Publications

Mikhail Lopushanski is the Chief Information Security Officer for Heritage Bank and has been in the information security space for close to 30 years. Involved with AUSCERT in its early days, Mikhail has an appreciation for the partnership that AUSCERT offers and its mission to help all organisation improve their information security.  How did you first become involved with AUSCERT, and what motivated you to become a member? I became an AUSCERT member in the late 90s. As an organisation, we required a partner, somebody that could help advise and mature our information security space. It was great having an organization that wasn’t connected to a vendor, government, or any particular area. AUSCERT helped my organisation to mature in that area with guidance, as well as providing us with alerts and starting to give us broader levels of alert capability than what we could do internally. How has AUSCERT evolved over the years, and what changes have you seen in the cyber security landscape that have affected the organisation’s work? AUSCERT has greatly developed since the late 90s. As a start-up coordinating globally, AUSCERT was able to provide information back to its members that was significantly up to date. You have to remember this is early days of internet and browser access. As AUSCERT developed, I’ve moved to several organisations and our needs have changed depending on our maturity. I found that AUSCERT was able to meet those needs regardless of what stage we were in. I’ve worked with AUSCERT across many projects, including setting up a threat intel group across the financial sector. AUSCERT fundamentally assisted me to set this up and to reach out to certain numbers that met the criteria of financial service spaces. I view AUSCERT as a true partner. How has your membership in AUSCERT impacted your organisation’s overall approach to cyber security? And what changes have you implemented as a result? AUSCERT is a partner that can help an organisation mature in this space. In my experience going from several organisations that are less mature in information security to other organisations that are quite mature, the needs from what we wanted AUSCERT to do changed from place to place. AUSCERT has certainly matured in this space over time. For a time they offered flying doctor service for incident response and they have really developed their capability for incident response, but also identification and threat intelligence and starting to provide quality IOCs and quality information to organisations. They shared this intelligence making it available across multiple industries. That development that AUSCERT created fell in line with how the industry over the years has also developed, becoming a real industry leader. Is there anything else you would like to add? Happy 30th AUSCERT and I look forward to working with you in the next few years!

Greetings, Who can believe that there are only a mere four months left until the end of the year – where has the year gone? Time really does fly by. With that said, the AUSCERT team are well and truly planning for next year’s conference and this year’s conference is already beginning to feel like a distant memory. To remind ourselves of the amazing time we had, we often enjoy revisiting and reliving the program of outstanding speakers and activities via our YouTube channel. One of our highlights for AUSCERT2023 was the significant presence of remarkable female speakers in our program. These include Tara Dharnikota’s session – “Staying ahead of evolving threats”, Jane O’Loughlin’s session – “What we do in the shadows” and our much-loved session led by Vanessa Wong & Shelly Mills – “You can’t ask that: Women in Cyber Security”. Not to mention our impressive keynote speaker Rachel Tobac, a globally renowned expert in the field of social engineering. Rachel is also chair of the board for the not-for-profit organisation Women in Security and Privacy (WISP) where she works to advance women to lead the future of privacy and security. Last week we celebrated Women In Cyber Day, an initiative aimed at promoting and supporting the advancement and support of women in cyber security. Increasing the proportion of women within the industry isn’t just about equity, it’s a strategic imperative for enhancing security, innovation, and the overall effectiveness of the field. Women often possess different skills that can complement those of their colleagues, including communication, attention to detail, and a collaborative approach to problem-solving. A wider range of perspectives is also beneficial when making decisions about security policies, products and practices, which can lead to better protection for all. Diversity fosters innovation and creativity, as it brings different perceptions that can lead to innovative solutions and approaches. To conclude, if you are looking for something to read across the weekend, NIST recently released an updated, draft guide detailing the creation of cybersecurity and privacy learning program. This is the first revision since NIST SP800-50 Building a Cybersecurity and Privacy Learning Program was introduced in 2003, a well-needed update. This initial public draft is open for community feedback until October 27, 2023. Click here to read the full document, NIST SP 800-50 Rev.1 University of Sydney data breach impacts recent applicants Date: 2023-09-03 Author: Bleeping Computer The University of Sydney (USYD) announced that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants. The public university started operations in 1850 and has nearly 70,000 students and about 8,500 academic and administrative personnel. It is considered one of Australia’s most important educational institutes. Exploit Code Published for Critical-Severity VMware Security Defect Date: 2023-09-01 Author: Security Week Just days after shipping a major security update to correct vulnerabilities in its Aria Operations for Networks product line, VMware is warning that exploit code has been published online. In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. Hackers exploit MinIO storage system to breach corporate networks Date: 2023-09-04 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via MSIN] Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers. MinIO is an open-source object storage service offering compatibility with Amazon S3 and the ability to store unstructured data, logs, backups, and container images of up to 50TB in size. Its high performance and versatility, especially for large-scale AI/ML and data lake applications, make MinIO a popular, cost-effective choice. Australian authorities tire of excuses, delays on data breach disclosure Date: 2023-09-05 Author: iTnews Australian authorities had to formally invoke powers to get a client list from a breached IT services provider, as problems persist in getting organisations to notify data breaches in a timely fashion. The issue of Australian organisations either seeking to downplay or delay mandatory notification of a data breach was raised more than two years ago. A regulatory report, released Tuesday, shows the issue persists. “Prompt notification ensures individuals are informed and can take further steps to protect themselves, such as being more alert to scams,” Australian information commissioner and privacy commissioner Angelene Falk said in a statement. Defence Housing Australia investigates third-party provider hack exposure Date: 2023-09-07 Author: iTnews Defence Housing Australia has launched an investigation to determine if it, or the data of Australian Defence personnel, has been exposed in a cyber attack on a third-party service provider. The government business enterprise (GBE) said it is collaborating with the Defence on the investigation, which sought to establish – among other things – “if any Defence personnel or families’ information has been compromised.” Scams Australia: Alarming surge in the number of teens being exploited online Date: 2023-09-04 Author: 9NEWS The number of young Australians being targeted by scammers online has surged in the last year, with concerning levels of sextortion taking place, new data suggests. Statistics released today by Westpac Banks show the number of scams reported by customers under the age of 18 have almost quadrupled since last year, and have more than doubled for those under 30. The data was concerning and showed a growing trend of scammers using techniques such as sextortion, Westpac General Manager of Financial Crime & Fraud Prevention, Chris Whittingham, said. ESB-2023.5018 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 5.5* GitLab released versions 16.3.1, 16.2.5 and 16.