//Week in review - 21 Apr 2023
Greetings,
Earth Day is tomorrow! A great opportunity to be grateful for the world we live in and reflect on ways we as individuals can reduce our environmental footprint. Avoid single use items, reduce energy consumption, encourage recycling, conserve water, and plant a tree! Established in 1970 Earth Day has become a world phenomenon with over 190 countries participating in a wide variety of environmental activities to drive change. President of Earth Day, Kathleen Rogers, proclaimed this year’s theme is to invest in a green economy to pave a path for a healthy, prosperous and equitable future. So tomorrow make sure to take the time to do something to benefit our beautiful green world!
Just as we must invest in protecting our natural environment so too must we protect our cyber environment too. With the increasingly growing rate of scams, it has become imperative for every organisation to invest in their cyber security by providing their employees with the latest education, training and resources to prepare for any attack. The ACCC reported a record loss of $3.1billion to scams last year an astonishing 80% increase over last year. Scammers and hackers have become far more sophisticated in the tactics they are utilising, making them appear genuine, believable, and very difficult to detect. Experts worry this will only continue to increase as artificial intelligence scams are on a rapid rise with hackers now using voice cloning technologies to trick people. Microsoft revealed a new AI system which could recreate a person's voice after listening to them speak for only 3 seconds, a spine tingling sign of how quickly technology could be used to convincingly replicate a key piece of someone’s identity.
At this year’s AusCERT2023 conference we are featuring a new tutorial delivered by global cyber security company, Palo Alto Networks. Their zero trust architects will be hosting a Security Posture Assessment workshop to provide an in-depth analysis of the current state of your security environment. The experts will consult your cyber teams on the vulnerabilities present and priority areas of your organisation, providing recommendations and objectives to strengthen against cyber attacks.Register today to invest in your cyber security protection, hurry spaces limited!
…
Google patches another actively exploited Chrome zero-day
Date: 2023-04-19
Author: Bleeping Computer
Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year.
"Google is aware that an exploit for CVE-2023-2136 exists in the wild," reads the security bulletin from the company.
The new version is 112.0.5615.137 and fixes a total of eight vulnerabilities. The stable release is available only for Windows and Mac users, with the Linux version to roll out "soon," Google says.
Hackers actively exploit critical RCE bug in PaperCut servers
Date: 2023-04-19
Author: Bleeping Computer
[See AusCERT Security Bulletin 21 April 2023 ASB-2023.0102]
https://auscert.org.au/bulletins/ASB-2023.0102
Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers. PaperCut makes printing management software compatible with all major brands and platforms. It is used by large companies, state organizations, and education institutes, while the official website claims it serves hundreds of millions of people from over 100 countries.
Australian insurers warn against outright ransomware payment ban
Date: 2023-04-18
Author: iTnews
The Insurance Council of Australia has warned the government to tread carefully in its contemplation of an outright ban on paying ransoms and extortion demands in data breach incidents.
The council also wants the federal government to simplify and “harmonise” cyber security requirements on business, while it contemplates drafting a specific Cyber Security Act.
Fortra attributes GoAnywhere breach to a zero day vulnerability
Date: 2023-04-20
Author: iTnews
Fortra has published a post mortem of the GoAnywhere hack that compromised end user data in January and February.
Australian organisations affected by the data breach include Tasmania’s education department, Rio Tinto, and Crown Resorts.
The company said the attack used a zero-day vulnerability, CVE-2023-0669, which it said is a “pre-authentication command injection vulnerability … due to deserialising an arbitrary attacker-controlled object”.
UK and US issue warning about APT28 actors exploiting poorly maintained Cisco routers
Date: 2023-04-18
Author: NCSC
UK and US agencies have today (Tuesday) issued a joint advisory to help organisations counter malicious activity used by Russian cyber actors to exploit poorly maintained Cisco routers.
APT28 – a threat group attributed to Russia’s military intelligence service the GRU – has been observed taking advantage of poorly configured networks and exploiting a known vulnerability to deploy malware and access Cisco routers worldwide.
ASB-2023.0098 – Oracle PeopleSoft: CVSS (Max): 9.8
Oracle's Critical Patch Update release contains 10 new security patches for Oracle PeopleSoft. 8 of these vulnerabilities may be remotely exploitable without authentication.
ESB-2023.2198 – Google Chrome: CVSS (Max): None
Google released an update for Chrome which addresses a type confusion in V8 vulnerability that has been exploited in the wild.
ESB-2023.2257 – Schneider Electric Easy UPS Online Monitoring Software: CVSS (Max): 9.8
Schneider Electric has released security updates for Schneider Electric Easy UPS Online Monitoring Software which fix remote code
execution, escalation of privileges, and authentication bypass.
ESB-2023.2282 – VMware Aria Operations for Logs: CVSS (Max): 9.8
VMware released updates and workarounds which address multiple vulnerabilities in VMware Aria Operations for Logs.
Stay safe, stay patched and have a good weekend!
The AusCERT team
