Category: Uncategorised

OMIGOD Exploit affects half of Azure

If earthquakes weren’t enough, yet another major security announcement from a major vendor this week.

A series of four vulnerabilities involving software agent Open Management Infrastructure has left Microsoft Azure customers exposed to remote code execution.

The flaws were reported Tuesday by cloud security vendor Wiz, which previously disclosed the ChaosDB Azure vulnerability last month.

Linux reportedly made up over half of Azure instances as of 2019, and Wiz’s post explained that customers utilizing Linux machines are vulnerable if they use any of a list of tools and services that use OMI, including many common ones.

Specifically, customers are exposed to a set of four vulnerabilities: three high-severity privilege escalation vulnerabilities and a critical remote code execution vulnerability, CVE-2021-38647, which has a CVSS of 9.8.

Microsoft patched the four vulnerabilities in its Patch Tuesday release this month, though the fixes will not be automatically applied for Azure customers.

Asked for clarification regarding whether the vulnerabilities are completely fixed and whether customers need to take action, Microsoft declined to comment beyond linking to its security update guide.

“The ease of exploitation and the simplicity of the vulnerabilities makes us wonder if the OMI project is mature enough to be used so widely,” Ohfeld said.

If you are an Acurus customer rest assure we are reviewing and ensuring you are not impacted.

If you want help and advise on how to deal with this please reach out for help.

Once it’s up get others staff to reshare, like, etc.

NBN pricing changes sees customer activations soar

CRN, 11 May, 2018 – NBN Co saw a surge in activations and revenue for its third quarter, which it attributed to optimisation work on its hybrid fibre coaxial (HFC) network and its changes to wholesale pricing offers.

The network provider had a total of 3.7 million activations for the period ending 31 March, up from 2 million in the same period last year. Revenue meanwhile came in at $1.4 billion, up 112 percent from $665 million in the period ending 31 March 2017.

The company also said that some 6.5 million premises were ready to connect to its broadband access network, with 7.5 premises ready for service.

“These results demonstrate the progress we’re making on our top three priorities, which are to complete the build by 2020, improve the end user experience, and deliver a modest return on the taxpayer’s investment,” NBN Co chief executive Bill Morrow said.

“We’ve shown stable performance against our long-term goals on the build side and significant improvements on customer experience.”

In December, NBN Co offered a temporary credit to retailers to buy 50 percent more connectivity virtual circuit (CVC) per user, while reducing the price of the access virtual circuit (AVC) for 50Mbps services. This allowed customers on the 25Mbps plan to upgrade to 50Mbps for free.

This resulted to a six-fold growth in 50Mbps subscriptions, going from 158,959 at the end of December to 989,360 subscribers on 31 March. The plan now also accounts for 26 percent of all NBN plans.

The company said this change also contributed to reducing average bandwidth congestion across its network from six hours per week last year to 18 minutes. The network can also support higher speeds during peak hours.

“Our monthly progress report demonstrates that our customer experience program is working, and we know there’s more to do to get this right,” Morrow said.

“The NBN Co team, delivery partners and RSPs are working quickly to make improvements across the industry for a better experience for all.”

The company also relaunched its HFC network on 27 April following the launch of the fibre-to-the-curb (FTTC) network the day before. NBN paused HFC rollouts in November due to customer experience issues.

Bill Morrow announced last month his intentions to step down as chief executive at the end of this year, and NBN Co has now started to look for a replacement.

(2018), NBN pricing changes sees customer activations soar, CRN, viewed 11 April 2018, <https://www.crn.com.au/news/nbn-activations-and-revenues-surge-in-third-quarter-490755>.

OAIC sees 63 data breach notifications in first six weeks

ITNEWS, 11 April, 2018 – Australian organisations reported 63 data breaches in the first six weeks of mandatory notification rules coming into effect, with human error listed as the most common cause.

By contrast, when organisations only had to voluntarily reveal breaches, they only self-reported 114 instances for the entire 2016–17 financial year.

The Office of the Australian Information Commissioner (OAIC) today released the first quarterly report since the mandatory data breach notification scheme came into effect on February 22.

The report notes that eight breach notifications were received in the six days in which the scheme operated in its launch month.

A further 55 data breach notifications were received by the OAIC in March.

Health services providers were responsible for the single largest number of notifications (15), followed by businesses that supply “legal, accounting and management services”.

Organisations in the finance, education and not-for-profit sectors were also implicated.

“The majority of data breaches reported to the OAIC involved ‘contact information’, such as an individual’s name, email address, home address or phone number,” the OAIC said.

