//Week in review - 15 Dec 2023
Greetings,
Spear phishing is experiencing a significant surge, marked by a rise in both prevalence and sophistication. Cyber Criminals employ highly targeted techniques to deceive their victims, demonstrating a precision that focuses on specific individuals or organisations. The particularly concerning aspect of these attacks lies in their high success rate, attributed to their effectiveness in appearing genuine.
A joint advisory from key nations – Australia, Canada, New Zealand, the United Kingdom, and the United States, highlights the spear phishing techniques employed by the Russian state-based actor, Star Blizzard. This advisory aims to raise awareness regarding the increasingly sophisticated tactics used by cyber adversaries to target individuals and organisations globally. Notably these techniques are commonly directed at sectors such as academia, defence, governmental organisations, NGO’s (Non-Governmental Organisations), and political figures.
While Star Blizzard has predominately targeted the UK and US, the advisory serves as a global warning, urging everyone to remain vigilant. The evolving nature of these attacks necessitates a collective effort to stay informed and proactive against the growing threats. The advisory provides valuable insights into spear-phishing campaigns and offers guidance on recognising potential signs of deception.
In spear-phishing campaigns, cybercriminals gather detailed information about their targets including names, titles, and relationships. This level of personalisation makes these phishing attempts more convincing and challenging to identify. The perpetrators often impersonate high-ranking executives of trusted individuals within an organisation, manipulating employees into divulging sensitive information or performing actions that could compromise security.
The emails appear very legitimate as they often use cloned email templates from the target organisation, increasing the likelihood that recipients will trust and act upon them. This method usually involves social engineering tactics, manipulating human psychology to exploit trust or authority. Attackers may leverage information from social media, organisational information, or other sources to craft convincing and targeted messages.
Staying informed about these tactics and remaining vigilant are crucial steps in fortifying defences against such deceptive cyber threats. Empower your employees by allocating resources for training and investing in broader education and awareness initiatives. Head to our website for more information on upcoming training courses for 2024!
Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle
Date: 2023-12-12
Author: Security Week
[Please see AUSCERT Bulletins: ESB-2023.7419, ESB-2023.7418, ESB-2023.7413]
Adobe warned users on both Windows and macOS systems about exposure to code execution, memory leaks and denial-of-service security issues. Software maker Adobe on Tuesday rolled out fixes for code execution flaws in the enterprise-facing Illustrator, Substance 3D Sampler and After Effects products.
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
Date: 2023-12-12
Author: Bleeping Computer
[Please see AUSCERT Bulletins: ASB-2023.(0230 – 0235)]
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs.
While eight remote code execution (RCE) bugs were fixed, Microsoft only rated three as critical. In total, there were four critical vulnerabilities, with one in Power Platform (Spoofing), two in Internet Connection Sharing (RCE), and one in Windows MSHTML Platform (RCE).
Critical Vulnerability in popular Java framework Apache Struts2
Date: 2023-12-14
Author: ACSC
[Please see AUSCERT bulletin: https://auscert.org.au/bulletins/ESB-2023.7339.2]
A Critical RCE vulnerability has been found in the Apache Struts2 Framework with ‘flawed file upload logic’.
This can allow a temporary file upload to instead be uploaded to any directories and allow execution, such as the deployment of a web shell.
Patches have been released for the framework itself, but mitigation will also require vendors applying these patches in all applications which use the framework. This includes multiple enterprise-oriented web applications.
Exploitation attempts have been observed globally.
UniFi devices broadcasted private video to other users’ accounts
Date: 2023-12-15
Author: Ars Technica
Users of UniFi, the popular line of wireless devices from manufacturer Ubiquiti, are reporting receiving private camera feeds from, and control over, devices belonging to other users, posts published to social media site Reddit over the past 24 hours show.
“Recently, my wife received a notification from UniFi Protect, which included an image from a security camera,” one Reddit user reported. “However, here's the twist—this camera doesn't belong to us.”
WordPress 6.4.2 Patches Remote Code Execution Vulnerability
Date: 2023-12-08
Author: Security Week
WordPress last week released a security update for the popular content management system (CMS) to address a remote code execution (RCE) vulnerability.
The flaw addressed in the open source CMS is a property oriented programming (POP) chain issue introduced in WordPress core 6.4. It can be combined with a different object injection flaw, allowing attackers to execute PHP code on vulnerable websites.
Apple Ships iOS 17.2 With Urgent Security Patches
Date: 2023-12-11
Author: Security Week
[Please see AUSCERT Bulletin: https://auscert.org.au/bulletins/ESB-2023.7367]
Apple on Monday rolled out security-themed iOS and iPadOS refreshes to address multiple serious vulnerabilities that expose mobile users to malicious hacker attacks.
The newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes.
ASB-2023.0230 – ALERT Microsoft Windows: CVSS (Max): 8.8
Microsoft has released its monthly security patch update for December 2023 which resolves 25 vulnerabilities in Windows and Windows Server.
ESB-2023.7367 – iOS 17.2 and iPadOS 17.2: CVSS (Max): 7.1*
The newest iOS 17.2 and iPadOS 17.2 rollout addresses a number of security issues , some serious enough to lead to arbitrary code execution or app sandbox escapes.
ESB-2023.7339.2 – UPDATE Apache Struts: CVSS (Max): None
A Critical RCE vulnerability has been found in the Apache Struts2 which has been exploited in the wild. Patches have been released and it is strongly recommended that IT Administrators take immediate action to apply these patches and ensure the security of their systems.
ESB-2023.7344 – WordPress: CVSS (Max): None
WordPress has released WordPress 6.4.2. for the popular content management system to address a remote code execution vulnerability. Site owners and administrators are advised to update to the fixed CMS version as soon as possible.
ESB-2023.7413 – Adobe Illustrator: CVSS (Max): 7.8
Adobe has released an update for Adobe Illustrator 2023 and 2024. This update resolves critical vulnerabilities that could lead to arbitrary code execution.
Stay safe, stay patched and have a good weekend!
The AusCERT team
