Our threat intelligence focused on the continued targeting of Australia-based entities by cybercriminal groups. On 20 October 2022, the Australian health insurer Medibank confirmed reports of a data breach in which the ransomware group gained access to highly sensitive data, including details of medical procedures, diagnoses, addresses, Medicare numbers, and credit card information. The incident follows several high-profile data breaches of Australian companies, including IT services consultancy Dialog and the telecommunications companies Telstra and Optus.

Following these incidents, the Australian government is expected to implement new privacy legislation that aims to reduce the amount of sensitive data held by companies on its citizens. Should similar legislation be adopted more widely, the incentive for cybercriminal groups to engage in data leak extortion operations against companies holding sensitive data would likely be impacted.

Key Vulnerabilities

  1. CVE-2022-42889
    A remote code execution vulnerability (CVSS: 9.8|OVSS: 41), dubbed Text4Shell, affecting Apache Commons Text library versions 1.5 through 1.9. The Apache Software Foundation released a security update for the vulnerability in September 2022, but only issued an advisory with further details in October 2022. A Proof-of-Concept exploit is available for this vulnerability, however, there are no current indications that it is being actively exploited.
  2. CVE-2022-36067
    A remote code execution vulnerability (CVSS: 10|OVSS: 29) affecting the vm2 sandbox module, which is used for running untrusted code. The vulnerability, dubbed Sandbreak, could enable a remote adversary to bypass the vm2 sandbox environment and run shell commands on the system hosting the sandbox. We advise users to update any vm2 instances to the latest version 3.9.11.
  3. CVE-2022-35698
    A cross-site scripting vulnerability (CVSS: 5.4|OVSS: 17), in which a threat actor injects malicious code into content of a trusted website, affecting Adobe Magento versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier). Successful exploitation of the vulnerability could enable arbitrary code execution. Magento is used by at least 267,000 active e-commerce sites. As such, Adobe Systems Incorporated have given this vulnerability a severity score of 10.

Key Intelligence Reports

  1. Venus Ransomware targets publicly exposed Remote Desktop services
    Since August 2022, the Venus ransomware group has targeted publicly exposed remote desktop services to encrypt Windows devices, gaining access to their victim’s corporate networks using Windows Remote Desktop Protocol (RDP). Read full report >>
  2. Australian health insurance firm Medibank discloses ransomware operation
    On 12 October 2022, Australian health insurer Medibank disclosed disruption to its online services following a ransomware operation impacting its customer-facing services, which were shut down to prevent data loss. Read full report >>
  3. Microsoft discloses data breach caused by misconfigured storage instance
    On 19 October 2022, Microsoft disclosed a data breach caused by a misconfigured Azure Blob Storage instance containing sensitive data from a high-profile cloud provider. Read full report >>

If you come across any issues or need assistance, please do not hesitate to reach out to Secrutiny. 

What is OVSS?

The Orpheus Vulnerability Severity Score (OVSS) helps companies understand the risk associated with particular vulnerabilities. Orpheus does this by adding additional context on the likely threat to and impact of CVEs, building upon the vulnerability information that is provided as part of the CVSS (Common Vulnerabilities Scoring System) score.

The Orpheus Vulnerability Severity Score (OVSS)