AusCERT Week in Review for 26th July 2019

AusCERT Week in Review for 26th July 2019

AusCERT Week in Review
26 July 2019

Greetings,

Concerns continue about development of exploits for the Windows RDP vulnerability (BlueKeep) which has the potential to become a self replicating worm. This week more information become available which closes the gap towards successful exploitation of this vulnerability. For more info see:

https://www.theregister.co.uk/2019/07/24/bluekeep_code_release/

If you still haven’t patched this yet note the time to successful exploitation with remote code execution is drawing ever closer!

This week also saw a warning from the ACSC about a class of scams being called “freight forwarding scams”. A number of AusCERT members have been hit by this and ACSC note some businesses have closed due to the losses. See:

https://www.cyber.gov.au/news/business-email-compromise-freight-forwarding-scam

Here are some of the week’s noteworthy security stories (in no particular order):

Australia’s Consumer Data Right to finally make its way through Parliament
Author: Asha Barbaschow
Date: 2019-07-23

Excerpt:

“The federal government this week plans to introduce legislation it
has touted as opening up competition between banks, utilities, and
telecommunications providers, as well as allowing consumers to easily
switch between providers.

The Consumer Data Right (CDR) — through the passage of the Treasury Laws
Amendment (Consumer Data Right) Bill — will allow individuals to “own”
their data by granting them open access to their banking, energy, phone,
and internet transactions, in addition to gaining the right to control
who can have it and who can use it.”

Law Council wants warrants and crime threshold for metadata retention scheme
Author: Chris Duckett
Date: 2019-07-23

Excerpt:

“The Law Council of Australia has called for the introduction of warrants
when the nation’s enforcement agencies seek to access metadata stored in
the data retention systems of Australia’s telcos.

Currently, enforcement agencies have access to two years’ worth of customers’
call records, location information, IP addresses, billing information,
and other data stored by carriers without the need for a warrant.”

BEC Scammers Trick Employees Into Giving Away Customer Info
Author: Sergiu Gatlan
Date: 2019-07-23

Excerpt:

“Business email compromise (BEC) scammers are now targeting a company’s
customers using a new indirect attack method designed to collect
information on future scam targets by asking for aging reports from
collections personnel.”

Hundreds of Australians have been fleeced over bogus tax debts
Author: Sian Johnson, et al
Date: 2019-07-24

Excerpt:

“Ms Wilson is one of hundreds of Australians taken in by dodgy phone calls
demanding payment for bogus tax debts, with a record number of more than
800 Australians fleeced of a total of $3 million in 2018 alone.”

Microsoft to Improve Office 365 Malicious Email Analysis
Author: Sergiu Gatlan
Date: 2019-07-24

Excerpt:

“Microsoft is currently in the process of developing significantly better
manual threat hunting features for the Office 365 Threat Explorer, to be
rolled out to all environments during August.”