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) which contain important security fixes. ESB-2023.5067 – Mozilla VPN client for Linux: CVSS (Max): None Mozilla Foundation reported Local user authentication flaws impacting Mozilla VPN client on Linux. ESB-2023.5088 – Jenkins Plugins: CVSS (Max): 8.2* The most recent security advisory released by Jenkins lists vulnerabilities affecting 12 Jenkins Plugins. ESB-2023.5108 – ALERT Cisco BroadWorks Application Delivery Platform and Xtended Services Platform: CVSS (Max): 10.0 A vulnerability in Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an attacker to commit toll fraud or to execute commands at the privilege level of the affected system. ESB-2023.5117 – Python: CVSS (Max): 9.8 Python could be made to crash or leak sensitive information if it received specially crafted input. The problem can be corrected by updating your system. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Spring has sprung! Just as we begin to make plans to dust off and organise our homes during this season, it’s a perfect opportunity to freshen up and enhance our cyber security measures. Regularly reviewing, updating, and optimizing our digital habits can go a long way in safeguarding our sensitive information and ensuring a safer online experience. Take the time this month to refresh your security strategies! We have a new episode of our Share Today Save Tomorrow Podcast being released! In Episode 26 – Communication is Key Anthony sits down with Darren Pauli, a cyber security awareness practitioner and freelance journalist who explains the importance of effective written communication within the digital world. During the AUSCERT2023 conference Darren gave an exploratory talk on the simple steps to become a faster, more effective written communicator. In today’s digital landscape, the influence of technology spans every industry, compelling an increasing number of non-technical personnel to grapple with cyber-related matters for their organisations. Consequently, it has become paramount for information security professionals to use clear, concise, and simple language to ensure they are effectively conveying messages. Yesterday, experts from the University of Queensland (UQ) published a paper to address the generalised lack of guidance on the ethical treatment of corporate data in higher education institutions. While the focus of this study is on the Higher Education sector, the principles discussed can be extended to other industries and organisations. This paper offers valuable observations and insights that can serve as a guide for ethical data practices, as currently no actionable framework currently exists within Australia. Our new Data Governance Principles and Practices course is led by one of the authors of this paper – Sasenka Abeysooriya. This training can assist your organisation in developing a successful data governance framework, by teaching best practices and real-world examples of data governance in action. By participating in this course, attendees are equipped with the fundamental skills and knowledge they need to accelerate the development of a successful data governance program in their organisation. For members’ convenience, we are currently offering in-person and online delivery of this course. Advisory: Qlik Sense Enterprise for Windows Remote Code Execution Vulnerabilities Date: 2023-08-29 Author: Praetorian [AUSCERT has notified affected members of this vulnerability where possible] Recently, we discovered two vulnerabilities which can be chained together to achieve unauthenticated remote code execution on Qlik Sense Enterprise. At the moment, we are waiting to publish technical details on the vulnerability to give impacted organizations time to update their systems and remediate the vulnerability. Praetorian has worked closely with Qlik to responsibly disclose these vulnerabilities, CVE-2023-41265 (HTTP Tunneling Vulnerability in Qlik Sense Enterprise for Windows) and CVE-2023-41266 (Path Traversal in Qlik Sense Enterprise for Windows). Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Date: 2023-08-29 Author: Security Affairs [Please see AUSCERT bulletin https://portal.auscert.org.au/bulletins/ESB-2023.4858] Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. The most severe issue, tracked as CVE-2023-20200 (CVSS score 7.7), is a DoS bug that resides in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects. Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom Date: 2023-08-29 Author: The Hacker News A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as "highly responsive to defensive efforts" and capable of actively tweaking their modus operandi to maintain persistent access to targets. Ransomware attack dwell times fall, pressuring companies to quickly respond Date: 2023-08-23 Author: Cybersecurity Dive The median dwell time for ransomware attacks fell in the first half of 2023, down to 5 days from the 2022 average of 9 days, according to Sophos research released Wednesday. The majority of ransomware attacks are taking place during the work week, yet outside standard business hours, Sophos found. The bulk of 80 cases its incident response team worked on during the first half of 2023 took place between 11 p.m. and 8 a.m. in the target’s time zone. Attackers also strongly favoured a “late hour at the end of the week” to launch an attack. Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches Date: 2023-08-25 Author: The Hacker News The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective" and that it "continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit." ESB-2023.4982 – Red Hat Advanced Cluster Management 2.8.1: CVSS (Max): 9.8 Red Hat has released Critical security updates and fixes for Red Hat Advanced Cluster Management for Kubernetes. ESB-2023.4955 – Aria Operations for Networks: CVSS (Max): 9.8 Multiple critical severity vulnerabilities in Aria Operations for Networks were responsibly reported to VMware. Updates to remediate these vulnerabilities in affected VMware products have been released. ESB-2023.4858 – Cisco Products: CVSS (Max): 7.7 An SNMP Denial of Service Vulnerability affecting Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series devices has software updates to resolve the issue. ESB-2023.4883 – chromium: CVSS (Max): 8.8* Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. These issues have been fixed in a software update. ESB-2023.4890 – json-c: CVSS (Max): 9.8 json-c could be made to crash or execute arbitrary code if it received a specially crafted JSON file. This issue is resolved by updating to Ubuntu 22.04 – libjson-c5 – 0.15-3~ubuntu1.22.04.2. Stay safe, stay patched and have a good weekend! The AUSCERT team

LISTEN HERE: AUSCERT “Share Today, Save Tomorrow” – Communication is key In this episode, AUSCERT features the following guests: Darren Pauli, Telstra Mark Carey-Smith, AUSCERT Anthony sits down with Darren Pauli who’s specialty is writing and reporting about cyber security. Darren shares his insights about why written communication is so important and how to be a better communicator. In the second half of the episode, Bek chats with Mark Carey-Smith, Principal Analyst of AUSCERT about communication and the new upcoming course Data Governance Principles and Practices. This episode was hosted by Anthony Caruana and Bek Cheb. Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know! The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.

