14 Jun 2024
Week in review
Greetings,
This week, the Australian Signals Directorate (ASD) released an update to remind small and medium businesses to assess their cyber health. As we enter a period of heightened threats and attacks, it is crucial that every business is equipped with the appropriate resources and knowledge to ensure they are cyber resilient. For small and medium-sized businesses with limited resources, prioritising the most critical elements of cyber health is essential.
Cyber attacks are occurring more frequently, and recovery can be costly, making every Australian business a potential target. In the 2022-23 financial year, the average cost of cybercrime for small businesses increased to $46,000, and for medium businesses, it rose to $97,000. Such costs could potentially destroy a business, driving it into liquidation.
Australian small and medium businesses can take practical steps to enhance their cyber security by implementing the Essential Eight, which covers many of the critical elements of cyber health.
AUSCERT offers members advice and consultations to help improve their cyber security readiness in alignment with their business objectives. We specialise in helping organisations confidently adhere to industry frameworks, standards, and benchmarks. Our maturity assessments are designed to identify and address cyber security gaps in your organisation. By taking proactive steps, you can enhance your cyber security posture and reduce information security risks.
The recent Medibank case should serve as a wake-up call to Australian organisations to invest in their digital defences to meet the challenges of an evolving cyber landscape. All organisations have an ethical duty to protect the personal information they are entrusted with and many have regulatory and contractual obligations as well.
The civil penalty proceedings filed by the Australian Information Commissioner against Medibank, in relation to its October 2022 data breach, exemplifies the regulatory bodyโs commitment to holding parties accountable. The Commissioner claims Medibank failed to take reasonable steps to protect personal information from 9.7 million Australians, in breach of the Privacy Act 1988. This failure led to the release of personal information on the dark web, exposing many Australians to severe negative ramifications.
Contact us today for more information on how we can conduct a maturity assessment for your organisation and support you in meeting your business objectives.
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Date: 2024-06-08
Author: The Hacker News
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
[Please also see AUSCERT bulletin:https://portal.auscert.org.au/bulletins/ASB-2024.0111/]
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances.
The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.
According to DEVCORE security researcher, the shortcoming makes it possible to bypass protections put in place for another security flaw, CVE-2012-1823.
Microsoft Outlook Zero-Click RCE Flaw Executes as Email is Opened
Date: 2024-06-12
Author: Cyber Security News
[See AUSCERT ASB https://portal.auscert.org.au/bulletins/ASB-2024.0117]
A critical zero-click remote code execution (RCE) vulnerability has been discovered in Microsoft Outlook.
This vulnerability, designated as CVE-2024-30103, enables attackers to run arbitrary code by sending a specially designed email. When the recipient opens the email, the exploit is triggered.
The vulnerability, CVE-2024-30103, is particularly alarming due to its zero-click nature. Unlike traditional phishing attacks that require user interaction, this flaw can be exploited without any action from the user.
Google warns of actively exploited Pixel firmware zero-day
Date: 2024-06-12
Author: Bleeping Computer
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. Tracked as CVE-2024-32896, this elevation of privilege (EoP) flaw in the Pixel firmware has been rated a high-severity security issue.
Azure Service Tags could allow attackers to access private data
Date: 2024-06-04
Author: ThreatDown
[Please also see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ASB-2024.0110/]
Security researchers at Tenable have published a blog about what they call a vulnerability in Azure, a description that Microsoft denies.
Long story, very short: Itโs not a bug, itโs a feature, unless you use it incorrectly.
Tenable points out that itโs possible for an attacker to bypass firewall rules based on Azure Service Tags by forging requests from trusted services.
Azure Service Tags are intended to simplify network isolation. It allows you to group IP ranges and use them to define network security rules.
Exploit for critical Veeam auth bypass available, patch now
Date: 2024-06-10
Author: Bleeping Computer
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.
Veeam Backup Enterprise Manager (VBEM) is a web-based platform for managing Veeam Backup & Replication installations via a web console. It helps control backup jobs and perform restoration operations across an organization's backup infrastructure and large-scale deployments.
Veeam issued a security bulletin about the critical flaw on May 21, warning about a critical vulnerability enabling remote unauthenticated attackers to log in to VBEM's web interface as any user.
SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester
Date: 2024-06-07
Author: Security Week
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
SolarWinds this week announced patches for multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a penetration tester working with NATO.
Rolling out as version 2024.2, the latest SolarWinds Platform iteration includes patches for three new security defects, as well as fixes for multiple bugs in third-party components.
ASB-2024.0112 – Pytorch: CVSS (Max): 10.0
A significant flaw (CVE-2024-5480) has been unearthed within PyTorch's distributed RPC framework, leaving machine learning models and confidential data vulnerable to potential remote code execution threats. AUSCERT strongly advises PyTorch users to follow the vendor's mitigation recommendations in order to safeguard themselves effectively.
ASB-2024.0113 – Microsoft Windows: CVSS (Max): 9.8
During the June 2024 Patch Tuesday, Microsoft rolled out remedies for a critical vulnerability, CVE-2024-30080, concerning MSMQ (Microsoft Message Queuing). This flaw, characterized by a use-after-free vulnerability, exposes MSMQ to potential exploitation by unauthenticated attackers. Through the transmission of a specially crafted malicious MSMQ packet to an MSMQ server, these attackers can achieve remote code execution (RCE).
ASB-2024.0115 – Microsoft Azure: CVSS (Max): 8.1
AUSCERT's advisory warns its members regarding a vulnerability in Microsoft Azure. This flaw enables malicious actors to circumvent firewall regulations relying on Azure Service Tags by fabricating requests originating from trusted services. A threat actor could exploit Service Tags authorized by a user's firewall in the absence of supplementary validation controls.
ASB-2024.0111.2 – PHP Vulnerability impacting Windows Servers – CVE-2024-4577
A recent advisory from AUSCERT alerted its members to a vulnerability affecting all versions of PHP installed on the Windows operating system. This vulnerability has now been included in CISA's Known Exploited Vulnerabilities Catalog due to evidence of ongoing exploitation. AUSCERT emphasizes the importance of adhering to the vendor's recommended mitigation measures to ensure protection.
ESB-2024.3761 – Adobe FrameMaker Publishing Server: CVSS (Max): 10.0
In its latest patch release, Adobe addressed two critical CVEs in its FrameMaker Publishing Server, which could result in privilege escalation. With a CVSS score of 10, it is crucial to apply these patches promptly to ensure protection.
ASB-2024.0117 – Microsoft Office, Microsoft Office Services and Web Apps: CVSS (Max): 8.8
A critical zero-click remote code execution (RCE) vulnerability has been identified in Microsoft Outlook which allows attackers to execute arbitrary code through the receipt of a specifically crafted email. Upon opening the email, the exploit is activated. The seriousness of CVE-2024-30103 stems from its zero-click nature. Unlike conventional phishing attempts that rely on user interaction, this flaw can be exploited without any action required from the user.
Stay safe, stay patched and have a good weekend!
The AUSCERT team