20 Dec 2024
Week in review
Greetings,
As the year draws to a close, we take pride in reflecting on the remarkable achievements of AUSCERT in 2024. This year has been defined by innovation, growth, and collaboration, marked by significant milestones that have further enhanced the value we deliver to our members. AUSCERT has strengthened its reputation as a trusted ally in cyber security by introducing transformative initiatives, enhancing existing services, and fostering deeper connections within the global cyber security community. These accomplishments demonstrate our unwavering commitment to equipping our members with the tools, knowledge, and support they need to confidently navigate the ever-evolving cyber security landscape.
One of the standout moments of the year was the successful delivery of AUSCERT2024, which welcomed over 900 delegates—a record-breaking achievement! The conference featured ground-breaking workshops, insightful presentations, and key initiatives designed to strengthen and advance the cyber security industry. For those who missed conference presentations or wish to revisit them, recordings are available on our YouTube Channel.
This year, we celebrated a major milestone with the launch of our rebrand—a refreshed identity that proudly reflects our new position as an “Ally in Cyber Security.” As part of this transformation, we unveiled an updated member portal featuring enhanced functionality designed to provide a more seamless and improved experience for our members. Our commitment to continuous improvement and service excellence remains unwavering. We invite our members to share their thoughts and ideas for future enhancements. Your feedback is invaluable—please submit your suggestions through the feedback feature in the member portal. Together, we can shape the future of our services to better meet your needs.
Additionally, we expanded our offerings to include Governance, Risk, and Compliance (GRC) services. These encompass maturity assessments and tabletop exercises tailored to help our members navigate the complexities of GRC while aligning cyber security practices with their business objectives. Our proactive approach identifies and provides advice to address cyber security gaps, mitigate risks, and enhance organisational resilience. Through close collaboration, we aim to elevate security and compliance standards across your organisation.
Looking ahead to 2025, we are excited to build on this momentum and continue delivering exceptional value to our members. Together, we will achieve even greater success in the coming year.
CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers
Date: 2024-12-18
Author: Security Online
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
A recently disclosed security vulnerability in Next.js, a popular React framework used by millions of developers worldwide, could have allowed unauthorized access to sensitive application data.
The vulnerability, tracked as CVE-2024-51479 and assigned a CVSS score of 7.5, was discovered by tyage from GMO Cybersecurity by IERAE. It affects Next.js versions 9.5.5 through 14.2.14.
Clop is back to wreak havoc via vulnerable file-transfer software
Date: 2024-12-17
Author: CyberScoop
In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks.
Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software. The vulnerabilities, which affected Cleo’s LexiCom, VLTrader, and Harmony products, have led to worries that sensitive data across various industries could be swiped by the group in a repeat of some of the most damaging security incidents of the past few years.
CISA confirms critical Cleo bug exploitation in ransomware attacks
Date: 2024-12-13
Author: Bleeping Computer
CISA confirmed today that a critical security vulnerability in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks.
This flaw (tracked as CVE-2024-50623 and impacting all versions before version 5.8.0.21) enables unauthenticated attackers to gain remote code execution on vulnerable servers exposed online.
Cleo released security updates to fix it in October and warned all customers to "immediately upgrade instances" to additional potential attack vectors.
Citrix Warns of Password Spraying Attacks Targeting NetScaler Appliances
Date: 2024-12-16
Author: Security Week
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Citrix has issued a fresh warning on password spraying attacks targeting NetScaler and NetScaler Gateway appliances deployed by organizations worldwide.
The attacks appear to be related to a broad campaign that was initially detailed in April 2024, targeting VPN and SSH services from Cisco, CheckPoint, Fortinet, SonicWall, and other organizations to brute-force them.
Cisco patched a vulnerability related to these attacks in early October, and later that month Microsoft warned of password spray attacks targeting routers from multiple vendors.
Curl Vulnerability Let Attackers Access Sensitive Information
Date: 2024-12-15
Author: Cyber Security News
[Please sere AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2024.8235/]
A critical security flaw has been discovered in the popular data transfer tool Curl, potentially allowing attackers to access sensitive information.
The vulnerability, identified as CVE-2024-11053, affects curl versions 6.5 through 8.11.0 and could lead to the exposure of passwords to unauthorized parties.
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
Date: 2024-12-16
Author: Bleeping Computer
[Please see AUSCERT bulletins: https://portal.auscert.org.au/bulletins/ASB-2024.0118/, https://portal.auscert.org.au/bulletins/ASB-2024.0113/, https://portal.auscert.org.au/bulletins/ESB-2024.1544/]
[AUSCERT has also identified the impacted members (where possible) for the Improper Access Control Vulnerability in Adobe ColdFusion and has contacted them via email]
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability.
Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction.
ESB-2024.8323 – Google Chrome CVSS (Max): None
Google has rolled out an important update for its Chrome browser, fixing five security vulnerabilities, some of which are classified as “High” severity. Users are strongly advised to upgrade to the latest Stable channel version (131.0.6778.204/.205 for Windows and Mac, 131.0.6778.204 for Linux) at their earliest convenience. The update addresses various issues, with special attention given to the V8 JavaScript engine.
ESB-2024.8334 – FortiWLM CVSS (Max): 9.6
A critical vulnerability in FortiWLM, enables unauthenticated attackers to access sensitive files. With a CVSS score of 9.6, this flaw arises from a relative path traversal issue, allowing attackers to obtain unauthorized access to confidential data.
ESB-2024.8264 – Apache Tomcat CVSS (Max): 9.8
The Apache Software Foundation has released a patch to address a critical vulnerability in Apache Tomcat. This flaw enables a malicious actor to upload harmful files disguised as legitimate ones, potentially leading to remote code execution (RCE).
ESB-2024.8163 – Apache Struts CVSS (Max): 9.5
Researchers have alerted that threat actors are attempting to exploit the vulnerability CVE-2024-53677 in Apache Struts. A remote attacker could leverage this flaw to upload malicious files, potentially resulting in arbitrary code execution.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
