23 Sep 2022

Week in review

Greetings,

The cyber attack on Optus on Thursday (September 22) is said to impact current and former customers with information including names, birth dates, email addresses and phone numbers said to have been disclosed.

It remains unknown how many of the 9.7 million Optus customers have been compromised with Scamwatch issuing an alert, warning customers to be vigilant to mitigate any potential harm.

An unknown time factor is associated with the attack as data can be retained indefinitely. Of particular focus is individuals’ financial accounts with suggestions on what to do to help protect your personal information provided by the ACCC division.

What may be causing others in the community a bit of undue stress is the school holidays that are underway or just getting started.

With the addition of a public holiday, potentially utilised to create a long weekend, along with some less-than-ideal weather, you may be looking for something to fill your time or, distract from the kids playing or warring with one another.

If so, AUSCERT has something to help. In fact, we have two ‘somethings’ for you to choose from!

Our YouTube channel has over 50 videos from this year’s conference that cover a diverse range of topics that will inform, inspire and illicit reactions of varying scope.

The other option available to you is fifteen episodes of our podcast, Share Today, Save Tomorrow. You can select from several subjects that provide insights and understanding as well as an understanding of potential challenges.


EZVIZ video cameras can be accessed remotely – Security
Date: 2022-09-19
Author: IT News

Full device takeover possible.
Researchers at security vendor Bitdefender have found a series of serious vulnerabilities which could be used to remotely control EZVIZ networked cameras without authentication, in order to download and decrypt images.
Bitdefender was able to create an attack chain of four different bugs to take over the EZVIZ cameras, exploiting a stack buffer overflow, and vulnerable application programming interface endpoints.

Google, Microsoft can get your passwords via web browser’s spellcheck
Date: 2022-09-17
Author: Bleeping Computer

Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.
While this may be a known and intended feature of these web browsers, it does raise concerns about what happens to the data after transmission and how safe the practice might be, particularly when it comes to password fields.

Australian business owners urged to shorten web addresses to avoid cybercrime attack
Date: 2022-09-17
Author: ABC news

Business owners across Australia are being told to update their domain names or risk being targeted by cybercriminals.
New rules are being introduced to allow Australian businesses, organisations and individuals to shorten their web address to a simpler .au domain name instead of .com.au, .net.au, .or .org.au.
For example, www.abc.net.au could become www.abc.au, or www.books.com.au could be shortened to www.books.au.

Microsoft 365 phishing attacks impersonate U.S. govt agencies
Date: 2022-09-19
Author: Bleeping Computer

An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents.
The lure in these phishing emails is a request for bids for lucrative government projects, taking them to phishing pages that are clones of legitimate federal agency portals.
This is the same operation that INKY reported about in January 2022, with the threat actors using attached PDFs with instructions on going through the bidding process for the U.S. Department of Labor projects.


ESB-2022.4669 – Nessus Network Monitor: CVSS (Max): 9.8

Tenable has released Nessus Network Monitor 6.1.0 to fix multiple third-party vulnerabilities in Nessus Network Monitor.

ESB-2022.4662 – Hitachi Energy AFF660/665 Series: CVSS (Max): 9.8

A vulnerability in Hitachi Energy AFF660/665, an industrial firewall could overflow a buffer on the device and fully compromise it. Hitachi Energy recommends its users to follow the security practices and firewall configurations to help protect from outside attacks.

ESB-2022.4601 – OpenShift Virtualization: CVSS (Max): 9.8

Red Hat has released an update to OpenShift Virtualization which fixes several bugs and add enhancements.

ESB-2022.4611 – Google Chrome: CVSS (Max): None

Google has updated its stable channel to 105.0.5195.125 for Mac and Linux. This update includes 11 security fixes.

ESB-2022.4655 – SUSE Manager Server: CVSS (Max): 9.8

A security update that solves four vulnerabilities in SUSE manager server has been released.

ESB-2022.4634 – connman: CVSS (Max): 9.8

Debian recommends that Connman, a network manager for embedded devices be updated to the latest version to fix a few vulnerabilities, which if exploited could result in denial of service or the execution of arbitrary code.


Stay safe, stay patched and have a good weekend!

The AUSCERT team