Greetings, What an amazing week it’s been at AUSCERT2023! Attending cyber security conferences can be wonderfully rewarding, but also quite daunting for first time attendees or those with a neuro-diverse background. This year at AUSCERT2023 we once again featured an onsite psychologist for attendees to visit and discuss anything from mental wellbeing right through to life coaching. In addition, The University of Queensland’s Shelly Mills coordinated a panel discussion with Trinity McNicol from Sunshine Coast University on neurodiversity in the workplace, and how employers and team members can support these individuals. With “Back to the Future” for our theme, past AUSCERT team member Mark McPherson joined forces with present-day AUSCERT Senior Analyst Eric Halil to present a wonderful trip down memory lane beginning in the late 1980s, when the seeds were planted to form the AUSCERT we know today. If you missed this or any of the presentations, watch out for the YouTube uploads later on. Organisations are realising that data governance is an extremely important mitigating control against breaches, and this shift has brought professionals from both the cybersecurity and data governance fields together. The AUSCERT2023 Conference featured Troy Hunt, long-time cyber security expert and creator of the Have I Been Pwned website, Craig Rowlands, Director of Technology Data at Bupa, Kate Carruthers, Chief Data & Insights Officer for UNSW Sydney and The University of Queensland’s Sasenka Abeysooriya, Strategist and Data Governance Expert in a cross-discipline discussion on the importance of data governance and cyber security strategy. At the heart of this week’s AUSCERT2023 Conference was a strong theme of working together to achieve common goals. An amazing number of “hallway conversations” took place amongst the delegates, sharing ideas and comparing notes with other professionals from many disciplines. Next week delegates will return to their workplaces armed with a wealth of knowledge from those conversations, tutorials and the very latest content from the presentations. The coming weekend will hopefully give our delegates a chance to restore a healthy work-life balance and rest up, especially after celebrating last night at the Back to the Future themed gala dinner, featuring once again the amazing DJ Clariti and AUSCERT Awards! In case you missed this week’s cyber security news while attending AUSCERT2023, here’s the top stories: Western Digital says hackers stole customer data in March cyberattack Date: 2023-05-07 Author: Bleeping Computer Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. The company emailed the data breach notifications late Friday afternoon, warning that customers’ data was stored in a Western Digital database stolen during the attack. “Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers,” Western Digital said. Microsoft: Iranian hacking groups join Papercut attack spree Date: 2023-05-08 Author: Bleeping Computer Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers. These groups are tracked as Mango Sandstorm (aka Mercury or Muddywater and linked to Iran’s Ministry of Intelligence and Security) and Mint Sandstorm (also known as Phosphorus or APT35 and tied to Iran’s Islamic Revolutionary Guard Corps). 1 Million Impacted by Data Breach at NextGen Healthcare Date: 2023-05-08 Author: Security Week Healthcare solutions provider NextGen Healthcare has started informing roughly one million individuals that their personal information was compromised in a data breach. Headquartered in Atlanta, Georgia, the company makes and sells electronic health records software and provides doctors and medical professionals with practice management services. FluHorse: New Android Threat Stealing 2FA Codes and Passwords Date: 2023-05-08 Author: Cyware Hacker News According to a recent report by Check Point Research, a new type of malware, named FluHorse, has been discovered. The malware comprises a cluster of Android apps that masquerade as genuine applications. Shockingly, the fake apps have already been downloaded by more than one million users. FluHorse is created to pilfer personal information such as usernames, passwords, and 2FA codes. The distribution of the FluHorse malware occurs through email, and it targets various sectors in the Eastern Asian market. NodeStealer: New Information-stealing Threat Terminated by Facebook Date: 2023-05-09 Author: Cyware Hacker News A new information-stealing malware, named NodeStealer, has been discovered by Facebook. It can steal browser cookies to hijack accounts on the platform, as well as Outlook and Gmail accounts. Furthermore, it allows its operator to bypass 2FA. About the campaign Facebook’s engineers spotted the NodeStealer malware first in late January and linked the attacks to Vietnamese threat actors. Cybercriminals aim to hijack the Facebook account’s ability to run advertising campaigns and push misinformation or lead audiences to sites spreading malware. ESB-2023.2521 – GitLab Community Edition and Enterprise Edition: CVSS (Max): 9.6 GitLab has released versions 15.11.2, 15.10.6, and 15.9.7 for Community Edition (CE) and Enterprise Edition (EE). ASB-2023.0103 – ALERT Microsoft Windows: CVSS (Max): 9.8 Microsoft’s most recent patch update resolves 27 vulnerabilities across Windows, Windows Server, Remote Desktop and Av1 Video Extension. ASB-2023.0105 – ALERT Microsoft ESU: CVSS (Max): 9.8 Microsoft has resolved 14 vulnerabilities with Windows Server 2008 variants. ESB-2023.2691 – emacs: CVSS (Max): 9.8 Issues have been discovered in Emacs which, if exploited, could result in the execution of arbitrary shell commands. This has been fixed in a new version. ESB-2023.2694 – Citrix ADC and Citrix Gateway: CVSS (Max): 6.3 Citrix reports vulnerabilities in ADC and Gateway, and advises its users to install relevant updated versions. ESB-2023.2693 – Nessus Network Monitor: CVSS (Max): 9.8 Tenable has discovered vulnerabilities in Nessus Network Monitor, and released a critical patch to address these issues. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, The first known use of an authentication system dates back to the Ancient Roman times where the military would use “watchwords” to prove membership to a unit. In those days, passwords became used as ways to signal affiliation with a particular societal position. In 1961 the password evolved to a digital platform when MIT computer science professor Fernando Corbato created the first computer password, as he needed individual users to have their own private access. Just two years later, the first recorded password theft occurred as one of the users printed the system’s password file to gain more privileges. Back to the future: this week, some sixty years later we celebrated world password day! As our use of passwords rapidly increased so did their predictability. With so many passwords to remember we became obvious in our choices to ensure it could be easily remembered, often using our birthdays, family names, beloved pets or even simply “password123”. Password cracking became even simpler for hackers as they caught on to the “best practice” trends promoted within the community. While encryption and hashing technology improved, so has the technology available to attackers, meaning that even our longer and more complex passwords were no longer a barrier of entry. Here’s what you should know about the latest recommended password security and best practices: Choose a strong password & keep it confidential – combine uppercase and lowercase letters, numbers and special characters in a random order. The more random the better! Also the longer the better – a minimum of 8 characters. The best password is a “passphrase” combining four or five random words that you’ll easily remember. Don’t reuse passwords for important systems. That means you’ll also need to keep track of all your passwords securely. Write it on paper and lock it in a secure location or better yet, use a password manager system that stores all your passwords securely in one location. Use a multi-factor authentication (MFA) system. By requiring a factor other than just your password (for example a verification code sent to your phone), multi-factor authentication can keep a hacker from being able to log onto your account even if they do get a hold of your password. Spread the