Cyber snippets

Cyber snippets
The summaries below are a snapshot of the cybersecurity news, updates, risks and threat actor activities to improve the awareness for the sector.

Sections

  1. Older cyber snippets

Latest cyber snippets

Date
Category
Summary
Notes
Link/ source
11 May 2021
System and cloud (including patches)
The US and UK governments have released new information on the current tactics of Russian cyber-spies, including 11 vulnerabilities dating back to 2018 that are being used for initial access.

11 May 2021
System and cloud (including patches)
Google has released a new open-source tool called cosign to make it easier to manage the process of signing and verifying container images.

11 May 2021
Legislation/ Standards
The NSW government will set up a new ministerial advisory council to inform digital identity policy as it looks to drive greater consistency across the state's identity products and services.

11 May 2021
Phishing/ Malware
Tulsa, Oklahoma and Rensselaer Polytechnic Institute disclose ransomware incidents.  Rensselaer Polytechnic Institute is dealing with a malware attack that resulted in the shutdown of much of its computer network right as the university’s students were preparing to go into final examinations for the spring semester.

10 May 2021
Nation State
In 2019, a Chinese security researcher working with the internet security and antivirus company Qihoo 360 unveiled an intricately woven exploit: One that would allegedly let a remote attacker easily jailbreak an iPhone X iOS 12.1.  The researcher, Qixun Zhao, dubbed the exploit Chaos, for good reason. U.S. has amassed details of how the Chaos exploit was used by the Chinese to hack China’s Uyghur Muslims

10 May 2021
System and cloud (including patches)
A misconfigured database has exposed what appears to be a major coordinated scheme by Amazon vendors to procure fake reviews for their products. The 7GB trove contained over 13 million records including the email addresses and WhatsApp/Telegram phone numbers of vendor contacts, plus email addresses, surnames, PayPal account details and Amazon account profiles of reviewers.

10 May 2021
System and cloud (including patches)
VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. Positive Technologies is one of the several Russian tech firms sanctioned in April by the U.S. for allegedly supporting Kremlin intelligence agencies. 

10 May 2021
Nation State
U.S. and U.K. cyber, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds attacks.

10 May 2021
Nation State
Recorded Future’s Insikt Group has discovered six procurement documents from official People’s Liberation Army (PLA) military websites and other sources that show the Strategic Support Force (SSF) branch of the PLA, specifically Unit 61419, has sought to purchase antivirus software from several major American, European, and Russian security companies. The PLA’s Unit 61419 sought to purchase English-language versions of the security software. 

10 May 2021
Legislation/ standards
The NSW government has published an exposure draft of its long-awaited bill for mandatory data breach notifications, specifying reporting thresholds ahead of the planned introduction of the scheme.

10 May 2021
Advisory
2021-003: Ongoing campaign using Avaddon Ransomware advisory from ACSC. The advisory advises Australia and in particular Academia are being targetted.
ACSC Advisory
07 May 2021
System and cloud (including patches)
Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers.

07 May 2021
Phishing/ Malware
A new Windows malware has been discovered that uses Internet Control Message Protocol (ICMP) for its C2 activities. The malware, named Pingback, targets Microsoft Windows 64-bit systems. In addition, it uses the DLL hijacking technique to establish persistence on the infected system.

07 May 2021
System and cloud (including patches)
Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution (RCE) on corporate networks or steal information.

07 May 2021
System and cloud (including patches)
The US Department of Defense (DoD) has expanded its security vulnerability disclosure program (VDP) beyond its public-facing websites and web applications to encompass all publicly accessible information systems.

07 May 2021
System and cloud (including patches)
Two vulnerabilities discovered in Microsoft Azure Functions have been disclosed, although severity of one of the flaws was mitigated by a separate implementation bug. The security flaws were found in Azure Functions, an on-demand cloud service designed for managing applications and message queues, responding to database changes, and building web-based APIs.

07 May 2021
System and cloud (including patches)
A vulnerability in Qualcomm’s Mobile Station Modem (MSM) chip– installed in around 30% of the world’s mobile devices – can be exploited from within Android.

