1 Mar 2024

Week in review


The AUSCERT2024 program is now live! With the highest number of presentation submissions ever received, the selection committee faced the challenging task of curating a program that showcases the most relevant and impactful topics. Striving for diversity, the committee selected a wide array of subjects, ensuring a well-rounded and engaging program. If you haven't already, make sure to register as soon as possible to secure your spot!

In recent news, the National Institute of Standards and Technology (NIST) has introduced version 2.0 of its cyber security framework (CSF), marking a significant update since its inception in 2014. This development is noteworthy as the framework now explicitly aims to assist all organisations, extending beyond critical infrastructure entities in managing and mitigating risks. The updated framework incorporates implementation examples, providing actionable steps to achieve various outcomes within different areas. Additionally, they have also released quick start guides to provide further direction and guidance to organisations wanting to achieve specific objectives.

The updated NIST Framework places a new focus on governance. The new GOVERN function addresses the cyber security risk management strategy, expectations and policies that should be established, communicated and monitored. GOVERN essentially provides outcomes to inform what an organisation may do to achieve and prioritise the outcomes of the other five Functions within the framework (Identify, Protec, Detect, Respond & Recover). GOVERN also contains a new focus area on cyber security supply chain risk management.

For member organisations seeking additional support in governance, we recommend registering for our new training course, "Data Governance Principles and Practices." In this course, our expert practitioners delve into the key components of a successful data governance framework, utilizing real-world examples to illustrate best practices. The training is designed to provide attendees with fundamental skills and knowledge essential for expediting the establishment of a successful data governance program within their organisation. Participants will also learn practices and methodologies applicable to various initiatives, including stakeholder management, identification of pain points and the development of related objectives ultimately leading to the creation of a strategy on a page.

CVE-2024-26592 & 26594: Critical Linux Kernel Flaws Open Door for Code Execution and Data Theft
Date: 2024-03-26
Author: Security Online

A pair of critical vulnerabilities, recently patched in the Linux kernel, have raised alarms for anyone managing Linux systems. These flaws resided in the KSMBD file server, responsible for seamless file sharing with Windows machines. These vulnerabilities, dubbed CVE-2024-26592 and CVE-2024-26594, carried severe consequences, but thankfully, swift action has mitigated the threat.

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
Date: 2024-03-27
Author: The Hacker News

[AusCERT has identified the impacted members (where possible) and contacted them via email ]
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges.
Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version
"This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request," Patchstack researcher Rafie Muhammad said.

TeamViewer's Security Flaw Risks Password Safety
Date: 2024-03-29
Author: Security Online

A recently discovered security hole (CVE-2024-0819) in older TeamViewer versions (prior to 15.51.5) could have put your personal password and system security at risk. This flaw allowed even low-level users on shared computers to set a personal password, potentially leading to unauthorized remote access. Fortunately, TeamViewer has released a fix, but it’s crucial to update immediately and take this opportunity to bolster your overall security practices.

Progress patches authentication bug in OpenEdge
Date: 2024-03-28
Author: iTnews

Progress Software’s OpenEdge authentication gateway and AdminServer need to be patched against a critical authentication bypass bug present in all supported releases of OpenEdge.
According to the company’s advisory, the bug affects OpenEdge Release 11.7.18 and earlier, OpenEdge 12.2.13 and earlier, and OpenEdge 12.8.0.
The bug’s Mitre entry adds: “Certain unexpected content passed into the credentials can lead to unauthorised access without proper authentication.”

CVE-2023-7235: OpenVPN Vulnerability Puts Windows Users at Risk
Date: 2024-03-21
Author: Security Online

[AUSCERT has identified the impacted members (where possible) and contacted them via email]
OpenVPN has released version 2.6.9 for Windows, Mac, and Linux, addressing a severe privilege escalation vulnerability (CVE-2023-7235). This flaw, discovered by Will Dormann, affects Windows GUI installations of OpenVPN.

Zyxel Patches Remote Code Execution Bug in Firewall Products
Date: 2024-03-26
Author: Security Week

Taiwanese networking device maker Zyxel has rolled out patches for multiple defects in its firewall and access point products alongside warnings that unpatched systems are at risk of remote code execution attacks.
Zyxel, a company that has struggled with software security problems, documented at least four vulnerabilities that expose businesses to code execution, command injection and denial-of-service exploitation.

ESB-2024.1257 – Google Chrome: CVSS (Max): None

Google has issued an update for the Google Chrome Stable channel containing 4 security patches. This update is applicable to Mac, Linux, and Windows systems and will be gradually rolled out over the upcoming days/weeks.

ESB-2024.1150 – Firefox for iOS: CVSS (Max): None

Mozilla has released patches to resolve CVE-2024-26283, CVE-2024-26282, and CVE-2024-26281 in Firefox for iOS 123, preventing potential unauthorized script execution by attackers.

ESB-2024.1299 – Juniper Secure Analytics (JSA): CVSS (Max): 9.8

Several vulnerabilities have been reported in Juniper Networks' Juniper Secure Analytics affecting all versions before 7.5.0 UP7. Juniper Networks has released software updates to mitigate these vulnerabilities.

ESB-2024.1131.2 – UPDATE Drupal Core: CVSS (Max): None

A critical vulnerability affecting Drupal core has been identified, potentially resulting in sensitive information being cached and accessible to anonymous users, thereby enabling privilege escalation. Administrators are strongly advised to install the recommended version prevent exploitation.

Stay safe, stay patched and have a good weekend!

The AusCERT team