Greetings, As the days gradually lengthen and a gentle warmth begins to replace cold, the end of winter approaches. The transition between seasons represents a period of renewal and regeneration mirroring the continuous evolution of nature’s cycle. This natural pattern parallels our own expedition of self-growth and development. As spring approaches, it’s time to ready ourselves for the beginning of a new flourishing chapter. Let’s grasp this opportunity to consciously make choices that lead us to a more evolved version of ourselves. Take proactive steps now to shed the metaphorical cocoon of winter and emerge like a butterfly, gracefully navigating through new opportunities and prospects. To aid our members’ growth in the realm of cyber security we offer a diverse range of professional training courses specifically crafted to empower you with the most relevant knowledge and skills. We are very excited to announce we have updated our courses and introduced a few new additions. This includes our new “Data Governance Principles and Practices” course which will teach attendees the key components of a successful data governance framework. The course covers best practices and real-world examples, equipping attendees with the fundamental skills and knowledge they require to accelerate the development of a successful program in their organisation – including methodologies for stakeholder management and creation of a “strategy on a page”. Whether you are a business analyst, data scientist, IT or cyber security professional, this course will provide you with an appreciation of how data governance contributes to cyber security and a better understanding of how to successfully manage your organisation's data assets. On completion of this course, practical data governance references and templates will be provided to participants. We have an in-person session and an online session coming up! For more information visit AUSCERT Education. Finally, what could be a more fitting moment to break free from the winter hibernation than by attending the Security2Cure cyber security conference and ring in the start of spring by helping to raise some much needed funds for Cancer Research. The event boasts an intriguing line-up of speakers, featuring keynote speaker Richard Boxall, CISO and Executive General Manager from the Suncorp Group. Scheduled for next Friday, September 1st this is an exceptional chance to be part of a remarkable initiative. Don’t miss out, register your attendance now. WinRAR flaw lets hackers run programs when you open RAR archives Date: 2023-08-18 Author: Bleeping Computer [See AUSCERT Security Bulletins 21 August 2023 ASB-2023.0168] A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive. The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened. The vulnerability was discovered by researcher "goodbyeselene" of Zero Day Initiative, who reported the flaw to the vendor, RARLAB, on June 8th, 2023. Akira ransomware gang spotted targeting Cisco VPN products to hack organizations Date: 2023-08-22 Author: Security Affairs The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. The group now is targeting Cisco VPN products to gain initial access to corporate networks. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks. New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China Date: 2023-08-22 Author: WIRED EVERY SOFTWARE SUPPLY chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software model to make their malware pose as legitimate, it represents a dangerous and potentially new adversary worth watching. 'Millions' of spammy emails with no opt-out? That'll cost you $650K Date: 2023-08-22 Author: The Register Experian has agreed to cough up $650,000 after being accused of spamming people with no opt-out button. That sum will hardly be felt by the credit-reporting giant as its profits totaled $1.1 billion last year. The penalty stems from a complaint filed against it by the US Department of Justice on behalf of the Federal Trade Commission. According to the Feds [PDF], California-based Experian Consumer Services, also known as ConsumerInfo.com, spammed folks with marketing offers after they signed up for free accounts to limit third-party access to their credit reports. Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks Date: 2023-08-23 Author: InfoSecurity Magazine Check Point Research has released its 2023 Mid-Year Security Report. The research reveals a concerning 8% surge in global weekly cyber-attacks during Q2, marking the most significant increase in two years. The report highlights the fusion of advanced artificial intelligence (AI) technology with traditional tools like USB devices used for disruptive cyber-attacks. It also uncovers a rise in ransomware attacks in the first half of 2023, introducing new ransomware groups to the scene. ESB-2023.4792 – Firefox: CVSS (Max): 9.8 Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ASB-2023.0168 – WinRAR: CVSS (Max): 7.8 This vulnerability allows remote attackers to execute arbitrary code on systems where WinRAR is installed by exploiting a buffer overflow flaw in the data validation process ESB-2023.4803 – Moodle: CVSS (Max): 8.0 The phpCAS library included with Moodle has been upgraded to version 1.6.0, which includes a fix for a serious security issue. ESB-2023.4828 – Rockwell Automation ThinManager ThinServer: CVSS (Max): 9.8 Successful exploitation of these vulnerabilities could allow an attacker to remotely delete arbitrary files with system privileges. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This week, the AUSCERT analyst team successfully completed the annual drill hosted by the Asia Pacific Computer Emergency Response Team (APCERT). The drill tests the capabilities of leading Computer Security Incident Response Teams (CSIRTS) in the Asia Pacific region. This year 24 teams participated from 21 countries, being tested on their abilities to interact and collaborate locally and internationally. The aim of the exercise was to strengthen collaboration amongst the different constituencies, enhance communication and develop technical capabilities and quality of incident response to ensure security and safety. The theme of this year’s APCERT Drill was “Digital Supply Chain Redemption” which reflects real incidents and issues that exist today. We are honoured to be part of such an incredible drill as it provides an opportunity to strengthen our relationship with local and international partners, as well as enhancing our team’s knowledge and skills when dealing with complex global incidents. Recently the National Institute of Standards (NIST) released a new draft update to its globally used Cybersecurity Framework (CSF). First released in 2014, the CSF has been updated to reflect the community’s feedback and current usage patterns. The Framework provides high-level guidance, including a common language and a systematic methodology for managing cybersecurity risk across sectors and aiding communication between technical and nontechnical staff. This includes initiatives that can be incorporated into cybersecurity programs and tailored to meet organisational objectives. One key update to the Framework has been adding an extra pillar for ‘Govern’. The Govern function is designed to establish and monitor an organization’s cyber security risk management strategy, expectations and policy. The public draft is available via the NIST website or you can click here to read the full document. It provides guidance on implementing the CSF and tailoring it for different organisational sectors. NIST does not plan to release another draft of CSF 2.0 for comment. The final CSF 2.0 is to be published in early 2024. Finally, for our South-East Queensland readers, we would like to inform you that SANS will be holding their highly anticipated cutting-edge information and hands-on in-person training event in Brisbane from October 9 -14, 2023. SANS Brisbane 2023 features three of SANS most popular courses which aim to provide cyber security professionals with the tools and knowledge required to combat ever-evolving cyber threats. Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws Date: 2023-08-11 Author: Bleeping Computer Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks. Over 500 device manufacturers use the CODESYS V3 SDK for programming on more than 1,000 PLC models according to the IEC 61131-3 standard, allowing users to develop custom automation sequences. Ivanti Avalanche impacted by critical pre-auth stack buffer overflows Date: 2023-08-15 Author: Bleeping Computer Two stack-based buffer overflows collectively tracked as CVE-2023-32560 impact Ivanti Avalanche, an enterprise mobility management (EMM) solution designed to manage, monitor, and secure a wide range of mobile devices. The flaws are rated critical (CVSS v3: 9.8) and are remotely exploitable without user authentication, potentially allowing attackers to execute arbitrary code on the target system. The vulnerability impacts WLAvalancheService.exe version 6.4.0.0 and older, which receives communications over TCP port 1777. Data centres vulnerable, researchers tell DEF CON Date: 2023-08-14 Author: iTnews Trellix researchers are warning of vulnerabilities in the products of two vendors, CyberPower and Dataprobe, that are widely used in data centres, one of which is rated as “critical” with a CVSS score of 9.8. The company last week presented its work to DEFCON in Las Vegas. Trellix said both CyberPower and Dataprobe have released fixes. Phishing campaign used QR codes to target large energy company Date: 2023-08-17 Author: The Record Cybersecurity researchers uncovered a large phishing campaign using malicious QR codes with the hopes of acquiring Microsoft credentials at several targets, including a major U.S. energy company. QR codes have become widely adopted since the onset of the COVID-19 pandemic, with thousands of restaurants and businesses replacing physical menus and guides with the machine-readable images that pull up webpages containing the same information. But hackers have been quick to exploit the trend, launching campaigns that spread fake QR codes to steal user information. Cybersecurity firm Cofense released a new report on Wednesday identifying a campaign that began in May targeting a wide array of industries. Five foreign nationals arrested in alleged card skimming scam on Australian ATMs Date: 2023-08-13 Author: ABC News Five alleged members of an international syndicate accused of fitting card skimmers to Australian ATMs have been arrested in Brisbane and Sydney after a tip-off from US authorities. The group allegedly used ATM skimmers to steal card numbers and pins and then used cloned cards to withdraw welfare payments as soon as they were deposited. ESB-2023.4698 – Cisco Unified CM and Cisco Unified CM SME: CVSS (Max): 8.1 Cisco has released fixes for an SQL Injection vulnerability identified in Unified Communication Manager ESB-2023.4720 – Google Chrome: CVSS (Max): None Google Chrome has been updated to address multiple vulnerabilities ESB-2023.4745 – Traffix SDC: CVSS (Max): 7.5 A Denial of Service vulnerability affects the WebUI component of Traffix SDC ESB-2023.4747 – IBM Security QRadar SIEM: CVSS (Max): 7.9 A Path Traversal vulnerability in AWS SDK for Java used by QRadar SIEM has been addressed by IBM ESB-2023.4750 – Confluence Data Center & Confluence Server: CVSS (Max): 7.5 Atlassian has address a Denial of Service vulnerability in Confluence Data Center and Server ESB-2023.4754 – [Juniper] Junos OS: CVSS (Max): 9.8 Juniper has addressed several vulnerabilities in Junos OS. These vulnerabilities can be chained together leading to Remote Code Execution Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, If you haven’t been keeping up with the Matildas over the past few weeks, you’ve definitely been missing out! The team is on an impressive winning streak, triumphing over Denmark on Monday and Canada last week. Their remarkable performance has captured the nation’s attention, with widespread support pouring in from every corner. Witnessing the outpouring of love and encouragement from this immensely talented female team has been truly heartening and inspiring. Anticipation is building as we eagerly await the future victories of this extraordinary team of athletes! We are very excited to announce the AUSCERT2023 conference video recordings are now available on our YouTube Channel! Relive your favourite moments or catch-up on missed sessions from the two feature packed days of presentations, tutorials, debates, and panel discussions. Watch cybersecurity leader Tara Dharnikota’s thought provoking session exploring the evolving threat landscape and the ways to stay ahead. Or listen to expert Peter Jackson as he explains the five cybersecurity controls that can be utilised together to create an effective industrial control system (ICS) or operational technology security program Also don’t miss the riveting panel discussion with leading cyber security professionals addressing the important subject of data governance and cyber security. Highlighting the challenges and opportunities presented by emerging technologies, evolving regulatory landscapes and the growing sophistication of cyber threats. On the topic of Data Governance our very own Director, Dr David Stockdale, alongside academic experts from UQ Associate Professor Sergeja Slapničar, Dr Micheal Axelsen, and Dr Ivano Bongiovanni, released a research paper this week titled ‘A pathway model to five lines of accountability cybersecurity governance’. The research paper delves into the accountability of the five lines in cybersecurity governance: cyber security control functions, chief information security office, internal audit, executive management and the boards of directors, and looks into the configuration and methodology that organizations employ to govern cybersecurity. Additionally, it sheds light on the primary factors influencing the formation of these configurations and relationships, while providing practical recommendations for both practitioners and researchers. New PaperCut critical bug exposes unpatched servers to RCE attacks Date: 2023-08-04 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via MSIN] PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote code execution on unpatched Windows servers. Tracked as CVE-2023-39143, the flaw results from a chain of two path traversal weaknesses discovered by Horizon3 security researchers that enable threat actors to read, delete, and upload arbitrary files on compromised systems following low-complexity attacks that don't require user interaction. Officials