07 May 2021
Phishing/ Malware
Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software. 

07 May 2021
System and cloud (including patches)
Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts. The company also issued security updates to address high and medium severity vulnerabilities in multiple other software products that allow attackers to execute arbitrary code remotely, escalate privileges, trigger denial of service conditions, and more on unpatched servers.
Picked up from: AusCERT Daily Intelligence Report
07 May 2021
System and cloud (including patches)
VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers.
Picked up from: AusCERT Daily Intelligence Report
07 May 2021
Phishing/ Malware
Hackers claiming responsibility for an attack on health and community care provider UnitingCare Queensland have been revealed as one of the most notorious cyber ransom gangs in the world.
Picked up from: AusCERT Daily Intelligence Report
07 May 2021
System and cloud (including patches)
Peloton’s leaky API let anyone grab riders’ private account data. But the company won't say if it has evidence of malicious exploitation.
Picked up from: AusCERT Daily Intelligence Report
07 May 2021
Cyber good practice, articles, guides and updates
The recent hack of network management company SolarWinds, which enabled bad actors to compromise a range of US government agencies and major corporations, has revealed a troubling truth: Business and government expose each other to significant cyber-risks because they are interconnected and rely on the same network of software vendors. That’s why the strategic response must involve more intense collaboration. Simply put, the threat of cyberattacks is too big a job for either government or business to tackle alone.
Picked up from: AusCERT Daily Intelligence Report
weforum.org/agenda/2021/05/cybersecurity-governments-business/
06 May 2021
System and cloud (including patches)
A veritable cornucopia of security vulnerabilities in the Exim mail server have been uncovered, some of which could be chained together for unauthenticated remote code execution (RCE), gaining root privileges and worm-style lateral movement, according to researchers.

06 May 2021
System and cloud (including patches)
An SQL-injection vulnerability discovered in a WordPress plugin called “Spam protection, AntiSpam, FireWall by CleanTalk” could expose user emails, passwords, credit-card data and other sensitive information to an unauthenticated attacker.

06 May 2021
Cyber good practice, articles, guides and updates
Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents. Over half of organizations have suffered a security incident due to misconfiguration or a known vulnerability in their cloud native applications, according to new research.

06 May 2021
Cyber good practice, articles, guides and updates
Organizations’ digital transformation projects are being held back through lack of collaboration between security and networking teams, according to a new study by Netskope. The survey of IT professionals in the UK, France, and Germany, undertaken by Censuswide on behalf of the cloud security firm, revealed that two key components of IT teams—networking and security—often have a poor working relationship. Despite nearly half (45%) of security and networking teams operating within the same group and reporting to a common boss, 43% of those surveyed stated that "the security and networking teams don’t really work together much."

06 May 2021
Phishing/ Malware
Panda Stealer uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by Morphisec. The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States.

06 May 2021
Cyber good practice, articles, guides and updates
Engineers at Google, Mozilla, and security firm Cure53 have come together to develop an application programming interface (API) that provides a systematic solution to HTML sanitization. The API, which will be integrated into future versions of Mozilla Firefox and Google Chrome browsers, will enable web developers to sanitize HTML input strings and prevent cross-site scripting (XSS) attacks without the need for third-party libraries.

06 May 2021
Phishing/ Malware
The NSW branch of the Labor Party appears to have suffered a Windows ransomware attack, with the Avaddon strain having been used to attack the party's network.

05 May 2021
System and cloud (including patches)
pple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.
Apple has issued out-of-band patches for critical security issues affecting iPad, iPhone and iPod, which could allow remote code execution (RCE) and other attacks, completely compromising users’ systems. And, the computing giant thinks all of them may have already been exploited in the wild. 

05 May 2021
System and cloud (including patches)
Pulse Secure has rushed a fix for a critical zero-day security vulnerability in its Connect Secure VPN devices, which has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe.

05 May 2021
Phishing/ Malware
Global Phishing Attacks Spawn Three New Malware Strains. The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.

05 May 2021
System and cloud (including patches)
Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs. The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.