Publications

AUSCERT 30 Years 30 Stories – Gary Gaskell With three decades of experience in cyber security, Gary Gaskell has been putting his skills to good use by helping those with limited cyber security knowledge grow their capabilities. Based in Brisbane, Gary is a long-time AUSCERT supporter and delivers some of AUSCERT’s training programs. With a long history in cyber security, how does the industry compare from when you started? Starting 30 years ago, it was exciting. We were on the edge of something new, doing business over the Internet. We began communicating simply across borders and much faster than fax machines and letters. For the past 20 years, I’ve been working for myself, which specifically means working for others. I help individuals lift their security levels, developing strategies and understanding their risk environment. What kind of training do you provide? And why do you think this training is important? For those who have been in the industry from the start, it’s time to give back. There’s a big skill shortage in this country, where everyone should benefit from experiences like mine. I can assist clients in tackling novel situations, direct them to good information and help improve security for their organisations. Training is a challenge due to a diversity of knowledge required to secure our complex systems today. In the beginning, we had computers we called mainframes and they were easily controlled. Now there are thousands of different technologies. Our main goal is to help individuals understand the fundamental principles. What does the future hold for AUSCERT? And how do you see the organisation continuing to play a vital role in the cyber security community? AUSCERT creates huge awareness and provides opportunities for individuals to lift their knowledge and skills. For example, leading and starting the AUSCERT conference. With AUSCERT’s leadership, they created this conference, providing a platform for practitioners to share case studies. We began to share what worked and what didn’t work, learning about the future. I go to other conferences in Australia as well, but when I return to work, the things I add to my checklist are from the high-quality speakers that attend AUSCERT. I wouldn’t miss it. What sets AUSCERT apart from other organisations in the cyber security space? AUSCERT is unique in our community. They’re eager to share their information, whilst commercial suppliers typically share a limited selection of their data. Many government competitors are conscious of classification, regulating who and what they share. Whilst AUSCERT provides a holistic approach for its members, enabling agility. It’s that can-do attitude, joined by many great technicians that makes AUSCERT stand out. How should organisations facilitate skill improvement? And why is this important? AUSCERT’s training programs aim to address the skill shortages in our community. Often incidents occur due to individuals being unaware of free security features. I believe problems occur due to a lack of awareness.  AUSCERT is here to rectify this. The Cyber Security 101 course helps organisations understand the basic features available to keep companies secure. The classes are very popular and appreciated by all those who attend. Why would you encourage others to become AUSCERT members? AUSCERT has a depth of experience in responding to crises due to its long history. Their mature approach to understanding incidents and providing management is unlike any other organisation. AUSCERT’s incident management is preparing you for the unexpected. It’s not just an individual playbook for ransomware on a Windows product. That’s a key value that AUSCERT provides.  

Greetings, As the long weekend approaches, and we eagerly anticipate time away from work and the daily grind, it's important to remain aware that holidays can create opportunities for cyber criminals to exploit vulnerabilities and launch phishing scams. Attacks tend to increase during holiday season when people are often more distracted and may be expecting various online communications and transactions related to holiday shopping, travel plans and gifts from friends and family Recently a persistent gift card phishing campaign has been circulating, leaving unsuspecting individuals vulnerable to cyber attacks. This ongoing gift card scam continues to evolve, recently employing random email accounts from Gmail or compromised domains. It typically impersonates company CEOs and targets both employees’ personal and work email addresses. Some of the deceptive Gmail accounts include aliases like “teamrecognition@gmail.com” or “ceo.name@gmail.com” making it increasingly challenging to detect. Even emails with innocent subject lines like “Recognizing Excellence” – Prompt Response!! Could be part of the scam. To say safe here’s what you can do: Know the Danger: Make sure your constituents are aware that this phishing scam is common, explain how it works and why it’s a threat. Any requests that ask for gift cards to be purchased are highly likely to be malicious. This is a great ‘red flag’ to be used in awareness messaging. Check Emails Carefully: Look closely at the sender’s email address, especially if they’re asking you to buy gift cards or give out personal information. If anything seems suspicious, contact the person using a different communications method (not using the reply-to address in the original email) to check. Using the phone is usually very effective. Have a plan: Know what to do if you think you’ve been tricked by this scam of if you spot something suspicious. Have a plan to act quickly. Stay vigilant during holidays and be cautious when receiving unsolicited requests for gift cards or any form of payment. Always verify the legitimacy of the request, especially if it seems unusual or urgent. For more information on how to stay ahead of these scams visit Avoiding and Reporting Gift Card Scams & Protecting yourself from Gift Card Scams New Cisco IOS Zero-Day Delivers a Double Punch Date: 2023-09-29 Author: Dark Reading A vulnerability affecting Cisco operating systems could enable attackers to take full control of affected devices, execute arbitrary code, and cause reloads that trigger denial of service (DoS) conditions. And at least one attempt at exploitation has already occurred in the wild. Progress warns of maximum severity WS_FTP Server vulnerability Date: 2023-09-28 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via email] Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software. The company says thousands of IT teams worldwide use its enterprise-grade WS_FTP Server secure file transfer software. In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover Date: 