//Week in review - 10 Mar 2023


This year AusCERT is proud to announce that Rachel Tobac will be the keynote speaker at the AusCERT2023 Conference. A well-known name in the cybersecurity industry as an expert in social engineering attacks, Rachel is also the CEO of SocialProof Security, the company she founded together with her husband. Rachel has a proven track record of hacking into Fortune 500 companies and is recognized as one of the top ethical hackers in the industry.

Speaking of AusCERT2023, some tutorials have limited capacity so if you haven’t already secured yours, jump onto the registration page now. We released details of the tutorials earlier this year to help you write those business cases for attendance at AusCERT2023. And when you’re writing it don’t forget to mention that the tutorials are included at no extra cost, you’ll have the opportunity to learn about the latest cybersecurity threats and trends, and network with other cybersecurity professionals. Copy, paste, business case done!

Although this is the 22nd annual conference, AusCERT itself turned 30 this month. All of us are incredibly proud of that achievement, and we were honoured to celebrate together with many past AusCERT team members and “friends of AusCERT” this week at our birthday party in Brisbane.

Many of those past team members literally built AusCERT from nothing, during times when little else was available in the cyber security domain. Today, although our culture and values remain the same, we have shifted our focus where our members need it most: threat intelligence, incident support and cyber security education. Director of AusCERT Dr David Stockdale, and AusCERT’s Senior Manager Mike Holm spoke with IT News this week about AusCERT’s proud heritage and our future direction. You can watch the video here.

And now a selection of this week’s notable cyber security news articles, compiled by the AusCERT Analyst Team:

PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
Date: 2023-03-06
Author: Help Net Security

Patches for the flaw – which affects a wide variety of MS Office and SharePoint versions, Microsoft 365 Apps for Enterprise and other products – have been released by Microsoft last month.
CVE-2023-21716 was discovered and privately disclosed by security researcher Joshua J. Drake in November 2022.
It is a heap corruption vulnerability in Microsoft Word’s RTF parser that, if triggered, allows attackers to achieve remote code execution with the privileges of the victim. The flaw does not require prior authentication: attackers can simply send a booby-trapped RTF file to the victim(s) via email.

Emotet malware attacks return after three-month break
Date: 2023-03-07
Author: Bleeping Computer

The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide.
Emotet is a notorious malware distributed through email containing malicious Microsoft Word and Excel document attachments. When users open these documents and macros are enabled, the Emotet DLL will be downloaded and loaded into memory.

Fortinet warns of new critical unauthenticated RCE vulnerability
Date: 2023-03-08
Author: Bleeping Computer

Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests.
This buffer underflow vulnerability is tracked as CVE-2023-25610 and has a CVSS v3 score of 9.3, rating it critical. This type of flaw occurs when a program tries to read more data from a memory buffer than is available, resulting in accessing adjacent memory locations, leading to risky behavior or crashes.

Akamai mitigates record-breaking 900Gbps DDoS attack in Asia
Date: 2023-03-09
Author: Bleeping Computer

Akamai reports having mitigated the largest DDoS (distributed denial of service) attack ever launched against a customer based in the Asia-Pacific region.
DDoS is an attack that involves sending a large volume of garbage requests to a targeted server, depleting its capacity, and thus rendering the websites, applications, or other online services it hosts unreachable by legitimate users.

Australian official demands Russia bring criminal hackers ‘to heel’
Date: 2023-03-09
Author: The Record

A senior official in Australia criticized the Russian government on Wednesday for failing to properly police cybercriminals based in its jurisdiction.
Michael Pezullo, a public servant rather than a politician — currently serving as the secretary of the Department of Home Affairs — said the Russian Federation hosted “the greatest density of cybercriminals, particularly those with ransomware,” in the world.

ESB-2023.1478 – Fortinet Products: CVSS (Max): 8.2

A relative path traversal vulnerability [CWE-23] in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests

ESB-2023.1468 – Jenkins: CVSS (Max): 8.8

Multiple vulnerabilities found in Jenkins core and Update-center2 have been patched

ESB-2023.1433 – Google Chrome: CVSS (Max): None

Google released stable channel update for Google Chrome Desktop and this update includes 40 security fixes

ESB-2023.1405 – GitLab: CVSS (Max): 8.7

Gitlab released security update for GitLab Community Edition (CE) and Enterprise Edition (EE)

Stay safe, stay patched and have a good weekend!

The AusCERT team