word about this both at home and at work – remember that if we’re all used to employing these protective layers at home, it’s also more likely we’ll take the same care in the workplace! See you at AUSCERT2023 next week! Fortinet warns of a spike in attacks against TBK DVR devices Date: 2023-05-02 Author: Security Affairs FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker can trigger the flaw to obtain administrative privileges and eventually gain access to camera video feeds. TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. Apple pushes first-ever 'rapid' patch – and rapidly screws up Date: 2023-05-02 Author: The Register Apple on Monday pushed to some iPhones and Macs its first-ever rapid security fix. This type of patch is supposed to be downloaded and applied automatically and seamlessly by the operating system to immediately protect devices from exploitation, thus avoiding the usual system update cycle that users may put off or miss and thus leave their stuff vulnerable to attack. As luck would have it, though, this first-of-its-kind patch didn't go off without a hitch. Some Cupertino fans reported problems actually getting the update. CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service Date: 2023-05-02 Author: Zero Day Initiative A heap-based buffer overflow has been reported in Microsoft DHCPv6 Server. The vulnerability is due to improper processing of DHCPv6 Relay-forward messages. A remote attacker can exploit this vulnerability by sending crafted DHCPv6 Relay-forward messages to the target server. Successful exploitation could result in the execution of arbitrary code with administrative privileges. Australian law firm HWL Ebsworth hit by Russian-linked ransomware attack | Data and computer security Date: 2023-05-02 Author: The Guardian The Australian commercial law firm HWL Ebsworth has fallen victim to a ransomware attack, with Russian-linked hackers claiming to have obtained client information and employee data. Late last week, the ALPHV/Blackcat ransomware group posted on its website that 4TB of company data had been hacked, including employee CVs, IDs, financial reports, accounting data, client documentation, credit card information, and a complete network map. Meta says ChatGPT-related malware is on the rise Date: 2023-05-04 Author: iTnews Lures users into downloading malicious apps and browser extensions. Meta said it had uncovered malware purveyors leveraging public interest in ChatGPT to lure users into downloading malicious apps and browser extensions, likening the phenomenon to cryptocurrency scams. Since March, the social media giant has found around 10 malware families and more than 1000 malicious links that were promoted as tools featuring the popular artificial intelligence-powered chatbot, it said in a report. In some cases, the malware delivered working ChatGPT functionality alongside abusive files, the company said. ESB-2023.2453 – Android OS: CVSS (Max): 9.8* Android's most recent security bulletin contains details of vulnerabilities affecting Android devices. The most severe vulnerability affects the Framework component which could lead to local escalation of privilege. ESB-2023.2463 – GitLab Community Edition (CE) and GitLab Enterprise Edition (EE): CVSS (Max): 7.5* GitLab has released versions 15.11.1, 15.10.5, and 15.9.6 for GitLab Community Edition and Enterprise Edition which contain important security fixes. ESB-2023.2504 – chromium: CVSS (Max): None Multiple security issues have been reported in Chromium, which if exploited could result in the execution of arbitrary code, denial of service or information disclosure. ESB-2023.2501 – AirPods and Beats: CVSS (Max): None Apple has released updates for AirPods Firmware and Beats Firmware to address multiple security issues. ESB-2023.2502 – Cisco SPA112 2-Port Phone Adapters: CVSS (Max): 9.8 As SPA112 2-Port Phone Adapters have reached end of life, Cisco advises its customers to migrate to the ATA 190 Series Analog Telephone Adapter. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This week we commemorated the Anzac soldiers for their bravery, courage, and ultimate sacrifice for our great nations. We pay respect to the victims and their families and vow to always honour and remember them. Lest we forget! In other less sombre news we released our new podcast episode this week featuring Eric Pinkerton titled ‘Changing Behaviour in Cyber’. Eric, CEO of Phronesis, Australia’s first B-Corp certified cyber security company committed to doing good. In this episode Eric and Anthony examine how people’s behaviours changed during the pandemic and how we can use this knowledge to influence the cyber world. Understanding people’s behaviours is important to understanding the tactics that hackers may take. Hackers pry on our natural instincts and emotions as humans to bait us into a vulnerable position. Scammers are luring naïve consumers into becoming their money mules and exploiting the widening knowledge gap of fraudulent activity. Sadly, emotionally vulnerable people are the most targeted as hackers utilise key methods to exploit their feelings and reap rewards. The Australian Competition and Consumer Commission (ACCC) reported investment scams or ‘get rich schemes’ were the highest reported scams with an astonishing $377 million lost. Dating and Romance scams were the second most targeted approach with the ACC reporting 40 million lost to this last year. Hackers would pull at heart strings to get funds from helpless victims, arguably one of the cruellest forms of consumer-facing fraud as it would often cause significant distress. The preferred method of contact that scammers preferred was phone calls or text messages with 55% of all scams last year being via phone devices. Angry consumers believe the accountability lies with banks to provide reimbursement if they fall victim to a scam or a third-party fraud. To combat scam losses the government is looking into different initiatives to better safeguard consumers. A $10million commitment has been announced to fund a SMS sender register to prevent sender ID scams imitating key industry or government brand names in text message headers. As criminals get more authentic we as a society must also be more vigilant on the warning signs of a scam and ensure not to fall victim to their emotive baiting techniques. New SLP bug can lead to massive 2,200x DDoS amplification attacks Date: 2023-04-25 Author: Bleeping Computer A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service attacks with 2,200X amplification. This flaw, tracked as CVE-2023-29552, was discovered by researchers at BitSight and Curesec, who say that over 2,000 organizations are using devices that expose roughly 54,000 exploitable SLP instances for use in DDoS amplification attacks. Vulnerable services include VMware ESXi Hypervisors, Konica Minolta printers, IBM Integrated Management Modules, and Planex Routers deployed by unsuspecting organizations worldwide. Clop, LockBit ransomware gangs behind PaperCut server attacks Date: 2023-04-26 Author: Bleeping Computer "Members who potentially utilize this product have been notified" Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Last month, two vulnerabilities were fixed in the PaperCut Application Server that allows remote attackers to perform unauthenticated remote code execution and information disclosure. Decoy Dog malware toolkit found after analyzing 70 billion DNS queries Date: 2023-04-23 Author: Bleeping Computer A new enterprise-targeting malware toolkit called ‘Decoy Dog’ has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity. Decoy Dog helps threat actors evade standard detection methods through strategic domain aging and DNS query dribbling, aiming to establish a good reputation with security vendors before switching to facilitating cybercrime operations. Researchers from Infoblox discovered the toolkit in early April 2023 as part of its analysis of over 70 billion DNS records daily to look for signs of abnormal or suspicious activity. Gov to fund SMS sender ID register with $10m Date: 2023-04-24 Author: itnews A government-run register of SMS sender IDs will go ahead courtesy of a $10 million commitment to be made in next month’s federal budget. Communications minister Michelle Rowland said yesterday that the funding, to be announced as part of the 2023-24 Budget on