“This is distinct from ‘identity information’, which refers to information that is used to confirm an individual’s identity, such as driver licence numbers and passport numbers.

“Entities also reported data breaches that involved individuals’ tax file numbers, financial details, such as bank account or credit card numbers, as well as health information.”

The OAIC said 78 percent of notifications it received impacted “contact information”, compared to 24 percent that exposed “identity information”.

“Health information” was exposed in 33 percent of the cases and “financial details” in 30 percent of cases.

The majority of notified breaches – 50 percent – were the result of human error, although malicious or criminal actors are believed to have been behind a further 44 percent of incidents.

Just under three-quarters of eligible data breaches (73 percent) “involved the personal information of under 100 individuals”.

Acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk, said in a statement that “the transparency provided by the NDB scheme reinforces Australian Government agencies’ and businesses’ accountability for personal information protection and encourages a higher standard of security.”

“Over time, the quarterly reports of the eligible data breach notifications received by the OAIC will support improved understanding of the trends in eligible data breaches and promote a proactive approach to addressing security risks,” Falk said.

(2018), OAIC sees 63 data breach notifications in first six weeks, ITNews, viewed 11 April 2018, <https://www.itnews.com.au/news/oaic-sees-63-data-breach-notifications-in-first-six-weeks-488720>.

ACCC reports better than expected results from broadband tests, but finds some dire downloads

COMPUTERWORLD, 29 March, 2018 – The Australian Competition and Consumer Commission says that the first report from its broadband monitoring program has revealed better than expected performance from NBN services sold by Australia’s biggest telcos. However, the report also revealed that around 5 per cent of the tests run on NBN services failed to reach at least 50 per cent of households’ maximum plan speed.

The ACCC said that fibre to the node (FTTN) connections that could not support the maximum plan speed paid for by households were a factor that brought down average performance overall.

The report, compiled by SamKnows using the broadband connections of volunteer households, stated that the “poorer performance on services not meeting 50% of the maximum plan speed is likely being caused by limitations in the access network, rather than congestion during the busy hours and ISPs’ provisioning of their networks”.

The ACCC has announced a series of court-enforceable undertakings from Vocus, iiNet, Internode, TPG, Telstra and Optus after the retail service providers (RSPs) sold FTTN and fibre to the basement (FTTB) services to customers whose lines couldn’t handle the maximum speeds they were paying for.

SamKnows’ initial findings report covers the period 4 February to 5 March. During that time some 61,000 tests were run using hardware probes installed in households with NBN connections.

Overall, the tests revealed that NBN services sold by iiNet, Optus, Teltra and TPG delivered 80-90 per cent of the maximum plan speeds during the peak usage period of 7-11pm.
“These first test results are better than expected, and indicate the majority of internet service providers are now delivering very close to their maximum plan speeds,” ACCC chairperson Rod Sims said.

However, he added: “The results for some types of services are still lower than we would like, but the overall results go against the current wisdom that the majority of consumers and businesses are having issues with NBN speeds.”

“NBN Co is pleased to see the results from the ACCC broadband speed testing program reflect the initiatives we have recently implemented to improve customer experience,” an NBN spokesperson said.

“The report reiterates the positive impact of our new wholesale pricing promotion, which has relieved bandwidth congestion on the network from an average of around four hours to 12 minutes per week.”

“The ACCC findings also confirm the majority of retail services over the NBN network are delivering maximum speeds during the busy hours,” the spokesperson said.

Out of the four retail service providers named, TPG took the top spot for performance. On average, the RSP delivered download speeds that were 90.7 per cent of plan maximum during the busy evening period. It was followed by its subsidiary iiNet (88.6 percent), Telstra (88.1 per cent) and Optus (80.7 per cent).

During the peak usage period, NBN 100Mbps services delivered an average download speed of 87.97Mbps across all RSPs. NBN 50Mbps services had an average of 44.34Mbps, and 25Mbps services an average of 21.52Mbps. ADSL services tested as part of the program delivered an average of 7.99Mbps.

“We know that there are customers who are not getting the speeds that are being advertised,” Sims said.

“We hope that the transparency and the regularity of our broadband speed reports will encourage all retailers to ensure their customers are getting what they are paying for.”
Earlier this week the ACCC announced it will release more detailed quarterly reports on the state of the NBN wholesale market. However, it revealed at this stage it would not include details about how much capacity individual telcos are purchasing.

