18 Aug 2023

Week in review


This week, the AUSCERT analyst team successfully completed the annual drill hosted by the Asia Pacific Computer Emergency Response Team (APCERT). The drill tests the capabilities of leading Computer Security Incident Response Teams (CSIRTS) in the Asia Pacific region. This year 24 teams participated from 21 countries, being tested on their abilities to interact and collaborate locally and internationally. The aim of the exercise was to strengthen collaboration amongst the different constituencies, enhance communication and develop technical capabilities and quality of incident response to ensure security and safety. The theme of this year’s APCERT Drill was “Digital Supply Chain Redemption” which reflects real incidents and issues that exist today. We are honoured to be part of such an incredible drill as it provides an opportunity to strengthen our relationship with local and international partners, as well as enhancing our team’s knowledge and skills when dealing with complex global incidents.

Recently the National Institute of Standards (NIST) released a new draft update to its globally used Cybersecurity Framework (CSF). First released in 2014, the CSF has been updated to reflect the community’s feedback and current usage patterns. The Framework provides high-level guidance, including a common language and a systematic methodology for managing cybersecurity risk across sectors and aiding communication between technical and nontechnical staff. This includes initiatives that can be incorporated into cybersecurity programs and tailored to meet organisational objectives. One key update to the Framework has been adding an extra pillar for ‘Govern’. The Govern function is designed to establish and monitor an organization’s cyber security risk management strategy, expectations and policy. The public draft is available via the NIST website or you can click here to read the full document. It provides guidance on implementing the CSF and tailoring it for different organisational sectors. NIST does not plan to release another draft of CSF 2.0 for comment. The final CSF 2.0 is to be published in early 2024.

Finally, for our South-East Queensland readers, we would like to inform you that SANS will be holding their highly anticipated cutting-edge information and hands-on in-person training event in Brisbane from October 9 -14, 2023. SANS Brisbane 2023 features three of SANS most popular courses which aim to provide cyber security professionals with the tools and knowledge required to combat ever-evolving cyber threats.

Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Date: 2023-08-11
Author: Bleeping Computer

Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks.
Over 500 device manufacturers use the CODESYS V3 SDK for programming on more than 1,000 PLC models according to the IEC 61131-3 standard, allowing users to develop custom automation sequences.

Ivanti Avalanche impacted by critical pre-auth stack buffer overflows
Date: 2023-08-15
Author: Bleeping Computer

Two stack-based buffer overflows collectively tracked as CVE-2023-32560 impact Ivanti Avalanche, an enterprise mobility management (EMM) solution designed to manage, monitor, and secure a wide range of mobile devices.
The flaws are rated critical (CVSS v3: 9.8) and are remotely exploitable without user authentication, potentially allowing attackers to execute arbitrary code on the target system.
The vulnerability impacts WLAvalancheService.exe version and older, which receives communications over TCP port 1777.

Data centres vulnerable, researchers tell DEF CON
Date: 2023-08-14
Author: iTnews

Trellix researchers are warning of vulnerabilities in the products of two vendors, CyberPower and Dataprobe, that are widely used in data centres, one of which is rated as “critical” with a CVSS score of 9.8.
The company last week presented its work to DEFCON in Las Vegas. Trellix said both CyberPower and Dataprobe have released fixes.

Phishing campaign used QR codes to target large energy company
Date: 2023-08-17
Author: The Record

Cybersecurity researchers uncovered a large phishing campaign using malicious QR codes with the hopes of acquiring Microsoft credentials at several targets, including a major U.S. energy company.
QR codes have become widely adopted since the onset of the COVID-19 pandemic, with thousands of restaurants and businesses replacing physical menus and guides with the machine-readable images that pull up webpages containing the same information.
But hackers have been quick to exploit the trend, launching campaigns that spread fake QR codes to steal user information.
Cybersecurity firm Cofense released a new report on Wednesday identifying a campaign that began in May targeting a wide array of industries.

Five foreign nationals arrested in alleged card skimming scam on Australian ATMs
Date: 2023-08-13
Author: ABC News

Five alleged members of an international syndicate accused of fitting card skimmers to Australian ATMs have been arrested in Brisbane and Sydney after a tip-off from US authorities.
The group allegedly used ATM skimmers to steal card numbers and pins and then used cloned cards to withdraw welfare payments as soon as they were deposited.

ESB-2023.4698 – Cisco Unified CM and Cisco Unified CM SME: CVSS (Max): 8.1

Cisco has released fixes for an SQL Injection vulnerability identified in Unified Communication Manager

ESB-2023.4720 – Google Chrome: CVSS (Max): None

Google Chrome has been updated to address multiple vulnerabilities

ESB-2023.4745 – Traffix SDC: CVSS (Max): 7.5

A Denial of Service vulnerability affects the WebUI component of Traffix SDC

ESB-2023.4747 – IBM Security QRadar SIEM: CVSS (Max): 7.9

A Path Traversal vulnerability in AWS SDK for Java used by QRadar SIEM has been addressed by IBM

ESB-2023.4750 – Confluence Data Center & Confluence Server: CVSS (Max): 7.5

Atlassian has address a Denial of Service vulnerability in Confluence Data Center and Server

ESB-2023.4754 – [Juniper] Junos OS: CVSS (Max): 9.8

Juniper has addressed several vulnerabilities in Junos OS. These vulnerabilities can be chained together leading to Remote Code Execution

Stay safe, stay patched and have a good weekend!

The AUSCERT team