12 Jan 2024
Week in review
Greetings,
As the new year is in full swing, and many of us have returned to work, now is a great time to commence the development of our organisational goals and objectives for the year. Cyber security practices should stand as a fundamental pillar within all organisations, given the increased frequency and heightened sophistication of cyber attacks.
This week, Microsoft initiated their first Patch Tuesday of the new year, addressing various flaws and vulnerabilities. This serves as a timely reminder for the new year to stay secure and keep your systems patched by addressing these vulnerabilities.
Small and medium sized businesses are often the most severely impacted when targeted in cyber attacks. Even a minor incident can have devastating consequences, resulting in significant losses that may be challenging to recover from. Employing robust cyber security measures is crucial for safeguarding financial stability, reputation and ensuring business continuity. The ASD has released a helpful guide for small businesses, offering valuable insights into basic security measures to protect against common security threats.
To better prepare consumers, NAB scam experts have shared their top tips to spot the red flags of scam trends predicted to impact Australians in 2024. According to the bank’s fraud and cyber security experts, emerging scams to watch out for include AI voice scams and QR code phishing. The top six scams to be vigilant of:
- AI voice impersonation scams
- Term deposit investment scams
- Remote access scams using chat
- Romance scams
- Ticket scams
- QR code phishing scams
NAB has reported a significant rise in AI voice scams, emphasizing the need for heightened vigilance in 2024. These scams can be created with as little as three seconds of audio sources from social media posts, voicemails or videos on websites. It is crucial to stay vigilant and promptly report any red flags. NAB has implemented a comprehensive bank-wide strategy to address the global scam epidemic. Make sure to read through it and ensure you are familiar with all the key points!
Cisco says critical Unity Connection bug lets attackers get root
Date: None
Author: Bleeping Computer
[Please also see AUSCERT bulletins: https://portal.auscert.org.au/bulletins/ESB-2024.0247 and https://portal.auscert.org.au/bulletins/ESB-2024.0249 ]
Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.
Unity Connection is a fully virtualized messaging and voicemail solution for email inboxes, web browsers, Cisco Jabber, Cisco Unified IP Phone, smartphones, or tablets with high availability and redundancy support.
Ivanti patches two exploited zero-day bugs
Date: None
Author: iTnews
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Ivanti is warning users against two zero-day vulnerabilities in its Connect Secure VPN devices after they were discovered and disclosed by security researchers from Volexity.
Volexity spotted the vulnerabilities while analysing a system that was attacked by a group it dubbed “UTA0178”, which it has “reason to believe … is a Chinese nation-state level threat actor”.
The bugs, described here, comprise an authentication bypass and a command injection bug, which can be chained together.
Critical Xwiki vulnerability risks RCE attacks
Date: None
Author: Cyber News
Xwiki, an application development platform, has a critical vulnerability that could open it up for remote code execution (RCE) attacks.
Xwiki is vulnerable to remote code execution (RCE) attacks through its user registration feature. The vulnerability, tracked as CVE-2024-21650 allows an attacker to execute arbitrary code by crafting malicious payloads in the “first name” or “last name” fields during user registration.
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Date: None
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.
Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.
The security flaw (tracked as CVE-2023-39366) impacts all supported Ivanti EPM versions, and it has been resolved in version 2022 Service Update 5.
Cybersecurity trends and challenges to watch out for in 2024
Date: None
Author: We Live Security
What are some of the key cybersecurity trends that people and organizations should have on their radars this year?
As 2024 dawns, it's time to look ahead to the challenges that are set to face people and organizations across the world this year. In this week's video, ESET Chief Security Evangelist Tony Anscombe looks at:
how the upcoming presidential election in the US comes into play
why small and medium-sized businesses in particular should be on their guard
the ransomware landscape
the AI cybersecurity conundrum expected developments in cybersecurity legislation
Android’s January 2024 Security Update Patches 58 Vulnerabilities
Date: None
Author: Security Week
[Please also see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2024.0092]
The first part of Android’s January 2024 update, which arrives on devices as the 2024-01-01 security patch level, addresses ten security holes in the Framework and System components, all rated ‘high severity’.
“The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google notes in its advisory.
ESB-2024.0219 – ALERT Security Director Insights: CVSS (Max): 10.0
Juniper Networks has released Security Director Insights 23.1R1 to address critical vulnerabilities in 3rd party libraries. Juniper Networks has also released information on how to mitigate the issues.
ESB-2024.0149 – Splunk Enterprise Security: CVSS (Max): 9.8
Splunk Enterprise Security Third-Party Package Updates for January 2024 fix common vulnerabilities and exposures identified in Third Party Packages. Splunk administrators are urged to update Splunk Enterprise Security to versions 7.1.2, 7.2.0, 7.3.0 or higher.
ASB-2024.0008 – Microsoft Windows Products: CVSS (Max): 9.0*
Microsoft's first patch update for the new year resolves 40 vulnerabilities across Windows and Windows Server. This includes two critical Security Feature Bypass and Remote Code Execution flaws.
ESB-2024.0249 – ALERT Cisco Unity Connection: CVSS (Max): 7.3
Cisco Systems has released patches to address a critical vulnerability in the Unity Connection unified messaging and voicemail solution. This vulnerability, identified as CVE-2024-20272, has the potential to be remotely exploited without authentication. If successfully exploited, it could allow unauthorized individuals to upload arbitrary files, execute commands on the underlying operating system, and gain elevated privileges to root.
ESB-2024.0171 – Adobe Substance 3D Stager: CVSS (Max): 5.5
Adobe has recently released an update for Adobe Substance 3D Stager that targets and resolves significant vulnerabilities. These vulnerabilities, if successfully exploited, could result in memory leaks and the execution of arbitrary code within the current user's context. It is highly recommended to install this update to ensure the security and stability of Adobe Substance 3D Stager.
Stay safe, stay patched and have a good weekend!
The AUSCERT team