//Week in review - 14 Apr 2023
Greetings,
With Easter celebrations now behind us, let us embrace the spirit of this holiday as a chance to embark on new adventures, pursue new goals and embrace new experiences. As Autumn unfolds around us temperatures begin to cool and leaves begin to change, it is a powerful reminder of the ever-evolving nature of our world. With it we must ensure to be constantly developing new skills and acquiring knowledge to continue our own self-growth and improvement.
Just like nature the digital world is constantly growing and evolving, with new technologies, platforms and applications emerging at an unprecedented rate. The rapid growth and evolution of technological advancements has transformed the digital landscape, and today we are witnessing a whole new era of innovation. We encourage members to undertake frequent cyber security training and courses to promote a culture of awareness and help protect against threats and attacks as new vulnerabilities emerge in the ever-evolving digital environment.
This year we have a wide variety of exciting tutorials featured in our AusCERT2023 conference program specifically designed to ensure your organisation is properly equipped. Particularly the workshops from the SANS Institute ,the world’s largest provider of cyber security training. Spaces are limited so register now!
Recently popular targets of cyber-attacks include Microsoft and Adobe software, with increasing reports of vulnerabilities. For the second month in a row Microsoft is pushing out urgent updates to fix an already exploited vulnerability in its flagship windows operating systems. This was announced the same day that Adobe rolled out security fixes to 56 vulnerabilities in a wide range of its products.
With high profile software companies under constant threat of malicious activity and potential exposure of consumer data it is important to work together and develop a better strategy to safeguard our cyber security. A reminder the government’s 2023-2030 Australian Cyber Security Strategy Discussion papers are due by tomorrow. Submit your views and recommendations on how the government can better secure the digital economy and thriving cyber ecosystem.
…
Exploit available for critical bug in VM2 JavaScript sandbox library
Date: 2023-04-07
Author: Bleeping Computer
[See ASB-2023.0060]
Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment.
The library is designed to run untrusted code in an isolated context on Node.js servers. It allows partial execution of the code and prevents unauthorized access to system resources or to external data.
Microsoft Patches Another Already-Exploited Windows Zero-Day
Date: 2023-04-11
Author: Security Week
[See ASB-2023.0061]
For the second month in a row, Microsoft is pushing out urgent patches to cover an already-exploited vulnerability in its flagship Windows operating system.
The vulnerability, flagged as zero-day by researchers at Mandiant, is described as an elevation of privilege issue in the Windows Common Log File System driver.
In an advisory documenting the CVE-2023-28252, Redmond warns that an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
3CX confirms North Korean hackers behind supply chain attack
Date: 2023-04-12
Author: Bleeping Computer
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month’s supply chain attack.
“Based on the Mandiant investigation into the 3CX intrusion and supply chain attack thus far, they attribute the activity to a cluster named UNC4736. Mandiant assesses with high confidence that UNC4736 has a North Korean nexus,” 3CX CISO Pierre Jourdan said today.
Windows admins warned to patch critical MSMQ QueueJumper bug
Date: 2023-04-12
Author: Bleeping Computer
Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month’s Patch Tuesday and exposing hundreds of thousands of systems to attacks.
MSMQ is available on all Windows operating systems as an optional component that provides apps with network communication capabilities with “guaranteed message delivery,” and it can be enabled via PowerShell or the Control Panel.
MSI hit in cyberattack, warns against installing knock-off firmware
Date: 2023-04-07
Author: The Register
Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device’s firmware or BIOS after the manufacturer revealed it has recently suffered a cyberattack.
In a statement shared on Friday, MSI urged users “to obtain firmware/BIOS updates only from its official website,” and to avoid using files from other sources.
ESB-2023.2108 – Adobe Acrobat and Reader: CVSS (Max): 8.6
Adobe has released security updates for Adobe Acrobat and Reader for Windows
and macOS which fix arbitrary code execution, privilege escalation, security feature bypass and memory leak vulnerabilities.
ASB-2023.0066 – ALERT Microsoft ESU: CVSS (Max): 9.8
Microsoft has released its monthly security patch update which resolves 44 vulnerabilities across Microsoft Extended Security Update (ESU).
ASB-2023.0061 – ALERT Windows: CVSS (Max): 9.8
Microsoft’s most recent security patch update resolves 77 vulnerabilities in Windows and Windows Server.
ESB-2023.2063 – ALERT macOS Monterey: CVSS (Max): None
Apple has released macOS Monterey 12.6.5 which delivers important security enhancements to Mac devices running macOS Monterrey.
ESB-2023.2065 – ALERT macOS Big Sur: CVSS (Max): None
Apple released a security update for macOS Big Sur which according to Apple’s security updated notes fixes the vulnerability labeled CVE-2023-28206.
ESB-2023.2062 – ALERT macOS Ventura: CVSS (Max): None
Apple pushed a new macOS Ventura 13.3.1 update which includes bug fixes and security updates for CVE-2023-28206 and CVE-2023-28205.
Stay safe, stay patched and have a good weekend!
The AusCERT team
