Cyber snippets 2021

Cyber snippets 2021
The summaries below are a snapshot of the cybersecurity news, updates, risks, and threat actor activities to improve the awareness for the sector.

If you have a vulnerability, information, article, good practice, or item of value, please feel free to share. Any feedback, suggestions or additions are appreciated (please email Nikki Peever, CAUDIT Director Cybersecurity Program - nikki.peever@caudit.edu.au)

Sections

Threat Category: Advisory

Date
Category
Summary
Notes
Link
08 July 2021
Advisory
ACSC alert: ForgeRock Open AM critical vulnerability.

08 July 2021
Advisory
ACSC alert: Cybercriminals targeting construction companies to conduct email scams

05 July 2021
Advisory
Kaseya VSA supply chain ransomware attack from NZ NCSC.

01 June 2021
Advisory
Ransomware: Your organisation should be both protected and prepared
NZ NCSC
10 May 2021
Advisory
2021-003: Ongoing campaign using Avaddon Ransomware advisory from ACSC. The advisory advises Australia and in particular Academia are being targetted.
ACSC Advisory
05 May 2021
Advisory
Apple has released updated versions to fix vulnerabilities in macOS, iOS, ipadOS, and watchOS. The updates fix significant weaknesses in the system that could allow an attacker to gain access to the device. There have been reports that these vulnerabilities are being actively exploited.
CERT NZ
29 April 2021
Advisory
The federal government will establish three ‘cyber hub’ pilots in some of Canberra’s largest IT shops to provide cyber security services to agencies with fewer resources.
Picked up from: AusCERT Daily Intelligence Report
16 April 2021
Advisory
On 13 April 2021, Microsoft released security updates to mitigate significant, newly discovered vulnerabilities in Microsoft Exchange 2013, 2016 and 2019.
These vulnerabilities could be exploited by attackers to gain persistent access to Microsoft Exchange deployments. The patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities and organisations must apply Microsoft’s 13 April 2021 updates to prevent potential compromise.
ACSC Advisory
21 April 2021
Advisory
Microsoft 365 phishing using fake voicemail messages. An email requesting people listen to a voice recording is being used to bypass Microsoft protection and compromise those using Microsoft 365 (Office 365).
Source: ert.govt.nz advisory
26 April 2021
Advisory
Vulnerability Spotlight 2: MobileIron MDM. CVE-2020-15505: a MobileIron MDM vulnerability.
NZ NCSC advisory
26 April 2021
Advisory
Since late February 2021, an increased number of ransomware attacks have affected education establishments in the UK, including schools, colleges and universities. Further targeted ransomware attacks on the UK education sector by cyber criminals are occurring.
UK NCSC
26 April 2021
Advisory
Threat Campaign Against Researchers Ongoing, CISA Warns. 
  • A spear-phishing campaign dubbed BadBlood, conducted by Charming Kitten APT, was targeted at 25 senior researchers in the fields of oncology, genetic research, and neurology. The aim of the campaign was to steal their credentials.
  • Last month, North Korean hackers set up a fake security company, SecuriElite, to lure researchers into visiting the booby-trapped website.
CISA advisory
27 April 2021
Advisory
The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.
CISA advisory
27 April 2021
Advisory
The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—continued targeting of U.S and foreign entities.
CISA advisory

Threat Category: System and cloud (including patches)

Date
Category
Summary
Notes
Link
10 December 2021
System and cloud (including patches)
Mozilla this week released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities, including several bugs rated high severity.

10 December 2021
System and cloud (including patches)
SONICWALL PATCHES MULTIPLE SMA100 AFFECTED VULNERABILITIES.

9 December 2021
System and cloud (including patches)
Is your web browser vulnerable to data theft? XS-Leak explained

9 December 2021
System and cloud (including patches)
Nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that's of interest to their governments. 

9 December 2021
System and cloud (including patches)
Cybersecurity researchers at Palo Alto Networks set up a honeypot comprised of 320 nodes around the world, made up of multiple misconfigured instances of common cloud services, including remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB) and Postgres databases. 

8 December 2021
System and cloud (including patches)
Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.

8 December 2021
System and cloud (including patches)
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.

8 December 2021
System and cloud (including patches)
Google’s Threat Analysis Group (TAG) has disrupted the blockchain-enabled botnet known as Glupteba, which is made up of around 1 million compromised Windows and internet of things (IoT) devices.

8 December 2021
System and cloud (including patches)
Google on Monday announced the rollout of a new security update for Chrome, to address 20 vulnerabilities in the browser, including 16 reported by external researchers.

8 December 2021
System and cloud (including patches)
A drive-by remote code execution (RCE) vulnerability in Windows 10 that can be triggered simply by clicking a malicious URL could allow attackers full access to a victim’s files and data.

8 December 2021
System and cloud (including patches)
Attackers could have modified the nameservers of any domain under Tonga’s country code top-level domain (ccTLD) due to a vulnerability in the TLD registrar’s website, security researchers have revealed. Fortunately, malicious exploitation was averted because the Tonga Network Information Center (Tonic) was “very responsive” in fixing the bug in under 24 hours after web security firm Palisade alerted them on October 8, 2021, a Palisade blog post reveals.

8 December 2021
System and cloud (including patches)
Microsoft said a group based in China named "Nickel" was using domains to attack government groups and NGOs across Latin America, the Caribbean and Europe.