17 May 2024

Week in review


Last Day to Register for AUSCERT2024 Before Prices Increase! Don’t miss this incredible opportunity, register now to take advantage of the lower prices! We’re excited to catch up with all our favourite people next week! With a program packed with groundbreaking workshops, innovative speakers, and exciting activities, we are prepared for an unforgettable experience!

Yesterday, we were thrilled to welcome our colleagues from CIRCL Luxembourg to the AUSCERT headquarters! Long-time friends of AUSCERT, Michael Hamm and Christian Studer, visited to reconnect with old friends and share their expertise with our team. As many of you know, the CIRCL team is renowned for developing the Malware Information Sharing Platform (MISP) and tactical data feeds used worldwide. Years ago, they assisted AUSCERT in integrating MISP into our services as AusMISP, providing significant benefits to our members.

During their visit, Michael and Christian offered valuable insights on MISP and other strategies to further develop the platform and enhance our capabilities. The team also had productive brainstorming sessions about future projects, fostering an environment of collaboration and innovation.

This week, we have also released a new podcast episode, Episode 34: Wireless in an Undiscovered Country. In this episode, Anthony sits down with Ed Farrell from Mercury ISS, renowned for his AUSCERT Conference tutorials and his leadership in the cybersecurity industry. Ed shares his insights on wireless technology in our evolving landscape. In the second half of the episode, Bek chats with Anthony in anticipation of next week’s AUSCERT Conference!

In other exciting news, our General Manager, Ivano, will be hosting a Masterclass on “Overcoming Cyber-Risks: Legal and Managerial Implications.” This course is specifically tailored for non-cyber professionals, providing essential skills to protect organisations from data breaches and mitigate reputational and financial risks. It is designed to empower participants with a comprehensive understanding of the legal and managerial aspects of cybersecurity. For more information and to register, click here!

SAP Security Patch Day – May 2024
Date: 2024-05-14
Author: SecurityBridge

Looking at the fifth SAP Security Patch Day of the year, the imperative for maintaining robust security measures remains paramount. Once again, SAP has released a series of security patches, prompting a closer examination of the key highlights. This time, the update comprises a set of 15 notes. In today’s digital landscape, it’s a narrative we’re all too familiar with – headlines dominated by reports of data breaches, ransomware attacks, and other cyber threats that loom over organizations.

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
Date: 2024-05-14
Author: The Hacker News

[AUSCERT identified the impacted members (where possible) and contacted them via email]
The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.
The most severe of the vulnerabilities are listed below –
CVE-2024-25641 (CVSS score: 9.1) – An arbitrary file write vulnerability in the “Package Import” feature that allows authenticated users having the “Import Templates” permission to execute arbitrary PHP code on the web server, resulting in remote code execution.

Google patches third exploited Chrome zero-day in a week
Date: 2024-05-15
Author: Bleeping Computer

[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ESB-2024.3100]
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
“Google is aware that an exploit for CVE-2024-4947 exists in the wild,” the search giant said in a security advisory published on Wednesday.
The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 (Linux). The new versions will roll out to all users in the Stable Desktop channel over the coming weeks.

Citrix warns admins to manually mitigate PuTTY SSH client bug
Date: 2024-05-09
Author: Bleeping Computer

[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ASB-2024.0072]
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin’s private SSH key.
XenCenter helps manage Citrix Hypervisor environments from a Windows desktop, including deploying and monitoring virtual machines.
The security flaw (tracked as CVE-2024-31497) impacts multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which bundle and use PuTTY to make SSH connections from XenCenter to guest VMs when clicking the “Open SSH Console” button.

Largest non-bank lender in Australia warns of a data breach
Date: 2024-05-12
Author: Bleeping Computer

Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm.
Firstmac is a significant player in Australia’s financial services industry, focusing primarily on mortgage lending, investment management, and securitization services.
Headquartered in Brisbane, Queensland, and employing 460 people, the firm has issued 100,000 home loans and currently manages $15 billion in mortgages.

CISA Announces CVE Enrichment Project ‘Vulnrichment’
Date: 2024-05-09
Author: Security Week

The US cybersecurity agency CISA on Wednesday announced a new project that aims to add important information to CVE records in an effort to help organizations improve their vulnerability management processes.
The project is named Vulnrichment and its goal is the enrichment of public CVE records with Common Platform Enumeration (CPE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), and Known Exploited Vulnerabilities (KEV) data.
CISA says it has already enriched 1,300 CVEs — particularly new and recent CVEs — and is asking all CVE numbering authorities (CNAs) to provide complete information when submitting vulnerability information to CVE.org.

ESB-2024.3099 – VMware Products: CVSS (Max): 9.3

In the latest security update, Broadcom has disclosed serious vulnerabilities impacting VMware Workstation and Fusion. These issues, identified as CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, and CVE-2024-22270, pose risks such as denial of service and information exposure to users.

ESB-2024.3046 – Adobe Acrobat and Reader: CVSS (Max): 7.8

Adobe has identified 35 security vulnerabilities across various products and is advising users to promptly address critical-severity issues in its popular Adobe Acrobat and Reader programs.

ASB-2024.0108 – ALERT Microsoft Windows: CVSS (Max): 8.8

Microsoft has urgently addressed a critical zero-day vulnerability, CVE-2024-30051, exploited by attackers to deliver QakBot malware. This flaw in Windows Desktop Window Manager allowed threat actors to gain full control over compromised machines.

ESB-2024.2988 – Google Chrome: CVSS (Max): None

Google has promptly taken action to resolve a significant zero-day vulnerability in its Chrome browser that was being actively exploited. The vulnerability, known as CVE-2024-4761, is an “Out of bounds write” flaw located in V8, Chrome’s JavaScript engine.

ASB-2024.0105.2 – UPDATE ALERT [WIN] Microsoft Edge: CVSS (Max): None

Microsoft Edge users to urged to install the latest security update. This critical update addresses several vulnerabilities, including a zero-day flaw (CVE-2024-4671) that is actively being exploited in the wild.

Stay safe, stay patched and have a good weekend!

The AUSCERT team