//Week in review - 10 Feb 2023


Today marks World Pizza Day, a celebration of one of the world's most beloved foods. Pizza has been around for over two thousand years, originating in Italy, and has since become a staple dish in households and restaurants all over the world. From classic Margherita to gourmet toppings, there's a pizza for everyone.

As we celebrate the history of pizza, the AusCERT team also took a moment to reflect on its own proud history. AusCERT was founded in 1993, and next month will celebrate its thirtieth birthday. To mark the occasion, we released a blog entitled "AusCERT: a proud history and bright future" which takes a deeper dive into AusCERT’s history and outlines plans for the future.

This blog truly is the essence of the whole AusCERT team, summarising the combined efforts in producing our strategy for 2023. Late last year the team took a few moments away from analysing vulnerabilities, taking down phishing sites, delivering training and running a conference and instead attended two offsite workshops, one focused on “what is the culture of AusCERT?”, and another on “what projects can we undertake to better serve our members?”. Combined with feedback from some of our members, our plans for 2023 are now underway. Next week we’ll share details of that, and don’t worry if you haven’t had a chance to give us feedback yourself – we’ve got plans to do that, too!

Speaking of plans, very soon the AusCERT2023 Cyber Security Conference registrations will be opened, so keep an eye on our announcements. Meanwhile here’s this week’s interesting news articles in case you missed them:

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
Date: 2023-02-04
Author: The Hacker News

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems.
"These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on Friday.
VMware, in its own alert released at the time, described the issue as an OpenSLP heap-overflow vulnerability that could lead to the execution of arbitrary code.

MITRE Releases Tool to Design Cyber-Resilient Systems
Date: 2023-02-03
Author: Dark Reading

Cyberattacks are on the rise and enterprise defenders are protecting an increasingly expanding and complex attack surface. For many organizations, the focus is shifting away from prevention to resilience — to maintain essential business functions during an attack and recover quickly without losing too much downtime. Toward that end, MITRE has released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber-resilient systems.

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability
Date: 2023-02-06
Author: None

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).
Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.
"This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms," OpenSSH disclosed in its release notes on February 2, 2023.

CISA releases recovery script for ESXiArgs ransomware victims
Date: 2023-02-07
Author: Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks.
Starting last Friday, exposed VMware ESXi servers were targeted in a widespread ESXiArgs ransomware attack.
Since then, the attacks encrypted 2,800 servers according to a list of bitcoin addresses collected by CISA technical advisor Jack Cable.

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices
Date: 2023-02-08
Author: The Hacker News

The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications.
"The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NIST said. "They are also designed for other miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles."
Put differently, the idea is to adopt security protections via lightweight cryptography in devices that have a "limited amount of electronic resources."

ESB-2023.0705 – OpenSSL: CVSS (Max): 7.4

An updated version of libssl has been provided to address multiple vulnerabilities in OpenSSL

ESB-2023.0745 – Google Chrome: CVSS (Max): None

Google has released updated version of Chrome to address several vulnerabilities

ESB-2023.0768 – Cortex XDR Agent: CVSS (Max): 5.5

A patch for a medium severity vulnerability has been provided by Palo Alto for Cortex XDR Agent on Windows Platform

ESB-2023.0756 – tigervnc: CVSS (Max): 7.8

A privilege escalation vulnerability has been addressed in TigerVNC

Stay safe, stay patched and have a good weekend!

The AusCERT team