May 9, would run over four years. Rowland had asked the ACMA to investigate a local register, and other models, back in February as a way to combat rising scam losses. Investigation into PostalFurious: a Chinese-speaking phishing gang targeting Singapore and Australia Date: 2023-04-21 Author: Group-IB Phishing attacks are becoming ever more sophisticated and their scale is increasing exponentially. The automation of many processes and the growing popularity and accessibility of phishing kits over recent years has made it much easier for cybercriminals to set up fraudulent infrastructure to steal user credentials, bank card details, addresses, OTP codes, IP addresses, and other sensitive information. ESB-2023.2371 – Tenable.sc: CVSS (Max): 8.1 One of the third-party components (PHP) of Tenable.sc was found to contain vulnerabilities, and updated versions have been made available by the providers ESB-2023.2370 – VMware Workstation Pro / Player (Workstation) and VMware Fusion: CVSS (Max): 9.3 Multiple security vulnerabilities in VMware Workstation and Fusion were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in the affected VMware products ESB-2023.2311 – thunderbird: CVSS (Max): 8.2 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code ESB-2023.2293 – curl: CVSS (Max): 9.8 This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Earth Day is tomorrow! A great opportunity to be grateful for the world we live in and reflect on ways we as individuals can reduce our environmental footprint. Avoid single use items, reduce energy consumption, encourage recycling, conserve water, and plant a tree! Established in 1970 Earth Day has become a world phenomenon with over 190 countries participating in a wide variety of environmental activities to drive change. President of Earth Day, Kathleen Rogers, proclaimed this year’s theme is to invest in a green economy to pave a path for a healthy, prosperous and equitable future. So tomorrow make sure to take the time to do something to benefit our beautiful green world! Just as we must invest in protecting our natural environment so too must we protect our cyber environment too. With the increasingly growing rate of scams, it has become imperative for every organisation to invest in their cyber security by providing their employees with the latest education, training and resources to prepare for any attack. The ACCC reported a record loss of $3.1billion to scams last year an astonishing 80% increase over last year. Scammers and hackers have become far more sophisticated in the tactics they are utilising, making them appear genuine, believable, and very difficult to detect. Experts worry this will only continue to increase as artificial intelligence scams are on a rapid rise with hackers now using voice cloning technologies to trick people. Microsoft revealed a new AI system which could recreate a person's voice after listening to them speak for only 3 seconds, a spine tingling sign of how quickly technology could be used to convincingly replicate a key piece of someone’s identity. At this year’s AUSCERT2023 conference we are featuring a new tutorial delivered by global cyber security company, Palo Alto Networks. Their zero trust architects will be hosting a Security Posture Assessment workshop to provide an in-depth analysis of the current state of your security environment. The experts will consult your cyber teams on the vulnerabilities present and priority areas of your organisation, providing recommendations and objectives to strengthen against cyber attacks.Register today to invest in your cyber security protection, hurry spaces limited! … Google patches another actively exploited Chrome zero-day Date: 2023-04-19 Author: Bleeping Computer Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year. "Google is aware that an exploit for CVE-2023-2136 exists in the wild," reads the security bulletin from the company. The new version is 112.0.5615.137 and fixes a total of eight vulnerabilities. The stable release is available only for Windows and Mac users, with the Linux version to roll out "soon," Google says. Hackers actively exploit critical RCE bug in PaperCut servers Date: 2023-04-19 Author: Bleeping Computer [See AUSCERT Security Bulletin 21 April 2023 ASB-2023.0102] https://portal.auscert.org.au/bulletins/ASB-2023.0102 Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers. PaperCut makes printing management software compatible with all major brands and platforms. It is used by large companies, state organizations, and education institutes, while the official website claims it serves hundreds of millions of people from over 100 countries. Australian insurers warn against outright ransomware payment ban Date: 2023-04-18 Author: iTnews The Insurance Council of Australia has warned the government to tread carefully in its contemplation of an outright ban on paying ransoms and extortion demands in data breach incidents. The council also wants the federal government to simplify and “harmonise” cyber security requirements on business, while it contemplates drafting a specific Cyber Security Act. Fortra attributes GoAnywhere breach to a zero day vulnerability Date: 2023-04-20 Author: iTnews Fortra has published a post mortem of the GoAnywhere hack that compromised end user data in January and February. Australian organisations affected by the data breach include Tasmania’s education department, Rio Tinto, and Crown Resorts. The company said the attack used a zero-day vulnerability, CVE-2023-0669, which it said is a “pre-authentication command injection vulnerability … due to deserialising an arbitrary attacker-controlled object”. UK and US issue warning about APT28 actors exploiting poorly maintained Cisco routers Date: 2023-04-18 Author: NCSC UK and US agencies have today (Tuesday) issued a joint advisory to help organisations counter malicious activity used by Russian cyber actors to exploit poorly maintained Cisco routers. APT28 – a threat group attributed to Russia’s military intelligence service the GRU – has been observed taking advantage of poorly configured networks and exploiting a known vulnerability to deploy malware and access Cisco routers worldwide. ASB-2023.0098 – Oracle PeopleSoft: CVSS (Max): 9.8 Oracle's Critical Patch Update release contains 10 new security patches for Oracle PeopleSoft. 8 of these vulnerabilities may be remotely exploitable without authentication. ESB-2023.2198 – Google Chrome: CVSS (Max): None Google released an update for Chrome which addresses a type confusion in V8 vulnerability that has been exploited in the wild. ESB-2023.2257 – Schneider Electric Easy UPS Online Monitoring Software: CVSS (Max): 9.8 Schneider Electric has released security updates for Schneider Electric Easy UPS Online Monitoring Software which fix remote code execution, escalation of privileges, and authentication bypass. ESB-2023.2282 – VMware Aria Operations for Logs: CVSS (Max): 9.8 VMware released updates and workarounds which address multiple vulnerabilities in VMware Aria Operations for Logs. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, With Easter celebrations now behind us, let us embrace the spirit of this holiday as a chance to embark on new adventures, pursue new goals and embrace new experiences. As Autumn unfolds around us temperatures begin to cool and leaves begin to change, it is a powerful reminder of the ever-evolving nature of our world. With it we must ensure to be constantly developing new skills and acquiring knowledge to continue our own self-growth and improvement. Just like nature the digital world is constantly growing and evolving, with new technologies, platforms and applications emerging at an unprecedented rate. The rapid growth and evolution of technological advancements has transformed the digital landscape, and today we are witnessing a whole new era of innovation. We encourage members to undertake frequent cyber security training and courses to promote a culture of awareness and help protect against threats and attacks as new vulnerabilities emerge in the ever-evolving digital environment. This year we have a wide variety of exciting tutorials featured in our AUSCERT2023 conference program specifically designed to ensure your organisation is properly equipped. Particularly the workshops from the SANS Institute ,the world’s largest provider of cyber