2023-09-25 Author: Security Week [AUSCERT has identified the impacted members (where possible) and contacted them via email] A critical vulnerability in the TeamCity CI/CD server could be exploited remotely, without authentication, to execute arbitrary code and gain administrative control over a vulnerable server. Developed by JetBrains, TeamCity is a general-purpose build management and continuous integration platform available both for on-premises installation and as a cloud service. The recently identified critical flaw, tracked as CVE-2023-42793 (CVSS score of 9.8), is described as an authentication bypass impacting the on-premises version of TeamCity. Google assigns new maximum rated CVE to libwebp bug exploited in attacks Date: 2023-09-26 Author: Bleeping Computer Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago. The company initially disclosed the flaw as a Chrome weakness, tracked as CVE-2023-4863, rather than assigning it to the open-source libwebp library used to encode and decode images in WebP format. Hackers actively exploiting Openfire flaw to encrypt servers Date: 2023-09-26 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via email] Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. Openfire is a widely used Java-based open-source chat (XMPP) server downloaded 9 million times and used extensively for secure, multi-platform chat communications. ESB-2023.5513 – macOS Sonoma 14: CVSS (Max): 9.8* Apple released macOS 14 Sonoma and the latest version of the operating system patches over 60 vulnerabilities. ESB-2023.5533 – Mozilla Firefox: CVSS (Max): None Mozilla released Firefox 118 with patches for nine vulnerabilities,including high-severity flaws. ESB-2023.5538 – Cisco Catalyst SD-WAN Manager: CVSS (Max): 9.8 Cisco has patched vulnerabilities in several versions of its Catalyst SD-WAN software.The most critical is an unauthorised access vulnerability in Catalyst SD-WAN’s security assertion markup language (SAML) APIs. ESB-2023.5547 – Cisco IOS and IOS XE Software: CVSS (Max): 6.6 Cisco has released patches for multiple vulnerabilities impacting its products, including a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild. Stay safe, stay patched and have a good weekend! The AUSCERT team

  AUSCERT 30 Years 30 Stories – Jamie Gillespie Past AUSCERT employee and long-time supporter, Jamie Gillespie kickstarted his career in cyber security as AUSCERT experienced massive growth in the early 2000s. Allowing Jamie to travel internationally, he looks back on his time with AUSCERT with appreciation. Now working at the Asia-Pacific Network Information Centre (APNIC), Jamie is a repeat speaker at AUSCERT conferences. How long did you work for AUSCERT? I was a senior security analyst for eight years in the early 2000s when AUSCERT was small and experiencing lots of growth. In 2002 AUSCERT held its first conference, which I was lucky enough to help plan, organise and execute, doing so for several years after that. We also conducted the first computer crime and security survey in 2002. Working with Katherine Kerr and the rest of the team, we asked the questions, analysed the data, and created presentations to showcase at AUSCERT and other conferences as well. What’s it like being a speaker at the AUSCERT conference? What will you be talking about this year? I’ve spoken at the AUSCERT conference for a couple of years now. Last year my presentation was on APNIC’s Vulnerability Reporting Program. This year, my presentation was on TLS implementations of SMTP servers. It’s a niche topic, but I had a good time putting the data together, and a lot of delegates were interested as well. It was great to be able to share my research and tips on improving SMTP and email security. Can you describe a particularly memorable experience you had when working at AUSCERT? The most memorable parts of working at AUSCERT was when I moved into the training team. We were delivering training in capital cities around Australia and New Zealand. We delivered technical training as well as security management training. I went to many countries doing Computer Security Incident Response Team training (CSIRT), helping them to grow or establish their teams. Thailand was my favourite, but I also travelled to Papua New Guinea, Mexico, Chile, Peru, and Singapore. I found helping other countries create their own national security teams to be very rewarding. Some governments took longer than others, but now I can look back and see these countries with established national security teams, participating in global cooperative efforts to make the internet more secure. How has the cyber security landscape changed since you worked at AUSCERT, and what new threats have emerged? Security has changed a lot since my time at AUSCERT. In the eight years I was there, we began selling security to organisations, informing them of the importance of security programs and technical security uplifts. Now with the high publicity of major security breaches, such as Optus and Medibank, it’s impacting almost everyone on a personal level. It doesn’t matter if they’re regular employees in an organisation or on the board and C-suite, employees understand security because they’re being impacted day to day. On a corporate level, this has made security discussions much easier. How do you think AUSCERT support their members in achieving their security posture and what are some of the most effective strategies you used? In the early 2000s, we had the basic incident response and training services, but now AUSCERT has expanded. The number of services that they’re providing, both technical and human interaction are wonderful. The AUSCERT Cyber Security Conference is a great forum for raising security awareness and providing knowledge sharing. When AUSCERT started in 2002, there were no good independent security conferences in Australia. Some were vendor-based, but it was largely vendor pitches. The general services that AUSCERT provide to all members have been growing and I’m excited to see what AUSCERT does next. How has your experience working at AUSCERT influenced your career path and approach to cyber security? When I started at AUSCERT in 2001, I had recently moved from Canada and while I was working in IT, I didn’t have the opportunity to concentrate on a dedicated information security role. My senior security analyst role at AUSCERT gave me the opportunity to concentrate on security. The eight years that I spent at AUSCERT really kickstarted my information and cyber security career. I have a lot to pay back to AUSCERT for the opportunity that they gave me at that time and how they helped me progress in my career. AUSCERT is responsible for a significant portion of where I am today.  

