SECURITY REPORT
AUGUST 2020
Recent Vulnerabilities and Patches
Our Monthly Security Report is a roundup of all the essential cyber news you need from Australia and beyond.
| CVE | Brand | Description | CVSS Score V3.1 |
| CVE-2020-14606 | Oracle | Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. While the vulnerability is in Oracle SD-WAN Edge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. | 10 |
| CVE-2020-1350 | Microsoft | A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka ‘Windows DNS Server Remote Code Execution Vulnerability’. | 10 |
| CVE-2020-3374 | Cisco | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system. | 9.9 |
| CVE-2020-3382 | Cisco | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | 9.8 |
| CVE-2020-9480 | Apache | In Apache Spark 2.4.5 and earlier, a standalone resource manager’s master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application’s resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. | 9.8 |
Headlines from Australia & NZ
2020 Cyber Strategy
The launch of the new 2020 Cyber Strategy provides a framework for Government, industry and the broader community to work together in addressing Australia’s cyber challenges.
According to Alastair MacGibbon, Chief Strategy Officer at CyberCX:
“Three elements of the strategy are particularly significant to the private sector: increased regulation, new critical infrastructure obligations and a scaled approach to protecting smaller businesses and families.”
“Industry and government will co-design new legislation introducing economy-wide cyber security responsibilities, so in the same way as workplace health and safety is now fully accepted as a board responsibility, soon boards and executives will likely be held accountable for cyber security risk management … A security baseline will drive innovation, stability and profitability.”
Source : www.afr.com/technology/
New Cyber Research Centre
RMIT University launched a new cyber security research centre that will focus on helping industry address rapidly evolving security threats in Australia and globally.
Source : www.itnews.com.au
Stop Phishing
The CSIRO’s digital arm, Data61, has come up with a new way to automatically identify phishing attempts that is more effective than current techniques.
Source : www.itnews.com.au
Consumer Data Rights
Westpac, CBA and NAB want to see a centrally-coordinated security operation set up to protect consumers and industry participants from attacks and exploits of Consumer Data Right functions.
Source : www.itnews.com.au
New Cloud Security Guidelines
The Australian Cyber Security Centre (ACSC) has released new guidance to help Government agencies assess the risk posed by cloud services as part of the move away from a centrally-controlled security model to one of self-assessment.
Source : www.itnews.com.au
Cyber Resilience
In response to two devastating ransomware attacks, Toll Group has developed a year-long cyber resilience program to prevent further breaches.
Source : www.itnews.com.au
Pandemic Boosts Trust in Data Security
Australians have become more trusting of organisations and governments to handle their personal data and privacy during the COVID-19 pandemic, according to new research by the Australian National University.
Source : www.itnews.com.au
New European Data Rules Impact Australia
A big year for privacy just got bigger. On July 16, Europe’s top court ruled on the legality of two mechanisms for cross-border transfers of personal data which could have significant implications for many Australian organisations.
Source : www.innovationaus.com
BlackBerry Phone Cracked
An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of Australia’s longest-running drug importation investigations.
Source : www.schneier.com
Multi-Factor Authentication
The University of Queensland has introduced Multi-Factor Authentication (MFA) as part of it’s drive towards adopting a Zero-Trust security model. The move is designed to secure data whilst enabling staff and students to access its network from anywhere in the world.
Source : www.itnews.com.au
University Online Exam Tool Breached
ProctorU, an online exam monitoring tool, was one of 18 companies that saw the data of 444,000 users compromised. The tool is used by many Australian universities including the Universities of Sydney, Melbourne, Adelaide, Queensland and WA, was breached. The data included usernames, unencrypted passwords, legal names and full residential addresses.
Source : www.itnews.com.au
Data Sovereignty
The Government released draft legislation for proposed changes to Australia’s foreign investment regime. The changes would force telcos and data centres that store information with a security classification to seek approval before any prospective foreign investment. The goal is to strengthen controls around data sovereignty.
Source : www.itnews.com.au
New Zealand Defence Website Down
The New Zealand Defence Force websites were out of action for a whole week due to a hardware failure that affected storage. The Navy, Army and Air Force websites were all impacted.
Source : www.itnews.com.au
Highest Recorded Monthly Data Breaches
The Office of the Australian Information Commissioner (OAIC) released its eighth notifiable data breaches report, showing a sharp increase in the number of data breaches caused by ransomware attacks and the highest ever number of monthly notifications recorded over the past six months.
Source : www.itnews.com.au
The World of Cyber
Windows DNS Servers Vulnerable to 17-Year-Old Worm
A critical 17-year-old vulnerability, known as SigRed, has been uncovered in all Windows DNS servers, with administrators being urged to apply a workaround or patch from Microsoft as soon as possible.
Source : www.itnews.com.au
Twitter Hacked
A growing number of high-profile verified Twitter accounts were after Twitter staff were tricked using a coordinated social engineering campaign.
Source : www.itnews.com.au
Google Bolsters G-Suite Security
Users of Google’s office productivity and collaboration G-Suite tools will get a new set of security features to prevent phishing and meeting bombing, and to make device management easier.
Source : www.itnews.com.au
Insecure Zoom Passwords
The automatically generated passwords protecting private Zoom meetings could be cracked with relative ease, allowing access to sensitive conferences.
Source : www.itnews.com.au
Cisco Patches Serious Vulnerabilities
Cisco informed customers that it has patched critical and high-severity vulnerabilities in its Data Center Network Manager (DCNM) platform. The vulnerabilities allow a remote, unauthenticated attacker to bypass authentication and perform actions with admin privileges on the targeted device.
Source : www.securityweek.com
Industrial VPN Flaws Threaten Critical Infrastructure
Critical vulnerabilities have been discovered in industrial VPN technology used to allow remote access to Operational Technology (OT) networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems (ICS)
Source : thehackernews.com
This Information Security Report is brought to you by Shearwater Solutions.
The Information Security Report is a monthly summary, compiled by Shearwater’s experienced cybersecurity professionals, to highlight the vulnerabilities and new attack vectors in some of the latest active threats, exploits and breaches and share recommendations to help you protect your data and stay a step ahead.
Whatever your Information Security challenge, we’re here to help you find the right solution.