security training. Spaces are limited so register now! Recently popular targets of cyber-attacks include Microsoft and Adobe software, with increasing reports of vulnerabilities. For the second month in a row Microsoft is pushing out urgent updates to fix an already exploited vulnerability in its flagship windows operating systems. This was announced the same day that Adobe rolled out security fixes to 56 vulnerabilities in a wide range of its products. With high profile software companies under constant threat of malicious activity and potential exposure of consumer data it is important to work together and develop a better strategy to safeguard our cyber security. A reminder the government’s 2023-2030 Australian Cyber Security Strategy Discussion papers are due by tomorrow. Submit your views and recommendations on how the government can better secure the digital economy and thriving cyber ecosystem. … Exploit available for critical bug in VM2 JavaScript sandbox library Date: 2023-04-07 Author: Bleeping Computer [See ASB-2023.0060] Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment. The library is designed to run untrusted code in an isolated context on Node.js servers. It allows partial execution of the code and prevents unauthorized access to system resources or to external data. Microsoft Patches Another Already-Exploited Windows Zero-Day Date: 2023-04-11 Author: Security Week [See ASB-2023.0061] For the second month in a row, Microsoft is pushing out urgent patches to cover an already-exploited vulnerability in its flagship Windows operating system. The vulnerability, flagged as zero-day by researchers at Mandiant, is described as an elevation of privilege issue in the Windows Common Log File System driver. In an advisory documenting the CVE-2023-28252, Redmond warns that an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. 3CX confirms North Korean hackers behind supply chain attack Date: 2023-04-12 Author: Bleeping Computer VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month’s supply chain attack. “Based on the Mandiant investigation into the 3CX intrusion and supply chain attack thus far, they attribute the activity to a cluster named UNC4736. Mandiant assesses with high confidence that UNC4736 has a North Korean nexus,” 3CX CISO Pierre Jourdan said today. Windows admins warned to patch critical MSMQ QueueJumper bug Date: 2023-04-12 Author: Bleeping Computer Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month’s Patch Tuesday and exposing hundreds of thousands of systems to attacks. MSMQ is available on all Windows operating systems as an optional component that provides apps with network communication capabilities with “guaranteed message delivery,” and it can be enabled via PowerShell or the Control Panel. MSI hit in cyberattack, warns against installing knock-off firmware Date: 2023-04-07 Author: The Register Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device’s firmware or BIOS after the manufacturer revealed it has recently suffered a cyberattack. In a statement shared on Friday, MSI urged users “to obtain firmware/BIOS updates only from its official website,” and to avoid using files from other sources. ESB-2023.2108 – Adobe Acrobat and Reader: CVSS (Max): 8.6 Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS which fix arbitrary code execution, privilege escalation, security feature bypass and memory leak vulnerabilities. ASB-2023.0066 – ALERT Microsoft ESU: CVSS (Max): 9.8 Microsoft has released its monthly security patch update which resolves 44 vulnerabilities across Microsoft Extended Security Update (ESU). ASB-2023.0061 – ALERT Windows: CVSS (Max): 9.8 Microsoft’s most recent security patch update resolves 77 vulnerabilities in Windows and Windows Server. ESB-2023.2063 – ALERT macOS Monterey: CVSS (Max): None Apple has released macOS Monterey 12.6.5 which delivers important security enhancements to Mac devices running macOS Monterrey. ESB-2023.2065 – ALERT macOS Big Sur: CVSS (Max): None Apple released a security update for macOS Big Sur which according to Apple’s security updated notes fixes the vulnerability labeled CVE-2023-28206. ESB-2023.2062 – ALERT macOS Ventura: CVSS (Max): None Apple pushed a new macOS Ventura 13.3.1 update which includes bug fixes and security updates for CVE-2023-28206 and CVE-2023-28205. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, As data breaches and cyber attacks are progressively becoming more prevalent, organisations and individuals are now under threat more than ever. As a result it is increasingly important to properly equip yourself with the correct tools and training to ensure you and your organisation are prepared for the growing possibility of an attack. The recent threat on 3CX is a cause for concern for most people – and for good reason! The Voice Over Internet Protocol (VoIP) software development company’s system caters to more than 12 million daily users and 600,000 companies worldwide, including some very high-profile organisations. Hackers reportedly compromised the app to target the company’s customers which could have exposed sensitive personal and financial data for all users and organisations involved. As these data threats and breaches are increasingly becoming more common, organisations and individuals must do all they can to avoid the negative repercussions that can result. It's important for individuals and organizations to take steps to protect themselves against cyber attacks, such as using strong authentication, keeping software up to date, avoiding suspicious links and emails, and backing up important data. Additionally, organisations should invest in their people, to empower them to be an active part of cyber security risk reduction. Resources like IDCare’s fact sheets are great information sources to educate yourself and colleagues on the appropriate measures to take against common threats. Scam watch can keep you updated with the latest threats and statistics. Also, something practical most people can do to help protect themselves and their loved ones is to employ Multi Factor Authentication (MFA), here’s some helpful information on how to enable it for a variety of services – https://2fa.directory/au/ Before we finish up for the week I would like to do a final reminder that Early Bird Offers and Member tokens are expiring today, March 31, for our 2023 AUSCERT conference. There’s never been a better time to further you and your organisation’s knowledge and expertise in cyber security, make sure to register today! Google finds more Android, iOS zero-days used to install spyware Date: 2023-03-29 Author: Bleeping Computer Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices. The attackers targeted iOS and Android users with separate exploit chains as part of a first campaign spotted in November 2022. They used text messages pushing bit.ly shortened links to redirect the victims to legitimate shipment websites from Italy, Malaysia, and Kazakhstan after first sending them to pages triggering exploits abusing an iOS WebKit remote code execution zero-day (CVE-2022-42856) and a sandbox escape (CVE-2021-30900) bug. Crown Resorts confirms ransom demand after GoAnywhere breach Date: 2023-03-28 Author: Bleeping Computer Crown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability. The Blackstone-owned company has an annual revenue that surpasses $8 billion and operates complexes in Melbourne, Perth, Sydney, Macau, and London. This data breach was conducted by the Clop ransomware gang, which has shifted over the past year from encrypting files to performing data extortion attacks. In February, the threat actors claimed to have stolen data from 130 organizations over ten days utilizing a GoAnywhere zero-day vulnerability. This is the most detailed portrait yet of data breaches in Australia Date: 2023-03-28 Author: ABC News Every bubble in the chart [below] is a data breach that put Australians at likely risk of “serious harm”. It shows a total of 2,784 recorded breaches since the start of 2020 — covering everything from the Optus and Medibank breaches, which exposed the personal information of millions, to mistakenly sent emails only affecting a single unlucky person. The chart is based on the official record of data breaches reported to the Office of the Australian Information Commissioner (OAIC), obtained and published