Australian Government Plans to Respond to Cyberattacks on Critical Infrastructure; Apache Struts Vulnerabilities; Credential Stuffing

Australia's Cybersecurity Strategy 2020 will require operators of critical infrastructure to report cyber incidents to ASD in real time and potentially allow ASD into their networks to monitor and defend the networks against cyberattacks. Directors will be help legally responsible for ensuring a certain level of cybersecurity. The plan expands the critical infrastructure designation to include universities, the financial sector, the health sector, and food and grocery sector. The government has released a Consultation Paper regarding these issues.

Read more in

Vulnerabilities detected in Apache Struts can be exploited to execute remote code and to create denial-of-service conditions. The issues affect Apache Struts versions 2.0.0 through 2.5.20. Users are urged to upgrade to Apache Struts version 2.5.22.

Read more in

Hackers used credential stuffing attacks to access thousands of accounts used by Canadian citizens to access various government services websites. The attacks targeted the Canada Revenue Agency (CRA) and the GCKey portal that provides single sign-on to multiple Canadian government services websites. The hackers used the compromised accounts to access government services and apply for COVID-19 relief payments. The Canada Revenue Agency has temporarily disabled the site. The attacks targeted the Canada Revenue Agency (CRA) and the GCKey portal that provides single sign-on to multiple Canadian government services websites suspended online services.

Read more in

Two critical flaws in the Quiz and Survey Master WordPress plugin could be exploited to take control of vulnerable websites. The flaws are an arbitrary file upload vulnerability and an unauthenticated arbitrary file deletion error. Users are urged to update to Quiz and Survey Master version 7.0.1. The plugin is installed in more than 30,000 sites.

Read more in

Carnival Corporation, the world's largest cruise line operator, was the victim of a ransomware attack. The August 15 incident was disclosed in a US Securities and Exchange Commission (SEC) 8-K form filing. In the filing, Carnival writes, "We detected a ransomware attack that accessed and encrypted a portion of one brand's information technology systems. The unauthorized access also included the download of certain of our data files."

Read more in

Medical debt collection company R1 RCM was the target of a ransomware attack. The company says it took its systems offline in response to the attack. While it is not known how long the ransomware operators were inside R1 RCM's systems, the ransomware was activated earlier this month. R1 RCM was formerly known as Accretive Health Inc.

Read more in

Kentucky-based alcoholic beverage company Brown-Forman was the victim of an apparent ransomware attack. In communications with Bleeping Computer, Brown-Forman wrote, "Unfortunately, we believe some information, including employee data, was impacted. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible." The company is not actively negotiating with the attackers. The company also told Bleeping Computer that they managed to prevent their systems from being encrypted.

Read more in

Files allegedly stolen from electronics company Canon USA have been posted online by ransomware operators. Internal communications obtained by Bleeping Computer indicate that Canon USA was the victim of a ransomware attack earlier this month.

Read more in

London's Ritz Hotel is investigating a data breach of its food and beverage reservation system that compromised personal information belonging to some of its clients. Clients have reported being contacted by phone by people claiming to be Ritz Hotel staff seeking to confirm payment card details. The calls were spoofed to appear to be coming from the hotel.

Read more in

One of the vulnerabilities Microsoft patched in its monthly release last week was first reported to the company in August 2018. The Windows spoofing vulnerability affects all supported versions of Windows. The flaw could be exploited to "bypass security features intended to prevent improperly signed files from being loaded."

Read more in

Researchers from universities in the Netherlands and Germany compared information provided by two commercial and four open source threat intelligence services. They found very little overlap between the six feeds, noting, "These findings raise questions on the coverage and timeliness of paid threat intelligence."

Read more in