was leaked onto the internet as proof of a data breach.

Optus ups number of Medicare cards breached – Security
Date: 2022-10-07
Author: ITNEWS

Optus has revised the number of its customers whose Medicare card numbers were exposed in a recent data breach to 43,000.

Microsoft Updates Mitigation for Exchange Server Zero-Days
Date: 2022-10-05
Author: Dark Reading

[AUSCERT Bulletin: ASB-2022.0191.2]
Microsoft today updated its mitigation measures for two recently disclosed and actively exploited zero-day vulnerabilities in its Exchange Server technology after researchers found its initial guidance could be easily bypassed.
Microsoft’s original mitigation for the two vulnerabilities — CVE-2022-41040 and CVE-2022-41082 — was to apply a blocking rule to a specific URL path using the URL Rewrite Module on IIS Server. According to the company, adding the string “.*autodiscover\.json.*\@.*Powershell.*” would help block known attack patterns against the vulnerabilities.

It’s Telstra’s Turn for a Data Breach, This Time It’s Staff That Are Affected
Date: 2022-10-04
Author: Gizmodo

The term ‘data breach’ has, in the last few weeks, worked its way into everyday conversation in Australia, thanks mostly to the failings of Optus. But now, details have emerged of another data breach affecting the Aussie telco sector – this time, it’s Telstra and it is employees that are at risk.
Brought to our attention first by The Australian, Telstra reportedly sent out a memo to staff over the weekend informing them of the data breach. It has since been confirmed by Telstra, with a spokesman telling Gizmodo Australia that the data breach affecting a third party included “limited” Telstra employee information from 2017. It is understood the third party handled Telstra’s rewards program for staff.


ESB-2022.4906 – chromium: CVSS (Max): None

Debian has released a new Chromium package version that fixes arbitrary code execution, denial of service or information disclosure.

ESB-2022.4967 – nodejs: CVSS (Max): 9.8

Debian has released an update for nodejs that address multiple vulnerabilities.

ESB-2022.5007 – LibreOffice: CVSS (Max): 8.8

Ubuntu has released a new package version that fixes several security issues in LibreOffice.

ASB-2022.0191.3 – ALERT Microsoft Exchange Server: CVSS (Max): 8.8

Microsoft has made significant updates to its advisory regarding Exchange Server Zero-Day Vulnerabilities which could lead to remote code execution.


Stay safe, stay patched and have a good weekend!

The AUSCERT team