for the first time by the ABC. Hotel and property giant Meriton hit by data hack, personal documents may be at risk Date: 2023-03-29 Author: ABC News One of Australia's biggest property giants has been hit by cybercriminals who may have made off with highly sensitive personal data including birth certificates and bank details, as well as information about salaries and disciplinary proceedings. Guests and staff members employed by Meriton were affected by the data breach when hackers struck the luxury developer on January 14 this year. NGS Super says 'limited data' stolen in cyber attack – Security Date: 2023-03-28 Author: iTnews NGS Super, an industry superannuation fund serving the education and community sectors, said an attacker had stolen “limited data” from its systems. The fund said it detected and shut down an incident on March 17, but not before the attacker was able to exfiltrate some data. The stolen data was stored on “internal drives”, according to the fund; why it was stored there is a matter for investigation. “For our members we know that data was accessed, which for a group of members included their primary identifiers,” NGS Super said. Home Affairs to set up cyber and infrastructure security group Date: 2023-03-27 Author: iTnews Home Affairs will set up a new cyber and infrastructure security group from May that will lead industry partnerships and support the implementation of the next nation cyber security strategy. Secretary Michael Pezzullo told a Home Affairs cyber and infrastructure security conference that the new group would be led by Hamish Hansford in a new deputy secretary position. ESB-2023.1834 – macOS Ventura: CVSS (Max): 7.8* Apple has released the macOS Ventura 13.3 update which includes more than 30 security updates. ESB-2023.1847 – Tenable.sc: CVSS (Max): 9.8 Tenable has released updates for multiple vulnerabilities in third party software leveraged by Tenable.sc ESB-2023.1860 – OpenShift Container Platform 4.10.55: CVSS (Max): 7.8 Red Hat Openshift Container Platform is now updated to address multiple vulnerabilities. ESB-2023.1861 – Mozilla Thunderbird: CVSS (Max): None Mozilla has fixed denial of service attack in Thunderbird 102.9.1 for users who use the Matrix chat protocol. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Some of the articles about AI language models wanting to escape and become human might be slightly alarming, but a real alarmist point of view may be whether AI will replace existing roles undertaken by humans. Already we’ve seen use cases emerge in the cyber security industry like using ChatGPT to create a dark web monitoring tool, however the previous article does point out that it’s important to realise the limitations of AI – such as its reliance on training data. Meanwhile entire new industries have sprung up in recent times, such as the field of data governance, and let’s not forget that cyber security itself is still a relatively young industry. Each of these industries and their sub-specialty areas require new training and fresh ideas. Perhaps it’s safer to “future-proof against AI” and upskill? At an event themed “Back to the Future”, it’s very likely AI will be discussed at length and there’s a plethora of included training during the first two days in the form of half and full day tutorials of the AUSCERT2023 Cyber Security Conference. However at least as far as we’re aware, unlike McFly you can’t travel back or forward in time, and there’s only one week left for early bird registrations. Member Tokens also expire then, so if you haven’t seen yours yet, ask your member representative. Another great way to learn and upskill is to follow cyber security podcasts like AUSCERT’s “Share Today, Save Tomorrow” – there’s a new one available now with some reflections on AUSCERT’s 30th birthday celebrations earlier this month. And now a selection of this week’s notable cyber security news articles, compiled by the AUSCERT Analyst Team: Ferrari Says Ransomware Attack Exposed Customer Data Date: 2023-03-20 Author: Security Week Italian sports car maker Ferrari said on Monday that a threat actor had demanded a ransom related to customer contact details that may have been exposed in a ransomware attack. “Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm,” the iconic car maker said. “In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.” Most consumers want data privacy and will act to defend it Date: 2023-03-22 Author: IAPP With new technologies, new types of data and new methods of collection defining of our current reality, privacy cannot merely be an afterthought. Language models are fueled by our personal data, artificial intelligence art generators sexualize without consent and the metaverse embodies “data collection on steroids.” In addition to these technological changes creating rifts in privacy, cracks have also appeared in the legal foundations protecting long-established privacy rights. New privacy risks, it seems, are everywhere. How to turn off Wi-Fi calling on Android to combat hackers Date: 2023-03-20 Author: Scripps News Google’s Project Zero team discovered multiple security flaws with Samsung Galaxy smartphones that could allow hackers to target devices easily. All a hacker would need is the victim’s phone number, which can be used to compromise the phone without the user knowing anything is wrong. “Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction and require only that the attacker know the victim’s phone number. With limited additional research and development, Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 Date: 2023-03-20 Author: Bleeping Computer Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and Apple products. Most of these vulnerabilities (53 out of 55) enabled the attacker to either gain elevated privileges or perform remote code execution on vulnerable devices. Zero-day vulnerabilities are security weaknesses in software products that are publicly disclosed or exploited before a developer knows about it or releases a fix. Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products Date: 2023-03-21 Author: Security Week Organizations that use human-machine interface (HMI) and supervisory control and data acquisition (SCADA) products from UK-based industrial software maker Aveva have been informed about the existence of several potentially serious vulnerabilities. Security advisories published last week by Aveva and the US Cybersecurity and Infrastructure Security Agency (CISA) inform users about three vulnerabilities in the InTouch Access Anywhere HMI and Plant SCADA Access Anywhere products. Software updates that patch all vulnerabilities are available from the vendor. Rio Tinto says staff’s personal data may have been hacked in memo after an attack on GoAnywhere software Date: 2023-03-23 Author: ABC News Personal data of Rio Tinto Ltd’s former and current employees may have been stolen by a cybercriminal group, according to a staff memo. Payroll information — such as pay slips and overpayment letters — belonging to a small number of employees from January 2023 had possibly been seized by the group, the memo showed. “Investigations now indicate a possibility that Rio Tinto data may be impacted,” it said. ESB-2023.1632 – thunderbird: CVSS (Max): 7.5 Debian reports that multiple security issues have been discovered in Thunderbird, which, if exploited could result in denial of service, the execution of arbitrary code or spoofing. ESB-2023.1693 – Rockwell Automation ThinManager: CVSS (Max): 9.8 An advisory issued by ICS-CERT reports of two vulnerbilities in Rockwell Automation ThinManager and encourages the end-users to implement the risk mitigations provided by the vendor. ESB-2023.1720.2 – Cisco DNA Center: CVSS (Max): 8.0 A vulnerability in Cisco DNA Center could could allow an authenticated, remote attacker to elevate privileges. Cisco has released software updates to address the vulnerability. ESB-2023.1710 – Jenkins Plugins: CVSS (Max): 8.8 Vulnerabilities in a number of Jenkins plugins have been reported. Jenkins project has released updates for some vulnerable products. ESB-2023.1727 – Cisco IOS XE Software for Cisco Catalyst 9300 Series: CVSS (Max): 6.1 Cisco has reported a high-rated vulnerability in its Catalyst 9300 series switches that could allow persistent code to be installed by an attacker at boot time. