22 Dec 2023
Week in review
Greetings,
As the final workday is here, we can’t help but reflect on the incredible year we’ve had! AUSCERT2023 stands out as a massive success, featuring world-renowned speakers such as the impressive Rachel Tobac, who shared valuable insights on the importance of social engineering. If you wish to revisit any treasured memories from this year’s conference remember that the recordings are available on our YouTube channel.
Fond memories were forged with our valued members across various cities, as we engaged in discussions about our services and exchanged valuable feedback. Notably, celebrating the milestone of turning 30 added another layer of significance to this remarkable year. Our 30 Years 30 Stories campaign, made this even more special as we shared beautiful stories from our valued community, members, and staff. As we persist in our journey of growth and prosperity, we eagerly anticipate what the next year holds for us. Heartfelt thanks to everyone who contributed to making this year truly unforgettable.
If you are looking for something interesting to listen to while you wrap up your day, we have released a new episode of ‘Share Today Save Tomorrow’ this week! In episode 29, Anthony sits down with former AUSCERT employee Chris from Cosive to discuss Cyber Threat Intelligence, emphasizing the importance of information and why context matters so much.
Also to conclude, a friendly reminder to our members that our 24/7 hotline will remain open if any emergencies arise over the break. We will be staffing it as usual, so please don’t hesitate to reach out!
3CX Urges Customers to Disable Integration Due to Potential Vulnerability
Date: 2023-12-18
Author: Security Week
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Business communication company 3CX is urging customers to disable SQL database integrations to prevent a vulnerability that occurs in certain configurations.
In a security advisory published on Friday, the company revealed that 3CX versions 18 and 20 are impacted by an integration bug.
“Only 0.25% of our user base have sequel integrated. It’s an old-style integration meant for an on-premise firewall secured network. Nevertheless, if you are using an SQL database integration, it’s subject potentially to a vulnerability – depending upon the configuration,” the company said.
Before you go away for Xmas: You've patched that critical Perforce Server hole, right?
Date: 2023-12-19
Author: The Register
Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched "immediately," according to Microsoft, which spotted the flaws and disclosed them to the software vendor.
Perforce Server is a source code management platform used across gaming, government, military, and tech sectors. Microsoft operates GitHub, also a widely used source code management platform, among other services that compete against Perforce.
Ivanti releases patches for 13 critical Avalanche RCE flaws
Date: 2023-12-20
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution.
Avalanche allows admins to manage over 100,000 mobile devices from a single, central location over the Internet, deploy software, and schedule updates.
As Ivanti explained on Wednesday, these security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses reported by Tenable security researchers and Trend Micro's Zero Day Initiative.
Google fixes 8th Chrome zero-day exploited in attacks this year
Date: 2023-12-20
Author: Bleeping Computer
[Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2023.7619]
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year.
"Google is aware that an exploit for CVE-2023-7024 exists in the wild," a security advisory published Wednesday said.
The company fixed the zero-day bug for users in the Stable Desktop channel, with patched versions rolling out worldwide to Windows users (120.0.6099.129/130) and Mac and Linux users (120.0.6099.129) one day after being reported to Google.
Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds
Date: 2023-12-16
Author: The Hacker News
Dec 16, 2023 Newsroom Online Security / Cybercrime
Holiday Gift Card Frauds
Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season.
The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM) phishing pages that are capable of harvesting their credentials and session tokens
ESB-2023.7574 – Adobe Experience Manager (AEM) Forms on JEE: CVSS (Max): 9.8
Adobe has recently issued security updates for AEM Forms on JEE versions 6.5.19.0 and earlier. These updates address a critical vulnerability that, if exploited, could potentially result in arbitrary code execution.
ESB-2023.7491.2 – UPDATE Cisco Products: CVSS (Max): 9.8
Cisco has advised that it is investigating its product line to identify any potential impact from the vulnerability in Apache Struts. As a part of this effort, a table of vulnerable products has been added to the advisory that was initially released on 14 December 2023.
ESB-2023.7619 – Google Chrome: CVSS (Max): None
Google has released emergency updates to fix a zero-day vulnerability in Google Chrome that may be exploited in the wild. It is strongly recommended to apply these updates to protect against any potential threats.
ESB-2023.7573 – Apache Struts: CVSS (Max): 9.8
While F5 products remain unaffected by the Apache Struts vulnerability (CVE-2023-50164), F5 Networks has still released an advisory regarding this vulnerability due to its critical nature. This proactive measure aims to inform and raise awareness among users about the potential risks associated with the vulnerability.
ESB-2023.7616 – macOS Sonoma: CVSS (Max): None
A session rendering issue has been resolved through improved session tracking in macOS Sonoma 14.2.1. This update addresses the issue where users who share their screen may unintentionally share incorrect content.
Stay safe, stay patched and have a good weekend!
The AUSCERT team