Warn Of Energy Grid Risk Due To Foreign-Made Solar Tech Date: 2023-08-08 Author: channelnews According to the Cyber Security Cooperative Research Centre, Australia’s use of foreign-made solar panel tech has made the country susceptible to targeted attacks, which could result in an undermining of power grids causing large-scale blackouts. The top cyber research body also warned the threat comes primarily from solar inverters, the technology that converts solar energy to electricity, which is manufactured in Beijing, a city holding around 76% of the global market supply. Melbourne Airport upgrades web security, DDoS protections Date: 2023-08-07 Author: iTnews Melbourne Airport has deployed Cloudflare’s web application firewall (WAF) and moved its network perimeter to Cloudflare’s global network edge to protect its multi-layered IT environment and public-facing network against DDoS attacks. Chief information officer Anthony Tomai said that maintaining visibility and implementing integrated security solutions was a serious challenge because the airport relies on a diverse variety of IT-supported services to serve its 25 million annual passengers and work with its 40 airline partners. SA Power Networks reduces high-severity cyber incidents Date: 2023-08-08 Author: iTnews SA Power Networks has reduced the number of cyber incidents it classifies as high-severity by automating its analysis of prior incidents to help it find and address vulnerabilities. A high-severity incident, according to the state's sole energy distribution provider, is a confirmed breach to IT or OT sytems, or significant unauthorised access or disclosure of highly confidential and/or customer data. Most VPNs can be tricked into leaking traffic Date: 2023-08-09 Author: itnews Nearly 70 VPN clients and servers are vulnerable to a long-standing attack that can cause them to leak user traffic, university researchers have claimed. “Our tests indicate that every VPN product is vulnerable on at least one device”, the researchers wrote, with VPNs running on Apple devices most likely to be vulnerable, but most VPNs on Windows and Linux also are. VPNs running on Android were the most likely to be secure, they said. ESB-2023.4562 – Adobe Acrobat and Reader: CVSS (Max): 8.6 Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS which addressed 30 critical, important, and moderate CVEs that could lead to application denial-of-service, security feature bypass, memory leaks, and arbitrary code execution. Adobe says it's not aware of any of their vulnerabilities being exploited in the wild. ESB-2023.4548 – Intel RealSenseTM SDK: CVSS (Max): 6.7 Intel has released an update for Intel RealSense SDK that fixes a security vulnerability which if exploited could lead to an escalation of privilege. ESB-2023.4488 – Android OS: CVSS (Max): 7.5* The most recent Android Security Bulletin contains details of security vulnerabilities impacting Android devices. The most severe of these issues is remote (proximal/adjacent) code execution in the system component. Security patch levels of 2023-08-05 or later address the issues. ASB-2023.0165 – ALERT Microsoft Windows: CVSS (Max): 9.8* Microsoft released fixes for 36 vulnerabilities in Windows and Windows server which include three RCE vulnerabilities in the Microsoft Message Queuing component of Windows operating systems that were each given a CVSSv3 score of 9.8 and a rating of critical. ASB-2023.0161 – Microsoft Exchange Server: CVSS (Max): 9.8 Microsoft has fixed 6 flaws in Microsoft Exchange Server 2016 and 2019 which could lead to Elevation of Privilege, Remote Code Execution or Spoofing. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This week, the moon made a stunning appearance, captivating the world with its extraordinary beauty. Larger and brighter than ever, the majestic supermoon illuminated the night sky, drawing people’s eyes upward in awe. Its radiant glow was visible to all, uniting people from different corners of the globe, mesmerized by its allure. Just as the moon goes through its various phases, cyber security operates on a layered defence approach, encompassing detection, prevention, response and foresight planning. This week's full moon symbolizes completion and strength, reflecting the importance of building a resilient cyber security strategy. We are thrilled to announce the release of the latest episode of ‘Share Today, Save Tomorrow’ – Episode 25 – What does the future hold. Join Anthony as he reunites with his old friend, the captivating and renowned Futurist, Dr Joseph Voros. An expert in the field of strategic foresight, Dr Voros provides valuable insights into the fascinating realm of preparing for uncertain futures. His work alongside governments worldwide has been instrumental in navigating the ever-evolving threat landscape of cyber security. Touching on the big trends in the future cybersecurity space, Dr Voros also comments on how artificial intelligence may pose more threats than benefits to us. Listen to this insightful conversation that explores how strategic thinking can shape a more secure and resilient future. As Artificial Intelligence (AI) Technology continues to advance and become increasingly sophisticated, the security risks associated with their use and potential for misuse also increase. The capabilities of AI open up new opportunities for hackers and malicious actors to create more targeted and authentic cyber attacks. Already we are starting to see chatbots trained specifically for malicious purposes such as phishing, social engineering, exploiting vulnerabilities and creating malware. The trend of using generative AI Chatbots is growing and the adoption rate is increasing as it can provide easy solutions for less capable threat actors or those wanting to expand operations to other regions and lack the language skills. A growing concern in the field of AI is the need for reforms and shared safety protocols. As AI systems become more advanced, experts are increasingly aware of the potential risks they pose to society and humanity. Just as the moon provides a guiding light in the darkness of the night, experts must remain vigilant and advocate for better safety protocols across the AI industry to ensure accountability and transparency. Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks Date: 2023-07-31 Author: Security Week [AUSCERT has directly notified affected members about this vulnerability where possible] Ivanti has warned customers about a second zero-day vulnerability in its Endpoint Manager Mobile (EPMM) product that has been exploited in targeted attacks. Further investigation by cybersecurity firm Mnemonic revealed the existence of CVE-2023-3508, a high-severity flaw that allows an authenticated attacker with administrator privileges to remotely write arbitrary files to the server. Late last week, Ivanti published an advisory and CISA issued an alert to inform organizations about this second vulnerability and warn them of active exploitation. Organizations have been urged to immediately patch their devices. Malware spotted on Barracuda email gateways Date: 2023-07-31 Author: itnews The need to replace Barracuda email gateways has taken on a new urgency, with America’s Computer and Infrastructure Security Agency (CISA) warning it has identified three malware variants planted on vulnerable devices. Earlier this year, Barracuda advised that a remote code execution bug (CVE-2023-2868) in some of its email security gateways required affected devices to be replaced. Some units clearly remain in service, and CISA has warned it has identified three malware variants it has spotted on Barracuda devices. Threat actors abuse Google AMP for evasive phishing attacks Date: 2023-08-01 Author: Bleeping Computer Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees. The idea behind using Google AMP URLs embedded in phishing emails is to make sure that email protection technology does not flag messages as malicious or suspicious due to Google’s good reputation. The AMP URLs trigger a redirection to a malicious phishing site, and this additional step also adds an analysis-disrupting layer. Relying on CVSS alone is risky for vulnerability management Date: 2023-07-31 Author: Help Net Security A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation. Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023 Date: 2023-08-02 Author: The Hacker News About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. "Critical manufacturing (37.3% of total reported CVEs) and Energy (24.3% of the total reported) sectors are the most likely to be affected," the OT cybersecurity and asset monitoring company said in a report shared with The Hacker News. Apple rejects new name 'X' for Twitter iOS app because… rules Date: 2023-07-29 Author: Bleeping Computer Mr. Musk may have successfully pushed Twitter's new name and logo, 'X', and even made the vanity domain x.com redirect to the social media website, but that's not to say, the Mathematical double-struck letter will fit the bill everywhere. Turns out, Apple's App Store can't accept the new name for Twitter's iOS app because of minimum character requirements. ESB-2023.4293 – OpenSSH: CVSS (Max): 9.8 Ubuntu has fixed an OpenSSH vulnerability that allowed programs to be run as a user login when using ssh-agent forwarding. ESB-2023.4385 – SUSE Manager: CVSS (Max): 9.4 SUSE has released an update that resolves three vulnerabilities and 38 fixes for SUSE Manager. ESB-2023.4425 – Red Hat Ansible Automation Platform: CVSS (Max): 9.8 Red Hat has released security fixes to openshift-clients to resolve issues such as excessive memory growth and denial of service from excessive resource consumption. ESB-2023.4430 – python-django: CVSS (Max): 9.8 A fix has been released for python-django packages to address missing sanitising of emails and URL validators, which could result in a denial of service. ESB-2023.4413 – Linux Kernel RT (Live Patch 0 for SLE 15 SP5): CVSS (Max): 8.2 An update has been released to resolve four vulnerabilities. The fixed security issues included addressing exploits to achieve local privilege escalation and unauthorized execution of management commands. ESB-2023.4414 – .NET 6.0: CVSS (Max): 8.1 An update has been released to resolve various security vulnerabilities that could lead to a symlink attack and crashing due to unmanaged heap corruption. Stay safe, stay patched and have a good weekend! The AUSCERT team

LISTEN HERE: AUSCERT “Share Today, Save Tomorrow” – What does the future hold? In this episode, AUSCERT features the following guests: Dr Joseph Voros, The Voroscope Mike Holm, AUSCERT Anthony sits down with Futurist, Dr Joseph Voros who has been teaching and studying in the fascinating field of Strategic Foresight. He has worked with governments across the world, helping them prepare for uncertain futures. Bek talks with Mike Holm, Senior Manager of AUSCERT about the importance of community and how that helps us prepare for the future. This episode was hosted by Anthony Caruana and Bek Cheb. Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know! The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.

Greetings, Barbie Mania has introduced a concerning new trend of cyber-related attacks worldwide. Leveraging the distraction caused by the hype, criminals are taking advantage of this opportunity to launch attacks on unsuspecting individuals. Related attacks have risen since the promotion and release of the movie with the U.S. taking the brunt of the attacks, however other countries such as the UK and Australia are also being impacted. Criminals are exploiting this trend to trick people into clicking malicious links, harmful files or providing sensitive information leading to data breaches and financial losses. Blinded by excitement many people are acting impulsively, thus making them susceptible to these deceptive methods. Social engineering cyber attacks like the Barbie trend are becoming increasingly sophisticated and pervasive. Criminals have recognized the power of using popular trends and emotional triggers as bait to manipulate and deceive people. Exploiting emotions and creating a sense of urgency or excitement can be a trigger for individuals to divulge their sensitive information. CTO of McAfee, Steve Grobman, explained that this is not a new trend and criminals will look for any opportunity to make their scam more attractive and believable, often leveraging popular and well-publicized events to trick users into clicking on malicious links. Social engineering attacks are all about the psychology of persuasion, targeting the mind and heart, with the main aim being to gain the trust of the target, encourage them to lower their guard and engage in unsafe actions. Here are a few tips & tricks to avoid scams like these: Stick with reliable suppliers, brands or networks. If you’re unfamiliar with the brand, it’s best to investigate the source of the content. Use your judgement – and don’t let emotions cloud your judgement! If an offer seems too good to be true.. it often is! It is essential to be cautious of unexpected requests, unsolicited emails or messages. Do your research – before giving away your sensitive details or financial information research the organisation and ensure they are a trustworthy source. Members – contact us! If you're an AUSCERT member don't forget you can always contact us for support. This deceptive tactic serves as a stark reminder of the ever-evolving methods cybercriminals employ to deceive and victimize people. By staying informed, employing strong security practices and being sceptical of suspicious communications we can better protect ourselves and our data from falling into the wrong hands. Atlassian patches vulnerabilities in server, data centre products Date: 2023-07-24 Author: IT News [See AUSCERT Security Bulletins 26 July 2023 ESB-2023.4207, ESB-2023.4208 & ESB-2023.4209] Atlassian last Friday announced fixes for three remote code execution (RCE) vulnerabilities. The three bugs are rated as high rather than critical severity, since they’re exploitable only by authenticated users. CVE-2023-22505, discovered in the company’s bug bounty program, has a CVSS score of 8, and was introduced in version 8.0.0 of Confluence data centre and server products. It’s an RCE that allows an attacker to execute arbitrary code without user interaction. Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws Date: 2023-07-26 Author: Bleeping Computer [See AUSCERT Security Bulletins 26 July 2023 ESB-2023.4186 & ESB-2023.4189] Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. Ubuntu is one of the most widely used Linux distributions, especially popular in the U.S., having an approximate user base of over 40 million. Ivanti patches MobileIron zero-day bug exploited in attacks Date: 2023-07-24 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via email] US-based IT software company Ivanti has patched an actively exploited zero-day vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core). Ivanti released security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078 on Sunday. ATO attackers filed $557 million in false claims Date: 2023-07-26 Author: iTnews Criminals exploiting a loophole in the government’s digital identity systems filed more than $550 million in false claims over the last two financial years, the ATO has disclosed. The ABC reported this morning that criminals had found they could create bogus myGov accounts, and then link them to real taxpayers’ ATO files. An earlier December 2022 investigation found attackers were using customer identity information stolen in high-profile data breaches like Optus and Medibank as part of the fraud. Patch Now: Up to 900K MikroTik Routers Vulnerable to Total Takeover Date: 2023-07-26 Author: Dark Reading [AUSCERT has identified the impacted members (where possible) and contacted them via email] Up to 900,00 MikroTik routers — a popular target for threat actors including nation-state groups — may be open to attack via a privilege escalation vulnerability in the RouterOS operating system. The vulnerability (CVE-2023-30788) gives attackers a way to take complete control of affected MIPS-processor-based MikroTik devices and pivot into an organization's network, according to researchers from VulnCheck, which just published several new exploits for the flaw. Attackers can also use it to enable man-in-the-middle attacks on network traffic flowing through the router, they warned. Versions of MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to the issue. ESB-2023.4155 – Citrix Hypervisor and XenServer : CVSS (Max): 6.2 Citrix has released a hotfix that includes AMD microcode to mitigate hardware issues on systems running Citrix Hypervisor on AMD Zen 2 CPUs. ESB-2023.4156 – iOS and iPadOS: CVSS (Max): 8.8* Apple issued its third security update in a month to remedy zero-day vulnerability CVE-2023-38606 exploited in Operation Triangulation. This update is available through iTunes for iPhone and Software Update on your iOS device. ESB-2023.4158 – macOS Ventura 13.5: CVSS (Max): 8.8* Apple pushed a new macOS Ventura 13.5 update which includes bug fixes and security updates for CVE-2023-37450 which may be exploited in the wild. ESB-2023.4177 – Tenable Security Center: CVSS (Max): 7.5 Tenable has discovered a vulnerability in Tenable Security Centre, and released Patch SC-202307.1-6.x to address the issue. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, Cancer is a dangerous disease that tragically claims the lives of so many people far too quickly, leaving a void in our beautiful world and hearts. It’s a disease that touches us all, whether it’s our colleague, friend, family or even ourselves. It finds a way to infiltrate our lives, reminding us of its presence and the urgent need for continued efforts in research, prevention, and support for those impacted. Security2Cure has organised a very special cyber security conference in honour of those affected by this heart-breaking disease. The conference will be an opportunity to knowledge-share and network with cyber security professionals with a mission to promote cancer awareness and raise money for cancer research. You will hear about fascinating cyber security topics ranging from incident response to imposter syndrome to fatigue management. In addition, there'll be a panel of heartfelt insights from people who have been impacted by the disease. A full list of the speakers and abstracts can be viewed here. All money raised will be donated straight to the Spirit2Cure cancer research charity. To register and for further details, go to their site at Security2Cure. If you aren’t able to attend the conference, then please contribute to this great cause by donating here. This week we released our training schedule for the rest of 2023! With so many great courses to choose from, be sure to secure your spot as soon as possible as spaces are limited. The foundation of building strong cyber security resilience for your organisation relies on empowering your staff with the relevant knowledge, skills and strategies through interactive and professional training courses. Explore our diverse list of courses below: Intermediate Cyber Security – Internet Technologies (NEW) • 24-25 August 2023, 9am – 12:30pm AEST each day Register now Introduction to Cyber Security for IT Professionals • 14-15 August 2023, 9am – 12:30pm AEST each day Register now Cyber Security Risk Management • 5-6 September 2023, 9am – 12:30pm AEST each day Register now Incident Response Planning • 10-11 October 2023, 9am – 12:30pm AEST each day Register now For more information on our training courses visit our website AUSCERT Education Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)! Date: 2023-07-14 Author: Naked Security [AUSCERT has notified members using Zimbra Collaboration Suite (where possible) via MSIN] Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says “could potentially impact the confidentiality and integrity of your data.” The vulnerability is what’s known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X, such as clicking through to site Y, gives the operator of site X a sneaky chance to implant rogue JavaScript code into the web pages that your browser receives back from Y. New critical Citrix ADC and Gateway flaw exploited as zero-day Date: 2023-07-18 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via email] Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and “strongly urges” to install updated versions without delay. The security issue may be the same one advertised earlier this month on a hacker forum as a zero-day vulnerability. MOVEit Hack: Number of Impacted Organizations Exceeds 340 Date: 2023-07-17 Author: Security Week The number of entities impacted by the MOVEit attack carried out by a notorious cybercrime group now reportedly exceeds 340 organizations and 18 million individuals. Brett Callow, a threat analyst at cybersecurity firm Emsisoft who has been monitoring the campaign, said over the weekend that he is aware of 347 impacted organizations, including 58 educational institutions in the United States. This includes Colorado State University, which last week confirmed that student and employee data may have been stolen. CISA Unveils Guide to Aid Firms Transition to Cloud Security Date: 2023-07-18 Author: Info Security Magazine The US Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive factsheet on July 17, 2023, to assist businesses transitioning to cloud environments in ensuring data security and safeguarding critical assets. Named Free Tools for Cloud Environments, the factsheet offers network defenders and incident response/analysts open-source tools, methods and guidance for identifying, mitigating and detecting cyber threats, vulnerabilities and anomalies while operating in cloud or hybrid environments. Adobe emergency patch fixes new ColdFusion zero-day used in attacks Date: 2023-07-19 Author: Bleeping Computer [See AUSCERT Security Bulletin 20 July 2023 ESB-2023.4101] Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. As part of today’s out-of-band update, Adobe fixed three vulnerabilities: a critical RCE tracked as CVE-2023-38204 (9.8 rating), a critical Improper Access Control flaw tracked as CVE-2023-38205 (7.8 rating), and a moderate Improper Access Control flaw tracked as CVE-2023-38206 (5.3 rating). ASB-2023.0151 – Oracle PeopleSoft: CVSS (Max): 9.8 This Critical Patch Update contains 9 new security patches for Oracle PeopleSoft. 