AUSCERT 30 Years 30 Stories – Victor Bradbury Manager of Information Technology at St. Michael’s College, Victor Bradbury has been attending the AUSCERT Conference for seven years. Grateful for the trust and community built at AUSCERT, Victor reflects on his conference visits as not only the perfect way for him to safeguard his school, but to constantly stay up to date with cyber security information and to consecutively win the speed Lego building competition. After your first conference, what motivated you to become a member? St. Michael’s is a small school so when I attended my first conference, there were all the big boys, the corporates and a lot of the universities. After talking to everyone, I quickly realised what I didn’t know, but everyone looks after you at AUSCERT. It’s a strong community that all the people I spoke to at the first conference I speak to now, seven years later. I learned all my security basics from that first conference. What are some key benefits you’ve experienced as an AUSCERT member? The main benefits would be the certificate service. Additionally, the contacts you make are so important. If I have any issues, I can go straight to them to ask. We thankfully haven’t had to use any of AUSCERT serious takedown services yet, and hopefully, we never do, but having AUSCERT in our back pocket gives us peace of mind. Looking ahead, what do you think the future holds for AUSCERT, and how do you see the organisation continuing to play a vital role in the cyber security community? I think AUSCERT’s future is bright because it’s not-for-profit. You can trust what everyone’s telling you and what they’re doing. AUSCERT has set the industry standard and is highly respected. From corporates and universities down to small businesses like us, this sense of trust is so important.  How has your membership in AUSCERT impacted your organisation’s overall approach to cyber security, and what changes have you implemented as a result of your involvement with the organisation? When I first came to the conference, I didn’t know what was going on in the cyber security world, and it could have been very intimidating. Each year there seems to be a new threat, which can be hard to keep up. AUSCERT is three to six months ahead of what you might see on the media and they keep me ahead of the game. I look at what the corporate organisations are doing and then scale it down to suit us. Can you speak to that point specifically about cyber security for schools? Do you think your school is ahead of other schools? I’m unsure if we’re ahead but I take the approach that if I look at what people are doing in the industry and scale it for our use, we can minimise risk. We have security 24/7 for our school. That would be unheard of five years ago. Anything else you would like to add? I would like to say thank you to the team. They are a great bunch of people to work with. As a small fish in this industry, we are treated just as well as the large corporations that partner with AUSCERT and I think that’s amazing.

Greetings, This week, two of our team members had the privilege to travel to the tropical island of Vanuatu for an annual cyber security conference. Organised and hosted by the Forum of Incident Response and Security Teams (FIRST), the annual conference centres around the global challenges faced worldwide. The conference features international speakers who delve into a wide array of topics, encompassing the most relevant developments in incident response and prevention, vulnerability analysis, security management and policy issues. This event is always highly anticipated by our team as it provides a valuable opportunity to reconnect with friends from other incident response teams across the globe. Founded in 1990, FIRST was established with the primary objective of improving communication and relationships among cyber security teams worldwide. Its mission is to foster trust-building amongst its members and eliminate cultural and political borders and boundaries. It has grown into a global forum that fosters collaboration and cooperation across diverse regions and organisations, facilitating a deeper understanding and insight in cyber security. AUSCERT has maintained a strong relationship with FIRST, working together closely for an astonishing twenty-seven years and counting! Moving on to other updates, AUSCERT has partnered with UQSchoolsNet to create a series of informative workshops for teachers. The “Engaging Minds” workshop is designed to educate teachers on navigating the complexities of the modern cyber world, empowering them to educate and inspire the minds of tomorrow. This workshop offers valuable hands-on learning experiences, enabling them to seamlessly integrate IT and computing into their curriculum. It will cover the following key areas: Foundations of AI and its implications Interactive sessions led by researchers in IT and computing-related fields Fundamentals of binary coding providing tangible tools for teaching Societal impact of technology Fundamentals of cybersecurity, including knowledge about different threats and methods to safeguard against them Insights and knowledge from industry experts in computer science and IT. Each participant in this workshop will be awarded a Certificate of Participation and provided with essential teaching resources. Additionally, ongoing educational support will be available to ensure continued growth in IT education. The workshop also includes meals throughout the day and accommodation for participants traveling from interstate. The upcoming workshops are scheduled for December 12th and 13th. If you’re interested in participating or would like more information please don’t hesitate to reach out via email at – schoolsnet@uq.edu.au Industry to gov: improve digital ID as part of cyber security strategy Date: 2023-09-18 Author: iTnews A clear industry consensus in favour of government-backed