16 Jun 2023

Week in review

Greetings,

At AUSCERT, we recognize that continuous growth and development are vital aspects of a successful organisation. As part of our commitment to providing the most valuable services, we are currently focusing on understanding the needs and preferences of our members. To achieve this, we conducted a comprehensive member survey and are now about to embark on the next phase of our journey by organising intimate focus groups in each of your respective cities. We highly value your direct input and are eager to hear your thoughts, opinions, and suggestions. Your feedback will play a pivotal role in driving our continuous improvement and development. We will contact you soon with the more details so please stay tuned!

In the spirit of continuous development, we have launched a new training course that is designed to build on the skills developed in our Introduction to Cyber for IT Professionals. Our new course, Intermediate Cyber Security – Internet Technologies is designed to provide participants with awareness on the security issues utilising a range of internet-oriented technologies and protocols. As well as practical guidance for how participants can safeguard their organisation. In today’s digital landscape we rely heavily on the internet for both daily business operations and government service delivery, making it critical to have a comprehensive understanding of the current threat environment.

As the internet advances and cyber crimes become more sophisticated, it is important to recognize the evolving threat landscape so we can adopt appropriate measures to safeguard our information. Even the Australian government is being targeted by hackers searching for vulnerabilities through their internal suppliers and networks. Recently HWL Ebsworth Law Firm was targeted as they have an extensive client base encompassing both commercial and government entities across every state and territory. The Russian-linked ransomware group claimed it had stolen employee and client data, including financial information, network maps and credentials. The Tasmanian government were among the impacted, reporting that they have been in touch with the federal government and are investigating the possible leak of government data. It is crucial to stay one step ahead of hackers by continuously expanding your knowledge and enhancing your skills. This way you can effectively identify vulnerabilities in your organisation before they are exploited.


Massive phishing campaign uses 6,000 sites to impersonate 100 brands
Date: 2023-06-13
Author: Bleeping Computer

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites.
The brands impersonated by the phony sites include Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face, UGG, Guess, Caterpillar, New Balance, Fila, Doc Martens, Reebok, Tommy Hilfiger, and others.

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
Date: 2023-06-11
Author: Bleeping Computer

[AUSCERT has identified the impacted members (where possible) and contacted them via MSIN]
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices.
The security fixes were released on Friday in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
While not mentioned in the release notes, security professionals and admins have hinted that the updates quietly fixed a critical SSL-VPN RCE vulnerability that would be disclosed on Tuesday, June 13th, 2023.

New MOVEit Transfer critical flaws found after security audit, patch now
Date: 2023-06-09
Author: Bleeping Computer

[AUSCERT has identified the impacted members (where possible) and contacted them via MSIN]
Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer (MFT) solution that can let attackers steal information from customers' databases.
These security bugs were discovered with the help of cybersecurity firm Huntress following detailed code reviews initiated by Progress on May 31, when it addressed a flaw exploited as a zero-day by the Clop ransomware gang in data theft attacks.
They affect all MOVEit Transfer versions and enable unauthenticated attackers to compromise Internet-exposed servers to alter or extract customer information.

Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks
Date: 2023-06-13
Author: Security Week

Microsoft’s security response team on Tuesday rolled out a massive batch of software updates to address major security gaps in its flagship Windows operating system and software components.
Redmond’s monthly Patch Tuesday updates cover at least 70 documented vulnerabilities affecting the Windows ecosystem, including six critical issues that expose users to dangerous code execution attacks.
According to Microsoft, none of the vulnerabilities have been publicly discussed or exploited in the wild.

Qld gov agencies have 'more to do' to be ready for future data breach reporting
Date: 2023-06-14
Author: iTnews

Queensland government agencies have “more work to do” to prepare for a future mandatory data breach reporting scheme, based on a readiness survey by the state’s information commissioner.
The survey [pdf] attracted 107 responses from 221 agencies.
Of those that responded, 52 agencies – a bit less than half – had a “documented data breach response plan”, with some “more comprehensive than others”.


ESB-2023.3376 – FortiOS and FortiProxy: CVSS (Max): 7.6

A cleartext transmission of sensitive information vulnerability [CWE-319] in FortiOS & FortiProxy may allow an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

ESB-2023.3366 – FortiOS: CVSS (Max): 8.3

A use of externally-controlled format string vulnerability [CWE-134] in the Fclicense daemon of FortiOS may allow a remote authenticated attacker to execute arbitrary code or commands via specially crafted requests.

ASB-2023.0113 – Windows Server 2008: CVSS (Max): 9.8

Microsoft has released its monthly security patch update for the month of June 2023 which includes fixes for 18 vulnerabilities in Windows Server.

ESB-2023.3355 – Adobe Commerce and Magneto Open Source: CVSS (Max): 9.1

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical , important and moderate vulnerabilities.
Successful exploitation could lead to arbitrary code execution, security feature bypass and arbitrary file system read.


Stay safe, stay patched and have a good weekend!

The AUSCERT team