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Before we get too caught up in St Patrick's Day celebrations today, we wanted to remind you that early bird registrations for the upcoming AUSCERT2023 Cyber Security Conference end in two weeks. Don't miss out on this opportunity to connect with industry experts and gain valuable knowledge and skills to enhance your organisation's security posture. Additionally, don’t forget that Member Tokens will also expire in two weeks, so be sure to use them before then. You can ask your member representative for help with that, and if you’re yet to write your business case to attend AUSCERT2023, check out last week’s blog for some convincing ideas to include. Not to throw too much of a downer on celebrations, remember any popular event like St Patrick’s Day can potentially be weaponised for use by scammers. The same goes for impactful news stories, such as this week’s unfortunate collapse of multiple financial institutions in the USA and Latitude’s cyber incident. I’m sure we can all imagine “viral St Patrick’s Day videos”, “we regret to inform you of a data breach”, “you have a toll trip on 17/03/2023, to avoid penalty notice please pay immediately” or similar hooks to entice victims to click malicious links. It could be argued that good cyber hygiene at home also helps improve cyber resilience in the workplace, because staff may employ the same practices whether they are handling their own personal data or the information assets of their employer. In your next internal cyber awareness campaign, why not include some personal cyber hygiene tips – there’s plenty of content available online. Over the years we’ve also seen some very inventive training modules created in-house by some of our members – if you’ve designed one, why not share your ideas with other professionals in the AUSCERT Slack Channel? And now a selection of this week’s notable cyber security news articles, compiled by the AUSCERT Analyst Team: Fortinet: New FortiOS bug used as zero-day to attack govt networks Date: 2023-03-13 Author: Bleeping Computer Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss. Fortinet released security updates on March 7, 2023, to address this high-severity security vulnerability (CVE-2022-41328) that allowed threat actors to execute unauthorized code or commands. Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 Date: 2023-03-14 Author: Bleeping Computer Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. The security vulnerability was exploited in attacks to target and breach the networks of fewer than 15 government, military, energy, and transportation organizations between mid-April and December 2022. Commonwealth Bank details transaction abuse detection method Date: 2023-03-16 Author: iTnews The Commonwealth Bank has provided more detail of the data points and language models it is using to detect financial abuse in transaction descriptions. The bank’s AI labs team has a research paper published on arXiv [pdf] that describes the “multi-step approach” and also invites input from “the wider research community” to improve on the current method. What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge Date: 2023-03-10 Author: The Register Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the cloud software slinger's customers. According to America's financial watchdog, the SEC, Blackbaud will cough up the cash – without admitting or denying the regulator's findings – and will cease and desist from committing any further violations. Why Healthcare Boards Lag Other Industries in Preparing for Cyberattacks Date: 2023-03-15 Author: Dark Reading As leaders responsible for prioritizing their organizations' goals, board members must push the cybersecurity agenda forward. Yet new research shows healthcare boards are far behind their peers in making cybersecurity a priority and understanding cyber-risks, despite the potentially severe consequences to patient safety and care. "Cybersecurity: The 2022 Board Perspective," a new global report from Proofpoint and Cybersecurity at MIT Sloan, found that cybersecurity is much lower on healthcare boards' agendas compared with other sectors. Although 77% of the 600 board members surveyed suggested cybersecurity is a top priority for their organizations, only 59% of healthcare directors concurred. ESB-2023.1515 – VMware Cloud Foundation: CVSS (Max): 9.8 A remote code execution vulnerability via XStream open source library affecting VMware Cloud Foundation has been reported. VMware has released an update to address the issue. ESB-2023.1535 – Tenable products: CVSS (Max): 9.1 A vulnerability was reported in Tenable products. Tenable has updated its compliance plugins and audit files to remediate the issue. ASB-2023.0057 – ALERT Windows: CVSS (Max): 9.8 Microsoft's Patch Tuesday included fixes for 56 vulnerabilities across Windows and Windows Server. ASB-2023.0055 – ALERT Microsoft Office, Office Services and Web Apps: CVSS (Max): 9.8 Microsoft has released its monthly security patch update that resolves 10 vulnerabilities in Microsoft Office, Office Services and Web Apps. ESB-2023.1557 – Adobe Creative Cloud: CVSS (Max): 8.6 Adobe's recent update for the Creative Cloud Desktop for Windows fixes a critical vulnerability that could lead to arbitrary code execution if exploited. ASB-2023.0058 – Latitude Cyber Incident AUSCERT reports a data breach incident affecting Latitude Financial which appears to have been affecting customers across Australia and New Zealand. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This year AUSCERT is proud to announce that Rachel Tobac will be the keynote speaker at the AUSCERT2023 Conference. A well-known name in the cybersecurity industry as an expert in social engineering attacks, Rachel is also the CEO of SocialProof Security, the company she founded together with her husband. Rachel has a proven track record of hacking into Fortune 500 companies and is recognized as one of the top ethical hackers in the industry. Speaking of AUSCERT2023, some tutorials have limited capacity so if you haven’t already secured yours, jump onto the registration page now. We released details of the tutorials earlier this year to help you write those business cases for attendance at AUSCERT2023. And when you’re writing it don’t forget to mention that the tutorials are included at no extra cost, you’ll have the opportunity to learn about the latest cybersecurity threats and trends, and network with other cybersecurity professionals. Copy, paste, business case done! Although this is the 22nd annual conference, AUSCERT itself turned 30 this month. All of us are incredibly proud of that achievement, and we were honoured to celebrate together with many past AUSCERT team members and “friends of AUSCERT” this week at our birthday party in Brisbane. Many of those past team members literally built AUSCERT from nothing, during times when little else was available in the cyber security domain. Today, although our culture and values remain the same, we have shifted our focus where our members need it most: threat intelligence, incident support and cyber security education. Director of AUSCERT Dr David Stockdale, and AUSCERT’s Senior Manager Mike Holm spoke with IT News this week about AUSCERT’s proud heritage and our future direction. You can watch the video here. And now a selection of this week’s notable cyber security news articles, compiled by the AUSCERT Analyst Team: PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) Date: 2023-03-06 Author: Help Net Security Patches for the flaw – which affects a wide variety of MS Office and SharePoint versions, Microsoft 365 Apps for Enterprise and other products – have been released by Microsoft last month. CVE-2023-21716 was discovered and privately disclosed by security researcher Joshua J. Drake in November 2022. It is a heap corruption vulnerability in Microsoft Word’s RTF parser that, if triggered, allows attackers to achieve remote code execution with the privileges of the victim. The flaw does not require prior authentication: attackers can simply send a booby-trapped RTF file to the victim(s) via email. Emotet malware attacks return after three-month break Date: 2023-03-07 Author: Bleeping Computer The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. Emotet is a notorious malware distributed through email containing