digital ID has emerged across submissions to the govermment's revised cyber security strategy consultation. NAB explained its support for strong digital ID comes from a desire for a zero-knowledge proof of ID. ANZ Banking Group agrees, saying such a regime would “help minimise the volume of identity documents collected and stored.” How the ACSC can help during a cyber security incident Date: 2023-09-11 Author: Cyber Gov Au The Australian Signal’s Directorate’s Australian Cyber Security Centre’s (ACSC) incident management capabilities provide technical advice and assistance to support Australian organisations through a cyber security incident response. In September, ASD’s ACSC introduced a new publication, How the ACSC can help during a cyber security incident. Read the new publication and learn how ASD’s ACSC can support your organisation if you are impacted by a cyber security incident. Microsoft Azure Data Leak Exposes Dangers of File-Sharing Links Date: 2023-09-19 Author: Dark Reading An overly permissive file-sharing link allowed public access to a massive 38TB storage bucket containing private Microsoft data, leaving a variety of development secrets — including passwords, Teams messages, and files from two employees' workstations — accessible to attackers. Government to create six "cyber shields" to layer Australian protection Date: 2023-09-18 Author: iTnews The government will frame a revised cyber security strategy later this year around six “cyber shields” it plans to build as a multi-layered defence against attacks. Home Affairs Minister Clare O’Neil unveiled the structure at an AFR Cyber Summit on Monday. O’Neil described the shields as being built “around our nation” and as being elements of a “cohesive, planned national response that builds to a more protected Australia.” How the FBI Fights Back Against Worldwide Cyberattacks Date: 2023-09-19 Author: Security Intelligence The FBI maintains a division called the Cyber Division (CyD), responsible for investigating and prosecuting cyber crimes. The organization focuses on threats not only to the government and citizens but also to American companies. More than 1,000 CyD agents and analysts work in 56 US field offices and over 350 sub-offices. They also travel globally in Cyber Action Teams to help foreign nations with cyber crime and learn about threats to US interests. The FBI also works with the major three-letter U.S. agencies, including the CIA, DHS and the NSA. ESB-2023.5338 – ALERT GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 9.6 A critical severity vulnerability has been addressed in GitLab Community Edition and Enterprise Edition ESB-2023.5394 – Atlassian Products: CVSS (Max): 8.5* Atlassian has released patches for vulnerabilities identified in multiple products ESB-2023.5438 – Drupal Core: CVSS (Max): None A cache poisoning vulnerability has been found in Drupal Core (Drupal 7 is not affected) ESB-2023.5437 – Jenkins (core) and Jenkins Plugins: CVSS (Max): 8.0 Several vulnerabilities which impacts Jenkins Core and Plugins have been patched ESB-2023.5457 – macOS Monterey 12.7: CVSS (Max): None Apple has patched a privilege escalation vulnerability affecting macOS Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT 30 Years 30 Stories – Dushyant Sattiraju Attending the AUSCERT conference for the past six years and presenting for the past four, Dushyant Sattiraju speaks of the helpful platform AUSCERT has provided. As the Security Operations Manager at Deakin University, AUSCERT membership has enabled Dushyant to bounce ideas and receive timely, supportive feedback ensuring the university’s cyber safety. How did you first get involved with AUSCERT and what motivated you to become a member? When I first started at Deakin, I was the only security staff. As we didn’t have a history of security, I needed support. I reached out to the community to see if anyone was willing to share their stories about what they were doing and what they were they prioritising. AUSCERT was a welcoming community and I got to connect with other universities and organisations that had similar security history as me. The ongoing sharing of stories and learnings has been one of the main reasons for my involvement. What are some of the key benefits you’ve experienced as an AUSCERT member, both in terms of the resources and support offered? One of the key benefits of membership are the AUSCERT services. I used a few services at Deakin such as the take down system, along with the threat intel platform. I found the analyst in the team very supportive and ideal for bouncing ideas off. AUSCERT’s conferences are an interesting avenue to meet different people from different organisations and various sectors, which has been great as well. What advice would you give to someone considering becoming an AUSCERT member, and why do you believe that membership is valuable for organisations of all sizes and industries? You get a lot for what you pay for with the AUSCERT membership. Not only do you get access to the conferences and events, but you also get access to the community. The community is very generous in sharing and forthcoming. Trying to implement new technology? Ask your questions to the community and they’ll get back to you within minutes. AUSCERT has connected me to organisations that I had never met before, supporting discussions about our technology and security journey overall. Looking ahead, what do you think the future holds for AUSCERT, and how do you see the organisation continuing to play a vital role in the cyber security community? AUSCERT is great for connecting people. For example, there are a few subgroups, such as the university sharing community to increase collaboration and knowledge sharing. The past few years I’ve talked about our experiences and incidents we’ve had. I predict we will see a lot more of these stories in the future – a fantastic opportunity to continue learning.