8 of these vulnerabilities may be remotely exploitable without authentication. ESB-2023.4101 – Adobe ColdFusion: CVSS (Max): 9.8 Adobe released updates to resolve critical and moderate vulnerabilities that could lead to arbitrary code execution and security feature bypass. ESB-2023.4042.2 – UPDATED ALERT Citrix ADC & Citrix Gateway: CVSS (Max): 9.8 Multiple critical vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). ESB-2023.3941 – Siemens SIMATIC CN 4100: CVSS (Max): 9.9 ICS-CERT published security advisory on Siemens equipment and successful exploitation could allow an attacker to gain privilege escalation and bypass network isolation. Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, It’s that time of year again! The BDO and AUSCERT 2022 Cyber Security Results are in! For the seventh year in a row, organisations across Australia and New Zealand were surveyed to identify the challenges and threats experienced in 2022 as well as what organisational leaders have prioritised to protect key assets and infrastructure. The findings from the report give a comprehensive overview of the present cyber security landscape in Australia and New Zealand. It delves into recent trends in cyber threats, their impact and the measures being implemented to mitigate these risks. In the ever-evolving digital landscape, the significance of implementing strong cybersecurity measures has escalated. In 2022 BDO & AUSCERT reported a growing concern over data breaches, affecting individuals and high-profile organisations. The continuously evolving cyber threat landscape and increasing sophistication of attacks has emphasized the necessity for organisations to prioritise the development of cyber resilience. Here are a few key themes that the report revealed. 1) Senior leadership is key to driving cyber security resilience The report revealed the importance for Executive Leadership teams to take a more active role in Cyber governance in addition to being aware of the cyber risks within their organisations. The data collected indicated that although there had been a significant increase in attacks – concerningly there was a decline in senior leadership emphasis. Establishing effective leadership is crucial in fostering the adoption and implementation of policies and practices related to cyber security resilience. 2) The rapidly evolving cyber threat landscape Rapid technology advancements have triggered the growth and increased sophistication of threats resulting in greater impacts during incidents. Data suggests cyber criminals are advancing at unprecedented levels relentlessly pursuing new methods to locate and exploit vulnerabilities. However reports indicate a concerning decline in organisations investing in the essential resources required to effectively detect and respond to incidents. Neglecting to allocate sufficient resources to cyber security can result in an increased vulnerability to attacks. 3) Importance of resilience In this current landscape it is crucial for us all to realise we are all vulnerable to an attack at any time. Cyber resilience involves accepting this and planning accordingly for the different incidents that may occur, what assets may be targeted, how quickly we can identify the incident and how we respond. If you’re interested in delving deeper into these topics or eager to gain further insights from the 2022 report, we invite you to download the complete report now! SonicWall warns admins to patch critical auth bypass bugs immediately Date: 2023-07-12 Author: Bleeping Computer SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System (GMS) firewall management and Analytics network reporting engine software suites. In total, the American cybersecurity company addressed a total of 15 security flaws today, including ones that can let threat actors gain access to vulnerable on-prem systems running GMS 9.3.2-SP1 or earlier and Analytics 2.5.0.4-R7 or earlier after bypassing authentication. New Phishing Attack Spoofs Microsoft 365 Authentication System Date: 2023-07-09 Author: Hack Read Vade, a provider of email security and threat detection services, has released a report on a recently discovered phishing attack that involves the spoofing of the Microsoft 365 authentication system. According to Vade’s Threat Intelligence and Response Center (TIRC), the attack email includes a harmful HTML attachment with JavaScript code. This code is designed to gather the recipient’s email address and modify the page using data from a callback function’s variable. How kids pay the price for ransomware attacks on education Date: 2023-07-07 Author: Malwarebytes Modern ransomware attacks are as much about stealing data and threatening to leak it as they are about encrypting data. Which means that when a school or hospital is attacked, it's often students' and patients' data that's leaked if the ransom demand isn't met. We have to wonder how greedy any person would need to be to show such a blatant disregard for how painful sharing that kind of information can be. In our recent report on the state of ransomware in education we saw an 84% increase in known attacks on the education sector. Storm-0978 attacks reveal financial and espionage motives Date: 2023-07-11 Author: Microsoft Corporation Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress. Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers Date: 2023-07-11 Author: Cisco Talos Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates. Microsoft has blocked all certificates discussed in this blog and has released an advisory. Apple re-releases zero-day patch after fixing browsing issue Date: 2023-07-12 Author: Bleeping Computer Apple fixed and re-released emergency security updates addressing a WebKit zero-day vulnerability exploited in attacks. The initial patches had to be withdrawn on Monday due to browsing issues on certain websites. "Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly," Apple said on Tuesday. ESB-2023.3892 – FortiOS and FortiProxy: CVSS (Max): 9.8 Fortinet has disclosed a critical vulnerability CVE-2023-33308 affecting FortiOS and FortiProxy. AUSCERT has identified impacted members (where possible) and notified them via MSIN ESB-2023.3907 – Adobe ColdFusion: CVSS (Max): 9.8 Adobe has released security updates for ColdFusion versions 2023, 2021 and 2018 ESB-2023.3910 – Citrix ADC and Gateway: CVSS (Max): 9.6 A critical vulnerability has been discovered in Citrix Secure Access Client for Ubuntu ASB-2023.0118 – ALERT Windows: CVSS (Max): 9.8* Microsoft releases updates to Windows addressing several critical vulnerabilities ESB-2023.3880 – macOS Ventura 13.4.1: CVSS (Max): None Apple fixed an exploited zero-day vulnerability (CVE-2023-37450) in WebKit Stay safe, stay patched and have a good weekend! The AUSCERT team