7 Jul 2023
Week in review
Greetings,
Many hackers employ the principles of persuasion to tell you lies and play on your vulnerabilities as a human being to obtain your sensitive information. In our latest episode of ‘Share Today Save Tomorrow’ Anthony sits down with Rachel Tobac, CEO of Social Proof Security and explores human vulnerabilities – Episode 24: People, People, People, Process and Technology.. Rachel explains the importance of verifying the authenticity of any request by employing different tools and methods to justify the credentials of the sender and searching for hidden agendas.
In the spirit of full disclosure giant global corporation Microsoft has been heavily targeted by a hacktivist group ‘Anonymous Sudan’. However, Microsoft has chosen not to disclose specific details of these incidents publicly. Earlier this week, Microsoft denied public claims made by the group regarding a data breach which allegedly resulted in 30 million customer account details being compromised. Anonymous Sudan posted a sample of the stolen data online offering it for sale, yet Microsoft denied the validity of these allegations. Over a month ago Microsoft experienced a distributed denial of service (DDoS) attack orchestrated by the same group and resulted in the disruption of several of its services.. At the time Microsoft did not provide specific information regarding the attacks, prompting Anonymous Sudan to publicly call them out for their alleged dishonesty and issue threats to teach them a lesson via a statement on their public Telegram channel.. It’s important to note the situation is still developing and we are awaiting further updates from Microsoft as the investigation progresses. Only the truth will be able to determine the best possible solution for all the parties implicated. By encouraging open collaboration and information exchange, we strive to collectively strengthen our defences against cyber threats.
We are currently seeking a skilled and driven Senior Security Systems Administrator to join our team. The due date to apply has been extended to Monday 10th July , so if you or anyone you know are interested in joining our team, please apply soon.
MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses
Date: 2023-07-30
Author: Security Week
The MITRE Corporation has published an updated Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list to reflect the latest trends in the adversarial landscape.
The 2023 CWE Top 25 lists more common and impactful weaknesses leading to serious software vulnerabilities that are often exploited in malicious attacks to take over systems, steal information, or cause denial-of-service (DoS).
Apple, Google, and MOVEit Just Patched Serious Security Flaws
Date: 2023-07-30
Author: WIRED
Summer software updates are coming thick and fast, with Apple, Google, and Microsoft issuing multiple patches for serious security flaws in June. Enterprise software firms have also been busy, with fixes released for scary holes in VMware, Cisco, Fortinet, and Progress Software’s MOVEit products.
A significant number of security bugs squashed during the month are being used in real-life attacks, so read on, take note, and patch your affected systems as soon as you can.
Who’s Behind the DomainNetworks Snail Mail Scam?
Date: 2023-07-03
Author: Krebs on Security
If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it.
The DomainNetworks mailer may reference a domain that is or was at one point registered to your name and address.
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
Date: 2023-07-03
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via MSIN]
Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.
The vulnerability is a remote code execution with a severity score of 9.8 out of 10 resulting from a heap-based buffer overflow problem in FortiOS, the operating system that connects all Fortinet networking components to integrate them in the vendor's Security Fabric platform.
CVE-2023-27997 is exploitable and allows an unauthenticated attacker to execute code remotely on vulnerable devices with the SSL VPN interface exposed on the web.
Cisco not patching Nexus switch vulnerability
Date: 2023-07-06
Author: iTnews
Cisco has disclosed a serious vulnerability in the encryption used in some of its Nexus 9000 switches, but said the bug will not be fixed.
“A vulnerability in the Cisco ACI [application-centric infrastructure] multi-site CloudSec encryption feature of Cisco Nexus 9000 Series fabric switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic,” Cisco’s advisory states.
ESB-2023.3824 – Android OS: CVSS (Max): 9.8*
Security vulnerabilities have been identified affecting Android devices. The most severe of these vulnerabilities is in the
System component that could lead to remote code execution. Android has released security patches to address all of the issues.
ESB-2023.3818 – Cisco ACI Multi-Site CloudSec: CVSS (Max): 7.4
Cisco warned customers of a high-severity vulnerability impacting Cisco Nexus 9000 Series Fabric Switches in ACI mode. No software updates have been released to resolve the vulnerability. Impacted customers are advised to contact their support organisation to discuss alternative options.
ESB-2023.3817 – Cisco Webex Meetings: CVSS (Max): 5.4
Cisco has released software updates to address multiple vulnerabilities in Cisco Webex Meetings which, if exploited could result in cross-site scripting or cross-site request forgery attacks.
ESB-2023.3804 – Firefox: CVSS (Max): None
Mozilla Foundation has released fixes for a number of security vulnerabilities in Firefox 115.
ESB-2023.3843 – Nessus Agent: CVSS (Max): 5.9
Tenable has reported vulnerabilities in OpenSSL which is a third-party software used by Nessus Agent for its underlying functionality. Nessus 10.4.1 has been released to address these issues.
Stay safe, stay patched and have a good weekend!
The AUSCERT team