AUSCERT 30 Years 30 stories – Daisy Wong Defining results-focused leadership, with a strong management connection, Daisy Wong is the Security Culture and Awareness Lead at Flybuys. Working with a disability, Daisy is an amazing thought leader and advocate for inclusive work environments. Daisy champions those with disabilities and shares why she appreciates AUSCERT’s inclusivity efforts. What advice would you give an organisation looking to prioritise diversity and inclusion, when hiring and retaining talent? For those reading, I have a physical disability which means I am in a wheelchair. Over the years, I have worked in a few organisations that weren’t prepared for me. I have arrived and found stairs, meaning I couldn’t even get into my workplace. I’ve experienced hiring managers ask inappropriate questions in interview settings such as – how do I make a cup of coffee and get back to my desk – a strange question, with nothing to do with the job. The number one thing I would recommend for organisations wanting to improve inclusivity is to ask the candidate or the person what they need to succeed. Don’t make assumptions that they cannot do something or make assumptions that they can. Create the ability during applications for accessibility information to be very clear. Although I have a physical disability, there are all different kinds of disabilities, for example, colour blindness, or audio issues, so it’s important to consider all disabilities – not just the visible ones. How has AUSCERT played a part in helping generate diversity and inclusion in the industry? AUSCERT has done a lot of good things relating to diversity in the industry. Firstly, the conference is always accessible. I’ve seen two other people in wheelchairs, and I’ve never had an issue getting up on the stage when presenting. Regarding the industry, AUSCERT is highly supportive of the Australian Women Security Network. I volunteer with this network, and they’ve always had a booth at the conference. AUSCERT also works with BDO, an inclusion technology company, showcasing how they support their initiatives. What strategies have you found most effective in creating an inclusive workplace culture? To create an inclusive culture for organisations, the best way is to ask the individuals and listen to their needs. Flybuys has done a great job; when I started, we had a conversation about my limitations and what I can do and can’t do. Since then, every event I’ve attended has been accessible and I don’t have to continually inform Flybuys. As an employer, you need open communication, a willingness to listen, and an ability to adapt and be flexible. How would you recommend organisations address discrimination bias in the workplace? Unfortunately, discrimination bias still happens, and organisations need to find ways to address them. The first thing to do is lead with empathy. Many individuals don’t understand that what they say hurts my feelings or makes me feel like I can’t ask for help next time. From a corporate or organisation point of view, training should be provided to staff because so many people make comments unconsciously. They may not have met someone in a wheelchair before and therefore might not know how to be helpful. For example, I don’t like my wheelchair being pushed without you asking, but if you see me struggling and you want to offer help, I do appreciate it. It’s about asking the person. How far do you think the industry has come and what do you think we can expect for the future? This is AUSCERT’s 30th year and 22nd conference, and only my second time, but I’ve noticed many changes. I’ve been in cyber industry for eight years, and I’ve already seen a lot of change. Firstly, there are more women. However, women still only represent 17% of the whole industry, meaning we’ve got a long way to go. That said, compared to other conferences, AUSCERT has a much healthier balance. AUSCERT values the encouragement of women in the industry, which I’ve observed AUSCERT apply to their own organisation by hiring females in roles.

Greetings, R U OK? Day serves as a powerful reminder of the significance of checking in on the well-being of others and actively listening to their concerns. In many cases individuals who are facing challenges may not openly express their feelings, and a simple empathetic conversation can make a world of difference. The act of asking “Are you okay” and genuinely listening, can provide emotional support and let someone know that they are not alone in their struggles. Meaningful connections and open dialogues about mental health contribute to building a supportive and compassionate community. Prioritizing mental health reduces the stigma and fosters an environment where people feel comfortable sharing their feelings and seeking help when needed. It’s a reminder that small acts of kindness and genuine concern can have a profound impact on someone’s life. The R U OK? Day website features a range of free resources for your workplace, home or community click here to visit their website. AUSCERT has always been an avid supporter and endorser of mental health support and services. This year at AUSCERT2023 we once again featured an on-site psychologist for attendees to visit and discuss anything from mental well-being right through to life coaching. We have created an on-going commitment to fostering a culture of support and understanding through promoting open conversations and creating a safe, inclusive environment for our community. Episode 15 of our Podcast explored the importance of understanding mental and physical well-being in the workplace with Dr Carla Rogers. Dr Carla Rogers, a renowned holistic psychologist, discusses the importance of understanding mental and physical well-being in the workplace. Dr Rogers explains the connection between mind and body along with techniques to help individuals identify, treat, and overcome challenges in the workplace. The Australian Department of Health also provides a useful resource – Head to Health which features a range of information resources to provide mental health support. In other news, some of our team ventured to the BSides Melbourne conference last weekend. We sat down with Lucas this week to hear his experience and highlights – you can read the full interview here. Also, there are still a few spots remaining in our upcoming Data Governance Principles and Practices training course, both the in-person session and online sessions. Get in quick before spaces fill up! Google fixes another Chrome zero-day bug exploited in attacks Date: 2023-09-11 Author: Bleeping Computer [See AUSCERT Security Bulletin 13 September 2023: ESB-2023.5207] Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year. "Google is aware that an exploit for CVE-2023-4863 exists in the wild," the company revealed in a security advisory published on Monday. The new version is currently rolling out to users in the Stable and Extended stable channels, and it's estimated that it will reach the entire user base over the coming days or weeks. Zero Day Summer: Microsoft Warns of Fresh New Software Exploits Date: 2023-09-12 Author: Security Week [See AUSCERT Security Bulletins 13 September 2023: ASB-2023.0169 and ASB-2023.0171] Microsoft’s struggles with zero-day exploits rolled into a new month with a fresh warning that two new Windows vulnerabilities are being targeted by malware attacks in the wild. As part of its scheduled batch of Patch Tuesday security fixes, Redmond’s security response team flagged the two zero-days — CVE-2023-36761 and CVE-2023-36802 — in the “exploitation detected” category and urged Windows sysadmins to urgently apply available fixes. Adobe warns of critical Acrobat and Reader zero-day exploited in attacks Date: 2023-09-12 Author: Bleeping Computer [See AUSCERT Security Bulletin 13 September 2023: ESB-2023.5195] Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks. Even though additional information on the attacks is yet to be disclosed, the zero-day is known to affect both Windows and macOS systems. "Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader," the company said in a security advisory published today. Apple races to patch the latest zero-day iPhone exploit Date: 2023-09-08 Author: The Register [See AUSCERT Security