//Week in review - 1 May 2020
AusCERT Week in Review for 1st May 2020
Greetings,
Well done Australia for staying home! We hope that everyone has some nice and creative plans lined up with the ease of Covid-19 restrictions in certain parts of our country.
This week, the most talked-about topic around town is the launch of the COVIDSafe app. As an organisation, we have been sharing a number of resources, posts and articles on this topic via our Twitter channel so members and readers can make their own judgement calls around whether or not to download this app.
For many, if not all of us, this week marks the 6th week of working from home due to the pandemic. Whilst we’re all used to the various different remote working platforms by now, it’s worth re-visiting some best practices as a reminder to ensure that everyone is keeping security front of mind. It is important to have a proper read through the safety policies of your web conferencing and sharing platform(s) of choice to make sure that you’ve maintained your privacy settings accordingly.
Last but not least, next week (4-10 May) will see us supporting the team from the Office of the Australian Information Commissioner in their Privacy Awareness Week 2020 campaign initiative to promote the importance of privacy and keeping your personal information safe. Look out for our posts on social media with the following hashtags: #PAW2020 #RebootYourPrivacy
Until next time.
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
Date: 2020-04-28
Author: Microsoft Blog
At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations.
In this blog, we share our in-depth analysis of these ransomware campaigns.
The coronavirus tracing app has been released. Here’s what it looks like and what it wants to do
Date: 2020-04-27
Author: ABC News
The Government’s coronavirus tracing app has been released, and its uptake will play a large part in helping ease restrictions.
It has been called COVIDSafe and will allow authorities to quickly notify people if they have been in contact with someone who has been infected with coronavirus.
Federal Police investigate hoax involving users of COVIDSafe coronavirus app
Date: 2020-05-28
Author: ABC News
The Australian Federal Police are investigating allegations of a hoax targeting the Government’s new coronavirus app.
The allegations concern images of an apparently fraudulent message, shared on social media, that told the recipient the COVIDSafe app had alerted the Government they are more than 20km from their home, and were required to phone the Government.
Consumers benefit as video call vendors scramble to revamp security in a COVID-19 world
Date: 2020-04-28
Author: ZDNet
As many of us grapple with the transition to working from home due to the coronavirus outbreak, video conferencing platforms suddenly experiencing a surge in user numbers are, on the whole, meeting the security challenges associated with uptake.
Houseparty, Discord, and Doxy.me, however, fail to meet basic security standards, new research suggests.
When in Doubt: Hang Up, Look Up, & Call Back
Date: 2020-05-20
Author: Krebs on Security
Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.
ESB-2020.1457 – VMware ESXi patches address Stored Cross-Site Scripting
VM user can inject script to browser of ESXi host client.
ESB-2020.1516 – Security Updates Available for Magento
Important updates for Magento users.
ASB-2020.0092 – Google Chrome for Desktop version 81.0.4044.129 released
Google releases latest Chrome version.
Stay safe, stay patched and have a good long weekend!
Regards,
AusCERT Team