In addition to download and upload speeds, SamKnows is testing a range of other metrics, including latency, jitter, packet loss, DNS performance and website load speeds.
Results from those tests are yet to be released. Future reports from the program are expected to include additional information, such as a comparison between metro and regional performance.

(2018), ACCC reports better than expected results from broadband tests, but finds some dire downloads, Computerworld, viewed 29 March 2018, <https://www.computerworld.com.au/article/635521/accc-reports-better-than-expected-results-from-broadband-tests-but-finds-some-dire-downloads/>.

ACCC prepares to set auction limits for key 5G spectrum

COMPUTERWORLD, 21 March, 2018 – The Australian Competition and Consumer Commission (ACCC) has written to industry stakeholders seeking input on allocation limits for the upcoming auction of spectrum in the 3.6GHz band.

Spectrum in the 3.6GHz band is expected to play a key role in telcos’ rollout of 5G services in Australia.

“The ACCC understands the 3.6 GHz band will be utilised for wide-area broadband deployments, notably mobile broadband and fixed wireless,” the ACCC said in a letter calling for input on allocation limits.

“In particular, this band is likely to be used for early 5G deployment as the broader 3.3–3.8 GHz frequency range has been identified internationally as a pioneer band for 5G services.”

Communications minister Senator Mitch Fifield earlier this month requested advice from the ACCC on spectrum allocation limits as the government moves ahead with auctioning off 125MHz of spectrum (3575-3700MHz) in regional and metropolitan areas.

The spectrum will be available for a 12-year term, depending on the location, the minister noted in his letter to the ACCC.

The Australian Communications and Media Authority has indicated a preference to auction off the spectrum in 25x5MHz lots, the letter from Fifield stated.

“Small lots would allow the band to be split in a large number of ways and may be attractive for smaller bidders,” the minister said. “However, offering the spectrum in 25x5MHz lots increases the risk that bidders may win an amount of spectrum that is insufficient or uneconomical.”

A proposed minimum bid requirement has been proposed to mitigate the risk.

The ACMA is planning to begin the auction in October.

The ACCC said it expects a high level of demand for the spectrum. Its letter states that mobile network operators “have indicated that they will require 100 MHz of contiguous spectrum in the 3.3-3.8 GHz frequency range to deliver 5G services, meaning some bidders may seek to acquire up to 100 MHz of 3.6 GHz spectrum in the auction.”

(2018), ACCC prepares to set auction limits for key 5G spectrum, Computerworld, viewed 21 March 2018, <https://www.computerworld.com.au/article/635028/accc-prepares-set-auction-limits-key-5g-spectrum/>.

NBN Co to extend 50Mbps promo pricing until October

ITNEWS, 1 March, 2018 – NBN Co will extend its promotional 50Mbps price offer through to the end of October to give retail service providers more time to prepare for the switch to a more permanent price construct.

The company this week revealed plans to create a “second promotion period” for its 50Mbps product and for the connectivity virtual circuit (CVC) discount that accompanies it.

Where the original promotional price offer had been due to run out at the end of April, the extension – if it wins regulatory approval – would see the offer run for an additional six months.

The extension will create a greater period of overlap between the temporary and permanent price offers that NBN Co unveiled at the end of last year.

The promotional offer – which is known as ‘Focus on 50’ – works within the boundaries of the existing NBN price construct, cutting the AVC cost of a 50Mbps product and offering 50 percent extra CVC – on top of what the RSP buys – for free.

It was intended to be a bridging measure that enabled NBN Co to bring a large percentage of its user base onto a higher-speed and less congested service, while giving RSPs time to make IT changes to work with an entirely new price construct.

The new price construct will offer AVC and CVC bundles for both the 50Mbps and 100Mbps wholesale tiers.

A consultation on the final form of that new price construct wraps up in NBN Co’s internal product development forum at the end of February.

NBN Co has indicated it remains on track to launch the new wholesale price bundles by the middle of this year.

As it looks now, RSPs will need to migrate a substantial number of 50Mbps customers from the temporary to permanent price construct.

NBN Co has said it expects more than 1.2 million premises to be on the 50Mbps tier by June, when the permanent construct comes into effect.

The lion’s share of these premises will be with Telstra, who this week said it would upgrade all its existing 25Mbps users to the 50Mbps tier.

Vodafone also recently said 80 percent of its NBN user base is on 50Mbps or higher plans.

(2018), NBN Co to extend 50Mbps promo pricing until October, ITNews, viewed 1 March 2018, <https://www.itnews.com.au/news/nbn-co-to-extend-50mbps-promo-pricing-until-october-486052>.