Bulletin 8 September 2023: ESB-2023.5123.2] Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild. Even running the latest version of iOS (16.6) is no defence against the exploit, which involves PassKit attachments containing malicious images. Once sent to the victim's iMessage account, the NSO Group's Pegasus spyware can be deployed without interaction. MGM Resorts ESXi servers allegedly encrypted in ransomware attack Date: 2023-09-14 Author: Bleeping Computer An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts’ operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM’s infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure. ASB-2023.0169 – ALERT Windows: CVSS (Max): 8.8 Microsoft’s most recent patch update resolves 21 vulnerabilities across Windows and Windows Server. ASB-2023.0171 – ALERT Microsoft 365 Apps: CVSS (Max): 8.8 Microsoft’s most recent patch Tuesday update resolves 8 vulnerabilities across Office, Office Services and Web Apps. ESB-2023.5195 – Adobe Acrobat and Reader: CVSS (Max): 7.8 Adobe has released security updates to patch a zero-day vulnerability exploited in the wild, impacting Acrobat and Reader. ESB-2023.5197 – Thunderbird, Firefox and Firefox ESR: CVSS (Max): 8.8 Mozilla has released security updates to patch a zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client. ESB-2023.5207 – Google Chrome: CVSS (Max): 8.8 Google released emergency security updates to fix the Chrome zero-day vulnerability exploited in the wild. Stay safe, stay patched and have a good weekend! The AUSCERT team

My Time on the BSide This week, a few AUSCERT staff members journeyed from sunny Brisbane to brave the crisp Melbourne air and participate in the annual BSides conference. BSides is a volunteer-driven initiative spearheaded by members of the infosec industry who share a common objective: to foster and support a thriving cybersecurity community. The conference offers a platform for first-time speakers, students, as well as new and experienced professionals to showcase their work in a friendly and welcoming environment. AUSCERT takes great pride in sponsoring this event and contributing to the growth of the cybersecurity industry in Australia. One of our AUSCERT team members who participated in BSides Melbourne last weekend was our Senior Software Developer, Lucas. This week, we had the opportunity to sit down with Lucas to delve into his highlights, favourite sessions, and other noteworthy aspects of the event. Here’s his first-hand account of the experience. Highlights One of my standout moments from the conference was teaming up with a colleague to take part in the Capture the Flag (CTF) competition. A CTF competition is composed of many different challenges that fall under different cybersecurity categories. The challenges vary in difficulty and are designed to test the participants cybersecurity skills, whilst also offering valuable hands-on learning and networking opportunities. These challenges provide a unique educational and training experience within a fun and competitive environment. As a software developer, I typically don’t engage in offensive security work. However, this challenge provided me with a unique opportunity to broaden my expertise and skills in this particular field. Achieving the 11th position in the challenge among 53 other competing teams was a proud moment for me. It demonstrated that I do possess a certain level of proficiency in this area and continues to motivate me to pursue further skill development in this field. Favourite Session One session that left a lasting impact on me was Paul McCarty’s talk on defending the software supply chain. As a software developer focusing on the development operations space, this session provided invaluable insights into crucial considerations and areas for improvement. In an era where the software supply chain faces increasingly sophisticated attacks, it’s imperative for software developers and engineers like me to comprehend how to safeguard against emerging and existing threats to the software supply chain. The session explored valuable open-source tools that can assist organisations in establishing new processes and developing tools to enhance the security of their software supply chains. The session put into perspective the breadth of the software supply chain and how it can be attacked, and it introduced me to some very useful open-source tools for visualising and improving the security of AUSCERT’s software supply chain. Interesting Aspects One particularly interesting aspect of the conference was the extensive focus on career support and guidance they offered. It was truly inspiring to witness the dedication to fostering professional development and the readiness to assist attendees at various stages of their careers. The conference featured sessions led by experts who offered invaluable advice and support, enabling individuals to expand and evolve in various aspects of their careers. Moreover, it encouraged attendees to explore new passions that might not yet exist in their current fields. In summary, my experience at BSides Melbourne was truly memorable, primarily due to the opportunity to connect with numerous outstanding individuals in the industry. The sessions were both relevant and engaging, and the warm and inviting attitude of the entire staff and community contributed to a friendly and welcoming atmosphere that everyone enjoyed!

Mikhail Lopushanski is the Chief Information Security Officer for Heritage Bank and has been in the information security space for close to 30 years. Involved with AUSCERT in its early days, Mikhail has an appreciation for the partnership that AUSCERT offers and its mission to help all organisation improve their information security.  How did you first become involved with AUSCERT, and what motivated you to become a member? I became an AUSCERT member in the late 90s. As an organisation, we required a partner, somebody that could help advise and mature our information security space. It was great having an organization that wasn’t connected to a vendor, government, or any particular area. AUSCERT helped my organisation to mature in that area with guidance, as well as providing us with alerts and starting to give us broader levels of alert capability than what we could do internally. How has AUSCERT evolved over the years, and what changes have you seen in the cyber security landscape that have affected the organisation’s work? AUSCERT has greatly developed since the late 90s. As a start-up coordinating globally, AUSCERT was able to provide information back to its members that was significantly up to date. You have to remember this is early days of internet and browser access. As AUSCERT developed, I’ve moved to several organisations and our needs have changed depending on our maturity. I found that AUSCERT was able to meet those needs regardless of what stage we were in. I’ve worked with AUSCERT across many projects, including setting up a threat intel group across the financial sector. AUSCERT fundamentally assisted me to set this up and to reach out to certain numbers that met the criteria of financial service spaces. I view AUSCERT as a true partner. How has your membership in AUSCERT impacted your organisation’s overall approach to cyber security? And what changes have you implemented as a result? AUSCERT is a partner that can help an organisation mature in this space. In my experience going from several organisations that are less mature in information security to other organisations that are quite mature, the needs from what we wanted AUSCERT to do changed from place to place. AUSCERT has certainly matured in this space over time. For a time they offered flying doctor service for incident response and they have really developed their capability for incident response, but also identification and threat intelligence and starting to provide quality IOCs and quality information to organisations. They shared this intelligence making it available across multiple industries. That development that AUSCERT created fell in line with how the industry over the years has also developed, becoming a real industry leader. Is there anything else you would like to add? Happy 30th AUSCERT and I look forward to working with you in the next few years!