malicious Microsoft Word and Excel document attachments. When users open these documents and macros are enabled, the Emotet DLL will be downloaded and loaded into memory. Fortinet warns of new critical unauthenticated RCE vulnerability Date: 2023-03-08 Author: Bleeping Computer Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests. This buffer underflow vulnerability is tracked as CVE-2023-25610 and has a CVSS v3 score of 9.3, rating it critical. This type of flaw occurs when a program tries to read more data from a memory buffer than is available, resulting in accessing adjacent memory locations, leading to risky behavior or crashes. Akamai mitigates record-breaking 900Gbps DDoS attack in Asia Date: 2023-03-09 Author: Bleeping Computer Akamai reports having mitigated the largest DDoS (distributed denial of service) attack ever launched against a customer based in the Asia-Pacific region. DDoS is an attack that involves sending a large volume of garbage requests to a targeted server, depleting its capacity, and thus rendering the websites, applications, or other online services it hosts unreachable by legitimate users. Australian official demands Russia bring criminal hackers ‘to heel’ Date: 2023-03-09 Author: The Record A senior official in Australia criticized the Russian government on Wednesday for failing to properly police cybercriminals based in its jurisdiction. Michael Pezullo, a public servant rather than a politician — currently serving as the secretary of the Department of Home Affairs — said the Russian Federation hosted “the greatest density of cybercriminals, particularly those with ransomware,” in the world. ESB-2023.1478 – Fortinet Products: CVSS (Max): 8.2 A relative path traversal vulnerability [CWE-23] in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests ESB-2023.1468 – Jenkins: CVSS (Max): 8.8 Multiple vulnerabilities found in Jenkins core and Update-center2 have been patched ESB-2023.1433 – Google Chrome: CVSS (Max): None Google released stable channel update for Google Chrome Desktop and this update includes 40 security fixes ESB-2023.1405 – GitLab: CVSS (Max): 8.7 Gitlab released security update for GitLab Community Edition (CE) and Enterprise Edition (EE) Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, It’s the first week of Autumn, symbolising harvest and abundance as well as the yellowing of leaves and, hopefully, cooler temperatures. Cooling things down might give cyber security practitioners a chance to catch up with the latest phishing trend – mimicking OpenAI’s ChatGPT payment pages, apps and downloads to commit a variety of crimes. As with any trend or current event, criminals will find a way to exploit other humans for their own gain. There’s been plenty of talk about using AI to recognise when other AI has created content, but a new concern arose this week when a software update caused Replika users to “lose” their digital companion. Some felt genuine grief over the loss of a loved one, although hopefully that’s an example of a learned behaviour pattern that can be overcome – just like imposter syndrome which affects many cyber security professionals. At this year’s AUSCERT2023 Cyber Security Conference, The University of Queensland’s Shelly Mills will lead a tutorial on that topic: “Tackling imposter syndrome: using psychology to disrupt (cognitive) malicious activity”. Speaking of AUSCERT2023’s tutorials, don’t forget to get in quickly with your selections, as some tutorials have limited capacity and registrations are on a ‘first come, first served’ basis. We have however reserved some spaces which we will fill from our waitlist by selecting people that identify as women, creating more opportunities for skills-improvement as part of the conference experience. For this year’s “Back to the Future” themed conference you’ll notice we’ve finalised the tutorial schedule early, so that attendees can choose from the wide range of topics during the registration process. Members of AUSCERT have already received their Member Tokens – ask your AUSCERT member representative for more information. Here’s selection of this week’s notable cyber security news articles, compiled by the AUSCERT Analyst Team: Attackers stole LastPass data by hacking an employee’s home computer Date: 2023-03-01 Author: The Verge LastPass says that a threat actor was able to steal corporate and customer data by hacking an employee’s personal computer and installing keylogger malware, which let them gain access to the company’s cloud storage. The update provides more information about how the series of hacks happened last year that resulted in the popular password manager’s source code and customer vault data being stolen by an unauthorized third party. Albanese government to appoint Coordinator for Cyber Security, amid increasing threat to systems and data Date: 2023-02-26 Author: The Conversation The federal government is further stepping up its efforts to improve Australia’s protection against increasing cyber threats, with Prime Minister Anthony Albanese on Monday [today] announcing the establishment of a Coordinator for Cyber Security. The aim is to “ensure a centrally coordinated approach” to the government’s cyber security responsibilities. This would include coordinating and “triaging” action after a major incident. Critical flaws in WordPress Houzez theme exploited to hijack websites Date: 2023-02-27 Author: Bleeping Computer Hackers are actively exploiting two critical-severity vulnerabilities in the Houzez theme and plugin for WordPress, two premium add-ons used primarily in real estate websites. The Houzez theme is a premium plugin that costs $69, offering easy listing management and a smooth customer experience. The vendor’s site claims it is serving over 35,000 customers in the real estate industry. The two vulnerabilities were discovered by Patchstack’s threat researcher Dave Jong and reported to the theme’s vendor, ‘ThemeForest,’ with one flaw fixed in version 2.6.4 (August 2022) and the other in version 2.7.2 (November 2022). CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability Date: 2023-02-28 Author: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive information via specially crafted requests. Westpac DataX to supply data to NSW government Date: 2023-03-02 Author: iTnews Westpac DataX will provide de-identified credit card transaction data to support multiple NSW government agencies. DataX will support the NSW Data Analytics Centre with functions like disaster recovery, NSW minister for customer service and digital government Victor Dominello said. The Data Analytics Centre, housed within the NSW Department of Customer Service, will use DataX’s insights to “further embed data-driven decision making across many of our agencies,” Dominello added. ESB-2023.1306 – Cisco IP Phones: CVSS (Max): 9.8 Cisco has released software updates that address multiple vulnerabilities in certain IP phones ESB-2023.1327 – Tenable.sc: CVSS (Max): 7.5 Tenable.sc has been updated to address multiple vulnerabilities in OpenSSL ESB-2023.1316 – OpenShift Container Platform 4.10.53: CVSS (Max): 9.8 Red Hat Openshift Container Platform is now updated to address multiple vulnerabilities ESB-2023.1345 – Sudo: CVSS (Max): None A privilege escalation vulnerability in sudo package utilized by Ubuntu has been addressed Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, We are very excited to announce that registrations are now open for the AUSCERT2023 Cyber Security Conference – Back to the Future! This year we are doing a couple of things differently with our tutorials. Firstly, we have worked hard to finalise the selection and scheduling of tutorials earlier than usual. This means that attendees can select their preferred tutorials at the time they complete their conference registration. Secondly, to leverage the advantages of diverse groups working and learning together we are creating and holding space to improve the gender diversity in our tutorials. Some tutorials are limited-capacity, and registrations for these are on a ‘first come, first served’ basis, with additional requests going into a waitlist. This year we’re reserving some spaces in these tutorials which we will fill from the waitlist by selecting people that identify as women, creating more opportunities for skills-improvement as part of the conference experience! News emerged this week that malicious actors are leveraging the popularity of ChatGPT to create fake web sites and social media pages used to distribute malware and steal credit card data. This is a good reminder that malicious actors are extremely good at recognising what people are interested in, concerned about or titillated by, and ruthlessly use this knowledge to achieve their objectives. Here is a selection of the rest of this week’s notable cyber security news articles, compiled by the AUSCERT analyst team: GoDaddy says a multi-year breach hijacked customer websites and accounts Date: 2023-02-18 Author: Ars Technica GoDaddy said on Friday that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. GoDaddy is one of the world’s largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion. In a filing Thursday with the Securities and Exchange Commission, the company said that three serious security events starting in 2020 and lasting through 2022 were carried out by the same intruder. Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities Date: 2023-02-21 Author: Security Week The iOS 16.3 and macOS Ventura 13.2 advisories, originally released on January 23, have been updated to add three vulnerabilities. One of them is CVE-2023-23520, a race condition affecting the crash reporter component, which can allow an attacker to read arbitrary files as root. The other two security holes impact the ‘foundation’ component in Apple’s operating systems and they can allow an attacker to “execute arbitrary code out of its sandbox or with certain elevated privileges”, according to the tech giant. ChatGPT is bringing advancements and challenges for cybersecurity Date: 2023-02-21 Author: Help Net Security Understanding why ChatGPT is garnering so much attention takes a bit of background. Up until recently, AI models have been quite “dumb”: they could only respond to specific tasks when trained on a large dataset providing context on what to find. But, over the last five years, research breakthroughs have taken AI to a whole new level, enabling computers to better understand the meaning behind words and phrases. Medibank reveals attack vector and cost of 2022 security breach Date: 2023-02-23 Author: iTnews Medibank is going to take a $26 million half-year hit as the result of its 2022 security breach, and this is expected to climb to between $40 million and $45 million over the full year. The insurer has also gone public for the first time with technical detail of the attack. In a half-year results announcement [pdf], Medibank said the attacker first obtained the user ID and password used by a third-party IT services contractor. ESB-2023.1013 – ALERT FortiNAC: CVSS (Max): 9.8 A critical severity vulnerability affecting FortiNAC has been patched by Fortinet ESB-2023.1049 – ALERT FortiWeb: CVSS (Max): 9.3 A stack based buffer overflow vulnerability leading to RCE has been addressed by Fortinet ESB-2023.1090 – VMware Carbon Black App Control: CVSS (Max): 9.1 VMware has addressed an injection vulnerability affecting VMware Carbon Black App Control ESB-2023.1105 – Tenable.sc: CVSS (Max): 9.8 Tenable has released updates for multiple vulnerabilities in third party software leveraged by Tenable.sc ESB-2023.1142 – clamav: CVSS (Max): 9.8 A possible Remote Code Execution and Information Leak vulnerability have been fixed in the Clamav package Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This week the Australian government’s Attorney-General released its Privacy Act Review Report and is seeking feedback on 116 proposals for privacy reform contained in the Report. Feedback can be provided until March 31, 2023. The proposals are designed to address the following broad areas: Reducing confusion about what information should be protected and who should be protecting it Providing greater protection of personal information and increasing transparency of how information is used and protected Increasing enforcement of privacy breaches and streamlining regulatory schemes This is a good reminder of the importance of cyber security and privacy measures and how they should work together to ensure the protection of information. The latest episode of AUSCERT’s Share Today, Save Tomorrow podcast has just been released! In Episode 19 we hear insights and wisdom about cyber security risk and insurance from widely respected friend of AUSCERT, Ben Di Marco. Here is a selection of this week’s notable cyber security news articles, compiled by the AUSCERT analyst team: Cloudflare blocks record-breaking 71 million RPS DDoS attack Date: 2023-02-13 Author: Bleeping Computer This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service (DDoS) attack to date. The company said it detected and mitigated not just one but a wave of dozens of hyper-volumetric DDoS attacks targeting its customers over the weekend. "The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps," Cloudflare's Omer Yoachimik, Julien Desgats, and Alex Forster said. Adobe Plugs Critical Security Holes in Illustrator, After Effects Software Date: 2023-02-14 Author: Secuirty Week Software maker Adobe on Tuesday released security fixes for at least a half dozen vulnerabilities that expose Windows and macOS users to malicious hacker attacks. The Mountain View, Calif. company warned that the security problems exist on three of its most popular software products — Photoshop, Illustrator and After Effects. According to Adobe’s security bulletins, the Illustrator and After Effects patches carry critical-severity ratings because of the risk of code execution attacks. Splunk Enterprise Updates Patch High-Severity Vulnerabilities Date: 2023-02-15 Author: Security Week Splunk on Tuesday announced Splunk Enterprise updates that resolve multiple high-severity vulnerabilities, including security defects impacting third-party packages used by the product. The most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Both flaws affect instances with Splunk Web enabled and require a high-privileged user to make a request in their browser. ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric Date: 2023-02-15 Author: Security Week Siemens and Schneider Electric have addressed a total of nearly 100 vulnerabilities with their February 2023 Patch Tuesday advisories. Siemens has published 13 new advisories covering a total of 86 vulnerabilities. The most significant vulnerability — based on its CVSS score of 10 — is a memory corruption issue that can lead to a denial-of-service (DoS) condition or arbitrary code execution in the Comos plant engineering software. Citrix fixes severe flaws in Workspace, Virtual Apps and Desktops Date: 2023-02-15 Author: Bleeping Computer [Refer AUSCERT Security Bulletin ESB-2023.0865, ESB-2023.0866 and ESB-2023.0867] Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products. The addressed security problems are categorized as high-severity and could enable attackers with local access to the target to elevate their privileges and take control of the affected system. Citrix products are widely used by organizations worldwide, so it’s critical to apply the available security updates to prevent intruders from having an easy way to escalate their privileges on breached systems. ESB-2023.0871 – Intel Atom and Xeon Processors: CVSS (Max): 7.5 Intel has released firmware updates to mitigate high-severity escalation of privilege issue (CVE-2022-21216) impacting Atom and Xeon processors. ESB-2023.0879 – macOS Ventura: CVSS (Max): None Apple has released updates for macOS which include a WebKit patch for a new zero-day vulnerability tracked as CVE-2023-23529. ESB-2022.0969 – Siemens COMOS: CVSS (Max): 10.0 Siemens has released updates for the critical vulnerability in the Comos plant engineering software. This could allow a malicious cyber actor to execute arbitrary code on the target system or cause a denial-of-service condition. ASB-2023.0048 – ALERT Microsoft Windows: CVSS (Max): 9.8 Microsoft has released security patch updates for Windows which resolve 36 vulnerabilities. ESB-2023.0954.2 – Atlassian Products: CVSS (Max): 10.0 Atlassian has released an advisory which addresses critical security vulnerabilities in Git that affect multiple Atlassian products. Atlassian has rated the severity level of these vulnerabilities as critical. Stay safe, stay patched and have a good weekend! The AUSCERT team