Cyber snippets

Cyber snippets
The summaries below are a snapshot of the cybersecurity news, updates, risks and threat actor activities to improve the awareness for the sector.

If you have a vulnerability, information, article, good practice or item of value, please feel free to share. Any feedback, suggestions or additions please email Greg Sawyer, CAUDIT Director Cybersecurity Program.

Cyber snippets will come back in 2022. Any feedback or suggestions are appreciated.

Email: greg.sawyer@caudit.edu.au

Sections

  1. Older cyber snippets

Latest cyber snippets

Date
Category
Summary
Notes
Link/ source
10 December 2021
System and cloud (including patches)
Mozilla this week released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities, including several bugs rated high severity.

10 December 2021
Phishing/ Malware/ Ransomware
Queensland government-owned energy generator CS Energy provided an update on Wednesday that those behind its November ransomware incident was unlikely to be a state-based actor.

10 December 2021
Nation State
The Tor anonymity service and anticensorship tool has come under fire from two threats in recent weeks: The Russian government has blocked most Tor nodes in that country, and hundreds of malicious servers have been relaying traffic.

10 December 2021
Phishing/ Malware/ Ransomware
A lack of communication between Michigan State University’s physics and astronomy department and the school’s central IT operation contributed to a 2020 ransomware attack that cost the university more than $1 million to recover from.

10 December 2021
Phishing/ Malware/ Ransomware
A malicious actor is attempting to steal credentials from people at U.S. universities using phishing emails that invoke a newly identified strain of the virus that causes COVID-19.

10 December 2021
System and cloud (including patches)
SONICWALL PATCHES MULTIPLE SMA100 AFFECTED VULNERABILITIES.

09 December 2021
System and cloud (including patches)
Is your web browser vulnerable to data theft? XS-Leak explained

09 December 2021
Phishing/ Malware/ Ransomware
The notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent.

09 December 2021
Fraud/ crime
Australian Federal Police say cryptocurrency scams have "exploded" during the pandemic, with new figures from the Australian consumer watchdog showing a 172 per cent increase in losses between January and November this year, totalling $109 million. 

09 December 2021
Nation State
Federal court documents unsealed Monday show that Microsoft won the right to dismantle 51 domains used by APT15 for espionage campaigns observed targeting government agencies, think tanks and human rights organizations in 29 countries, including the United States.

09 December 2021
Cyber good practice, articles, guides and updates
Two years into the pandemic and the challenges around remote working are taking their toll. We're making bad tech security decisions as a result.

09 December 2021
System and cloud (including patches)
Nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that's of interest to their governments. 

09 December 2021
System and cloud (including patches)
Cybersecurity researchers at Palo Alto Networks set up a honeypot comprised of 320 nodes around the world, made up of multiple misconfigured instances of common cloud services, including remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB) and Postgres databases. 

08 December 2021
System and cloud (including patches)
Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.

08 December 2021
System and cloud (including patches)
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.

08 December 2021
Phishing/ Malware/ Ransomware
An unknown assailant planted NSO Group’s Pegasus spyware on the iPhones of at least nine U.S. State Department employees, according to four of Reuters’ sources who are familiar with the matter.

08 December 2021
System and cloud (including patches)
Google’s Threat Analysis Group (TAG) has disrupted the blockchain-enabled botnet known as Glupteba, which is made up of around 1 million compromised Windows and internet of things (IoT) devices.

08 December 2021
System and cloud (including patches)
Google on Monday announced the rollout of a new security update for Chrome, to address 20 vulnerabilities in the browser, including 16 reported by external researchers.

08 December 2021
System and cloud (including patches)
A drive-by remote code execution (RCE) vulnerability in Windows 10 that can be triggered simply by clicking a malicious URL could allow attackers full access to a victim’s files and data.

08 December 2021
System and cloud (including patches)
Attackers could have modified the nameservers of any domain under Tonga’s country code top-level domain (ccTLD) due to a vulnerability in the TLD registrar’s website, security researchers have revealed. Fortunately, malicious exploitation was averted because the Tonga Network Information Center (Tonic) was “very responsive” in fixing the bug in under 24 hours after web security firm Palisade alerted them on October 8, 2021, a Palisade blog post reveals.

08 December 2021
System and cloud (including patches)
Microsoft said a group based in China named "Nickel" was using domains to attack government groups and NGOs across Latin America, the Caribbean and Europe.

07 December 2021
Phishing/ Malware/ Ransomware
Who Is the Network Access Broker ‘Babam’?

07 December 2021
Cyber good practice, articles, guides and updates
Putting zero trust IT security to work in a post-pandemic world.

07 December 2021
Cyber good practice, articles, guides and updates
Under proposed reforms, Home Affairs will look to revamp various concepts regarding when law enforcement agencies will be able to access data to prevent serious crimes and security threats.

07 December 2021
Phishing/ Malware/ Ransomware
Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users.

07 December 2021
Cyber good practice, articles, guides and updates
Shut everything down! That’s the unequivocal advice Wellington cybersecurity expert Bruce Armstrong has for people who find themselves suddenly frozen out of their computer at work.