Greetings, Who can believe that there are only a mere four months left until the end of the year – where has the year gone? Time really does fly by. With that said, the AUSCERT team are well and truly planning for next year’s conference and this year’s conference is already beginning to feel like a distant memory. To remind ourselves of the amazing time we had, we often enjoy revisiting and reliving the program of outstanding speakers and activities via our YouTube channel. One of our highlights for AUSCERT2023 was the significant presence of remarkable female speakers in our program. These include Tara Dharnikota’s session – “Staying ahead of evolving threats”, Jane O’Loughlin’s session – “What we do in the shadows” and our much-loved session led by Vanessa Wong & Shelly Mills – “You can’t ask that: Women in Cyber Security”. Not to mention our impressive keynote speaker Rachel Tobac, a globally renowned expert in the field of social engineering. Rachel is also chair of the board for the not-for-profit organisation Women in Security and Privacy (WISP) where she works to advance women to lead the future of privacy and security. Last week we celebrated Women In Cyber Day, an initiative aimed at promoting and supporting the advancement and support of women in cyber security. Increasing the proportion of women within the industry isn’t just about equity, it’s a strategic imperative for enhancing security, innovation, and the overall effectiveness of the field. Women often possess different skills that can complement those of their colleagues, including communication, attention to detail, and a collaborative approach to problem-solving. A wider range of perspectives is also beneficial when making decisions about security policies, products and practices, which can lead to better protection for all. Diversity fosters innovation and creativity, as it brings different perceptions that can lead to innovative solutions and approaches. To conclude, if you are looking for something to read across the weekend, NIST recently released an updated, draft guide detailing the creation of cybersecurity and privacy learning program. This is the first revision since NIST SP800-50 Building a Cybersecurity and Privacy Learning Program was introduced in 2003, a well-needed update. This initial public draft is open for community feedback until October 27, 2023. Click here to read the full document, NIST SP 800-50 Rev.1 University of Sydney data breach impacts recent applicants Date: 2023-09-03 Author: Bleeping Computer The University of Sydney (USYD) announced that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants. The public university started operations in 1850 and has nearly 70,000 students and about 8,500 academic and administrative personnel. It is considered one of Australia’s most important educational institutes. Exploit Code Published for Critical-Severity VMware Security Defect Date: 2023-09-01 Author: Security Week Just days after shipping a major security update to correct vulnerabilities in its Aria Operations for Networks product line, VMware is warning that exploit code has been published online. In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. Hackers exploit MinIO storage system to breach corporate networks Date: 2023-09-04 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via MSIN] Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers. MinIO is an open-source object storage service offering compatibility with Amazon S3 and the ability to store unstructured data, logs, backups, and container images of up to 50TB in size. Its high performance and versatility, especially for large-scale AI/ML and data lake applications, make MinIO a popular, cost-effective choice. Australian authorities tire of excuses, delays on data breach disclosure Date: 2023-09-05 Author: iTnews Australian authorities had to formally invoke powers to get a client list from a breached IT services provider, as problems persist in getting organisations to notify data breaches in a timely fashion. The issue of Australian organisations either seeking to downplay or delay mandatory notification of a data breach was raised more than two years ago. A regulatory report, released Tuesday, shows the issue persists. “Prompt notification ensures individuals are informed and can take further steps to protect themselves, such as being more alert to scams,” Australian information commissioner and privacy commissioner Angelene Falk said in a statement. Defence Housing Australia investigates third-party provider hack exposure Date: 2023-09-07 Author: iTnews Defence Housing Australia has launched an investigation to determine if it, or the data of Australian Defence personnel, has been exposed in a cyber attack on a third-party service provider. The government business enterprise (GBE) said it is collaborating with the Defence on the investigation, which sought to establish – among other things – “if any Defence personnel or families’ information has been compromised.” Scams Australia: Alarming surge in the number of teens being exploited online Date: 2023-09-04 Author: 9NEWS The number of young Australians being targeted by scammers online has surged in the last year, with concerning levels of sextortion taking place, new data suggests. Statistics released today by Westpac Banks show the number of scams reported by customers under the age of 18 have almost quadrupled since last year, and have more than doubled for those under 30. The data was concerning and showed a growing trend of scammers using techniques such as sextortion, Westpac General Manager of Financial Crime & Fraud Prevention, Chris Whittingham, said. ESB-2023.5018 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 5.5* GitLab released versions 16.3.1, 16.2.5 and 16.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) which contain important security fixes. ESB-2023.5067 – Mozilla VPN client for Linux: CVSS (Max): None Mozilla Foundation reported Local user authentication flaws impacting Mozilla VPN client on Linux. ESB-2023.5088 – Jenkins Plugins: CVSS (Max): 8.2* The most recent security advisory released by Jenkins lists vulnerabilities affecting 12 Jenkins Plugins. ESB-2023.5108 – ALERT Cisco BroadWorks Application Delivery Platform and Xtended Services Platform: CVSS (Max): 10.0 A vulnerability in Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an attacker to commit toll fraud or to execute commands at the privilege level of the affected system. ESB-2023.5117 – Python: CVSS (Max): 9.8 Python could be made to crash or leak sensitive information if it received specially crafted input. The problem can be corrected by updating your system. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Spring has sprung! Just as we begin to make plans to dust off and organise our homes during this season, it’s a perfect opportunity to freshen up and enhance our cyber security measures. Regularly reviewing, updating, and optimizing our digital habits can go a long way in safeguarding our sensitive information and ensuring a safer online experience. Take the time this month to refresh your security strategies! We have a new episode of our Share Today Save Tomorrow Podcast being released! In Episode 26 – Communication is Key Anthony sits down with Darren Pauli, a cyber security awareness practitioner and freelance journalist who explains the importance of effective written communication within the digital world. During the AUSCERT2023 conference Darren gave an exploratory talk on the simple steps to become a faster, more effective written communicator. In today’s digital landscape, the influence of technology spans every industry, compelling an increasing number of non-technical personnel to grapple with cyber-related matters for their organisations. Consequently, it has become paramount for information security professionals to use clear, concise, and simple language to ensure they are effectively conveying messages. Yesterday, experts from the University of Queensland (UQ) published a paper to address the generalised lack of guidance on the ethical treatment of corporate data in higher education institutions. While the focus of this study is on the Higher Education sector, the principles discussed can be extended to other industries and organisations. This paper offers valuable observations and insights that can serve as a guide for ethical data practices, as currently no actionable framework currently exists within Australia. Our new Data Governance Principles and Practices course is led by one of the authors of this paper – Sasenka Abeysooriya. This training can assist your organisation in developing a successful data governance framework, by teaching best practices and real-world examples of data governance in action. By participating in this course, attendees are equipped with the fundamental skills and knowledge they need to accelerate the development of a successful data governance program in their organisation. For members’ convenience, we are currently offering in-person and online delivery of this course. Advisory: Qlik Sense Enterprise for Windows Remote Code Execution Vulnerabilities Date: 2023-08-29 Author: Praetorian [AUSCERT has notified affected members of this vulnerability where possible] Recently, we discovered two vulnerabilities which can be chained together to achieve unauthenticated remote code execution on Qlik Sense Enterprise. At the moment, we are waiting to publish technical details on the vulnerability to give impacted organizations time to update their systems and remediate the vulnerability. Praetorian has worked closely with Qlik to responsibly disclose these vulnerabilities, CVE-2023-41265 (HTTP Tunneling Vulnerability in Qlik Sense Enterprise for Windows) and CVE-2023-41266 (Path Traversal in Qlik Sense Enterprise for Windows). Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Date: 2023-08-29 Author: Security Affairs [Please see AUSCERT bulletin https://portal.auscert.org.au/bulletins/ESB-2023.4858] Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. The most severe issue, tracked as CVE-2023-20200 (CVSS score 7.7), is a DoS bug that resides in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects. Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom Date: 2023-08-29 Author: The Hacker News A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as "highly responsive to defensive efforts" and capable of actively tweaking their modus operandi to maintain persistent access to targets. Ransomware attack dwell times fall, pressuring companies to quickly respond Date: 2023-08-23 Author: Cybersecurity Dive The median dwell time for ransomware attacks fell in the first half of 2023, down to 5 days from the 2022 average of 9 days, according to Sophos research released Wednesday. The majority of ransomware attacks are taking place during the work week, yet outside standard business hours, Sophos found. The bulk of 80 cases its incident response team worked on during the first half of 2023 took place between 11 p.m. and 8 a.m. in the target’s time zone. Attackers also strongly favoured a “late hour at the end of the week” to launch an attack. Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches Date: 2023-08-25 Author: The Hacker News The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective" and that it "continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit." ESB-2023.4982 – Red Hat Advanced Cluster Management 2.8.1: CVSS (Max): 9.8 Red Hat has released Critical security updates and fixes for Red Hat Advanced Cluster Management for Kubernetes. ESB-2023.4955 – Aria Operations for Networks: CVSS (Max): 9.8 Multiple critical severity vulnerabilities in Aria Operations for Networks were responsibly reported to VMware. Updates to remediate these vulnerabilities in affected VMware products have been released. ESB-2023.4858 – Cisco Products: CVSS (Max): 7.7 An SNMP Denial of Service Vulnerability affecting Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series devices has software updates to resolve the issue. ESB-2023.4883 – chromium: CVSS (Max): 8.8* Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. These issues have been fixed in a software update. ESB-2023.4890 – json-c: CVSS (Max): 9.8 json-c could be made to crash or execute arbitrary code if it received a specially crafted JSON file. This issue is resolved by updating to Ubuntu 22.04 – libjson-c5 – 0.15-3~ubuntu1.22.04.2. Stay safe, stay patched and have a good weekend! The AUSCERT team