20 Oct 2023

Week in review

Greetings,

Yesterday we successfully launched our new Cyber Resilience for Senior Executives training course in Brisbane. Conducted by one of our most experienced Principal Analysts and a highly knowledgeable industry partner, participants had the valuable opportunity to grasp key concepts through real-world examples. Senior executives play a key role in making strategic decisions that impact their organisations’ risk management. Understanding the importance of cyber resilience allows them to factor cyber security considerations into long-term planning, investment, and resource allocation decisions. This course empowers leaders on the importance of adapting and evolving their approach to cyber security risk management to ensure organisational resilience.

Ransomware continues to be a persistent threat, disrupting critical services, businesses, and communities on a global scale. Alarmingly, a significant number of these incidents are carried out by ransomware actors exploiting well-documented vulnerabilities. Because of this, it’s essential to acknowledge that organisations may be unaware of the existence of these vulnerabilities within their networks. CISA identifies and documents vulnerabilities that are known to be used by ransomware operators. Recently they have also updated their KEV catalogue to include a new entry that identifies if the vulnerability has been exploited in ransomware attacks. This information has been incorporated into AUSCERT Security Bulletins. CISA have also released a second resource that serves as a companion to the KEV; a list of misconfigurations and weaknesses exploited by ransomware operators that are not CVE-based.

To conclude we would like to bring your attention to an exciting upcoming event that is being held jointly by AWSN, Queensland Police and APIO – “Brisbane’s Hacking the Human: Understanding Social Attacks. This session is designed to unveil the secrets behind social engineering attacks and instruct participants on the tactics employed by cyber-criminals to exploit human vulnerabilities. Our Principal Analyst, Mark Carey-Smith, will be among the experts who will guide you through the fundamental aspects of these attacks. Additionally, you’ll gain insights into the legal aspects associated and the role of law enforcement in combatting cybercrime. By the end of this session, you’ll be equipped to identify common social engineering tactics and develop effective defence strategies to protect your personal and professional data.


Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
Date: 2023-10-16
Author: CISA

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator accounts. Threat actors exploited CVE-2023-22515 as a zero-day to obtain access to victim systems and continue active exploitation post-patch. Atlassian has rated this vulnerability as critical; CISA, FBI, and MS-ISAC expect widespread, continued exploitation due to ease of exploitation.

CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware
Date: 2023-10-13
Author: SecurityWeek

The US cybersecurity agency CISA is stepping up its efforts to prevent ransomware by making it easier for organizations to learn about vulnerabilities and misconfigurations exploited in these attacks. The first of these resources is a new column in the Known Exploited Vulnerabilities catalog, which flags flaws that CISA is aware of being associated with ransomware campaigns.
The other new resource CISA is offering now is a new table on the StopRansomware project’s website, which lists information on the misconfigurations and weaknesses that ransomware operators have been observed targeting in their attacks.

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks
Date: 2023-10-17
Author: Bleeping Computer

Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants.
The list of products running Cisco IOS XE software includes enterprise switches, aggregation and industrial routers, access points, wireless controllers, and more.

Ransomware Attacks Double: Are Companies Prepared for 2024’s Cyber Threats?
Date: 2023-10-13
Author: The Hacker News

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies.

Russia and China-linked hackers exploit WinRAR bug
Date: 2023-10-19
Author: The Record

Hackers connected to the governments of Russia and China are allegedly using a vulnerability in a popular Windows tool to attack targets around the world, including in Ukraine and Papua New Guinea.
Google’s Threat Analysis Group’s said that in recent weeks it has seen multiple government-backed groups exploiting CVE-2023-38831, a vulnerability affecting the Windows file archiver tool WinRAR.
The bug, which has been patched, was initially exploited by criminal groups throughout early 2023.


ESB-2023.6043 – ALERT Cisco iOS XE Software: CVSS (Max): 10.0

A Critical vulnerability has been identified in Cisco IOS XE software. AUSCERT has sent MSINs to the affected members regarding this vulnerability.

ESB-2023.6064 – Jira Service Management Server and Data Center: CVSS (Max): 8.4

An XXE vulnerability in Jira products has been addressed by Atlassian

ESB-2023.6078 – Google Chrome: CVSS (Max): None

Google has released updates to Chrome which includes 1 security fix

ASB-2023.0192 – ALERT Oracle PeopleSoft: CVSS (Max): 9.8

This critical patch update contains 5 new security patches for Oracle PeopleSoft


Stay safe, stay patched and have a good weekend!

The AUSCERT team