//Week in review - 1 Sep 2023


Spring has sprung!

Just as we begin to make plans to dust off and organise our homes during this season, it’s a perfect opportunity to freshen up and enhance our cyber security measures. Regularly reviewing, updating, and optimizing our digital habits can go a long way in safeguarding our sensitive information and ensuring a safer online experience. Take the time this month to refresh your security strategies!

We have a new episode of our Share Today Save Tomorrow Podcast being released! In Episode 26 – Communication is Key Anthony sits down with Darren Pauli, a cyber security awareness practitioner and freelance journalist who explains the importance of effective written communication within the digital world. During the AUSCERT2023 conference Darren gave an exploratory talk on the simple steps to become a faster, more effective written communicator. In today’s digital landscape, the influence of technology spans every industry, compelling an increasing number of non-technical personnel to grapple with cyber-related matters for their organisations. Consequently, it has become paramount for information security professionals to use clear, concise, and simple language to ensure they are effectively conveying messages.

Yesterday, experts from the University of Queensland (UQ) published a paper to address the generalised lack of guidance on the ethical treatment of corporate data in higher education institutions. While the focus of this study is on the Higher Education sector, the principles discussed can be extended to other industries and organisations. This paper offers valuable observations and insights that can serve as a guide for ethical data practices, as currently no actionable framework currently exists within Australia.

Our new Data Governance Principles and Practices course is led by one of the authors of this paper – Sasenka Abeysooriya. This training can assist your organisation in developing a successful data governance framework, by teaching best practices and real-world examples of data governance in action. By participating in this course, attendees are equipped with the fundamental skills and knowledge they need to accelerate the development of a successful data governance program in their organisation. For members’ convenience, we are currently offering in-person and online delivery of this course.

Advisory: Qlik Sense Enterprise for Windows Remote Code Execution Vulnerabilities
Date: 2023-08-29
Author: Praetorian

[AusCERT has notified affected members of this vulnerability where possible]
Recently, we discovered two vulnerabilities which can be chained together to achieve unauthenticated remote code execution on Qlik Sense Enterprise.
At the moment, we are waiting to publish technical details on the vulnerability to give impacted organizations time to update their systems and remediate the vulnerability. Praetorian has worked closely with Qlik to responsibly disclose these vulnerabilities, CVE-2023-41265 (HTTP Tunneling Vulnerability in Qlik Sense Enterprise for Windows) and CVE-2023-41266 (Path Traversal in Qlik Sense Enterprise for Windows).

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software
Date: 2023-08-29
Author: Security Affairs

[Please see AusCERT bulletin https://auscert.org.au/bulletins/ESB-2023.4858]
Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions.
An attacker can exploit these three issues to cause a denial-of-service (DoS) condition.
The most severe issue, tracked as CVE-2023-20200 (CVSS score 7.7), is a DoS bug that resides in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects.

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
Date: 2023-08-29
Author: The Hacker News

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign.
Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as "highly responsive to defensive efforts" and capable of actively tweaking their modus operandi to maintain persistent access to targets.

Ransomware attack dwell times fall, pressuring companies to quickly respond
Date: 2023-08-23
Author: Cybersecurity Dive

The median dwell time for ransomware attacks fell in the first half of 2023, down to 5 days from the 2022 average of 9 days, according to Sophos research released Wednesday.
The majority of ransomware attacks are taking place during the work week, yet outside standard business hours, Sophos found. The bulk of 80 cases its incident response team worked on during the first half of 2023 took place between 11 p.m. and 8 a.m. in the target’s time zone. Attackers also strongly favoured a “late hour at the end of the week” to launch an attack.

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches
Date: 2023-08-25
Author: The Hacker News

The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups.
It also deemed the fixes as "ineffective" and that it "continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit."

ESB-2023.4982 – Red Hat Advanced Cluster Management 2.8.1: CVSS (Max): 9.8

Red Hat has released Critical security updates and fixes for Red Hat Advanced Cluster Management for Kubernetes.

ESB-2023.4955 – Aria Operations for Networks: CVSS (Max): 9.8

Multiple critical severity vulnerabilities in Aria Operations for Networks were responsibly reported to VMware. Updates to remediate these vulnerabilities in affected VMware products have been released.

ESB-2023.4858 – Cisco Products: CVSS (Max): 7.7

An SNMP Denial of Service Vulnerability affecting Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series devices has software updates to resolve the issue.

ESB-2023.4883 – chromium: CVSS (Max): 8.8*

Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. These issues have been fixed in a software update.

ESB-2023.4890 – json-c: CVSS (Max): 9.8

json-c could be made to crash or execute arbitrary code if it received a specially crafted JSON file. This issue is resolved by updating to Ubuntu 22.04 – libjson-c5 – 0.15-3~ubuntu1.22.04.2.

Stay safe, stay patched and have a good weekend!

The AusCERT team