16 Aug 2024
Week in review
Greetings,
This week, we released Episode 36 of our Share Today, Save Tomorrow podcast titled The Changing Face of Incident Response. In this episode, Kylie Watson from DXC joins us to discuss the evolving landscape of incident response and the critical importance of having a robust decision-making process. In the second half, Bek dives deep into tabletop exercises with our Principal Analyst, Mark-Carey Smith. Tune in now!
Adelaide members, check your inbox for news about our upcoming member meet-up on August 29th! These gatherings are excellent opportunities to connect with fellow members, exchange ideas, and enjoy some refreshments. During these catch ups we also host a session designed to help you maximize your membership, showcasing what AUSCERT can do for you. Our team will guide you through each of our services, and we’ll open the floor for a TLP:RED discussion, allowing members to share insights in confidence. Don’t miss out on this chance to make new connections and have a fantastic time! Keep an eye out for an invitation as we will be coming your way soon!
After tremendous success in Sydney and Melbourne, Digital Nation is bringing Digital As Usual: Cyber to Brisbane, and AUSCERT is thrilled to sponsor this event! This gathering will delve into Digital Nation’s latest ‘Digital as Usual’ report, bringing together security leaders, C-level executives, and board directors to explore strategies for building more robust cyber programs. With our General Manager, Ivano Bongiovanni, among the expert speakers, we are very excited for this event! For more information and to register head to their website!
Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities
Date: 2024-08-14
Author: Security Week
Intel and AMD have each informed customers about dozens of vulnerabilities found and patched in their products.
Intel has published 43 new advisories that cover a total of roughly 70 security holes. Nine advisories describe high-severity vulnerabilities.
…
AMD published eight new advisories on Patch Tuesday to inform customers about 46 vulnerabilities.
Fortinet, Zoom Patch Multiple Vulnerabilities
Date: 2024-08-14
Author: Security Week
Patches announced on Tuesday by Fortinet and Zoom address multiple vulnerabilities, including high-severity flaws leading to information disclosure and privilege escalation in Zoom products.
Fortinet released patches for three security defects impacting FortiOS, FortiAnalyzer, FortiManager, FortiProxy, FortiPAM, and FortiSwitchManager, including two medium-severity flaws and a low-severity bug.
Critical SAP flaw allows remote attackers to bypass authentication
Date: 2024-08-13
Author: Bleeping Computer
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.
The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a "missing authentication check" bug impacting SAP BusinessObjects Business Intelligence Platform versions 430 and 440 and is exploitable under certain conditions.
'0.0.0.0 Day' Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk
Date: 2024-08-09
Author: Dark Reading
[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ASB-2024.0162]
Attackers can use a flaw that exploits the 0.0.0.0 IP address to remotely execute code on various Web browsers — Chrome, Safari, Firefox, and others — putting users at risk for data theft, malware, and other malicious activity.
Researchers at open source security firm Oligo Security have discovered a way to bypass browser security and interact with services running on an organization's local network from outside the network, that they are calling "0.0.0.0 Day," because of the Web address it exploits.
Django Releases Security Updates to Address Critical Flaw (CVE-2024-42005, CVSS 9.8)
Date: 2024-08-09
Author: Security Online
[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ASB-2024.0161]
The Django team has issued security updates for Django 5.0.8 and 4.2.15 to address multiple vulnerabilities, including potential denial-of-service (DoS) attacks and a critical SQL injection vulnerability. All Django users are strongly urged to upgrade to the patched versions as soon as possible.
Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. It is widely used for building secure and scalable web applications.
ESB-2024.5281 – Flatpak: CVSS (Max): 10.0
An update of Flatpak was released to address a flaw in the handling of mounts for persistent directories. A malicious or compromised Flatpak app could take advantage of this flaw to access files outside of the sandbox.
ESB-2024.5174 – Tenable Security Center: CVSS (Max): 9.1
Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components (Apache, libcurl) were found to contain vulnerabilities, and updated versions have been made available by the providers.
ASB-2024.0167 – Microsoft ESU: CVSS (Max): 9.8
Microsoft has released its monthly security patch update for the month of August 2024. This update resolves 42 vulnerabilities across various Windows Server products. A critical zero-click TCP/IP vulnerability in Windows, affecting all systems with IPv6 enabled, could allow remote code execution through specially crafted packets. Microsoft urges users to patch immediately due to the high risk of exploitation.
ASB-2024.0163 – Microsoft Windows: CVSS (Max): 9.8
Microsoft has released its monthly security patch update for the month of August 2024. This update resolves 65 vulnerabilities across Windows 10, 11 and Server products.
ESB-2024.5158 – Python for Scientific Computing: CVSS (Max): 9.8*
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Python for Scientific Computing version 4.2.1.
Stay safe, stay patched and have a good weekend!
The AUSCERT team