22 Nov 2024
Week in review
Greetings,
The call for presentations at AUSCERT2025 is officially open! As the longest-running event of its kind in Australia, AUSCERT has built a strong, collaborative network of professionals committed to advancing the industry. This event not only fosters the exchange of cutting-edge ideas but also offers networking opportunities with top experts, innovators, and industry leaders. Contributing to the collective knowledge at AUSCERT2025 is more critical than ever. By sharing your insights, research, and strategies, you can help drive innovation and ensure the industry continues to evolve and thrive in this dynamic environment.
The Australian Signals Directorate (ASD) has released its 2023–24 Annual Cyber Threat Report, shedding light on the growing sophistication of cyber threats. Over the past financial year, the ASD received over 36,700 calls to its Cyber Security Hotline—an increase of 12% from the previous year—and responded to more than 1,100 cyber incidents. These figures highlight the persistent targeting of Australian organisations by both criminal and state-sponsored actors, particularly governments and critical infrastructure.
The report also highlights the increasing use of artificial intelligence by cyber criminals, reducing the expertise required to execute attacks. Common threats like business email compromise, fraud, ransomware, and data theft extortion continue to disrupt businesses and individuals.
With global tensions escalating, the ASD stresses the importance of closer collaboration between governments, industries, and international partners. Strong public-private partnerships and proactive incident reporting are essential to building national cyber resilience. The report underscores the urgent need for improved cyber security measures, knowledge-sharing, and unified efforts to safeguard Australia’s digital infrastructure.
Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover
Date: 2024-11-15
Author: Security Week
A critical-severity vulnerability in the Really Simple Security plugin for WordPress potentially exposed four million websites to complete takeover, WordPress security firm Defiant warns.
Tracked as CVE-2024-10924 (CVSS score of 9.8), the issue is described as an authentication bypass that allows an unauthenticated attacker to log in as any user, including an administrator.
According to Defiant, the security defect exists because of an improper user check error handling in the plugin’s two-factor REST API action. Specifically, the bug is triggered if two-factor authentication (2FA) is enabled.
Palo Alto Networks Releases IoCs for New Firewall Zero-Day
Date: 2024-11-18
Author: Security Week
[AUSCERT has contacted members where possible. Also see AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ESB-2024.7561, IOCs published on MISP]
Palo Alto Networks has released indicators of compromise (IoCs) for the attacks exploiting a newly uncovered firewall zero-day vulnerability.
The company recently came across claims regarding a previously unknown remote code execution vulnerability in its PAN-OS operating system.
A security advisory published by the company on November 8 urged customers to ensure that access to the PAN-OS management interface is secured, but said there had been no indication of a zero-day being exploited in attacks.
Critical RCE bug in VMware vCenter Server now exploited in attacks
Date: 2024-11-18
Author: Bleeping Computer
[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ESB-2024.7542]
Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw.
TZL security researchers reported the RCE vulnerability (CVE-2024-38812) during China's 2024 Matrix Cup hacking contest. It is caused by a heap overflow weakness in the vCenter's DCE/RPC protocol implementation and affects products containing vCenter, including VMware vSphere and VMware Cloud Foundation.
Apple fixes two zero-days used in attacks on Intel-based Macs
Date: 2024-11-19
Author: Bleeping Computer
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems.
"Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday.
The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS.
Cyber security bill recommended for 'urgent' parliamentary approval
Date: 2024-11-18
Author: IT News
Proposed legislation compelling businesses to disclose their ransomware payments to the government has been recommended for “urgent” parliamentary approval.
Introduced last month by cyber security minister Tony Burke, the Cyber Security Bill 2024 aims to enforce mandatory reporting of ransomware payments to “build [the government’s] understanding of the ransomware threat”.
The Parliamentary Joint Committee on Intelligence and Security (PJCIS) recommended the bill be urgently passed by parliament.
ESB-2024.7592 – IBM Security QRadar SIEM: CVSS (Max): 10.0
The product includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update.
ESB-2024.7542.2 – VMware vCenter Server: CVSS (Max): 9.8
VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
ESB-2024.7565 – Atlassian Products: CVSS (Max): 10.0
19 high severity vulnerabilities have been fixed in new versions of Atlassian products. The addressed vulnerabilities emcompassed DoS (Denial of Service and Remote Code Execution (RCE) flaws.
ESB-2024.7561 – Palo Alto PAN-OS: CVSS (Max): 9.3
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities. This has been addressed in release of new versions of the software.
ESB-2024.7610 – mySCADA myPRO Manager: CVSS (Max): 10.0
An identified vulnerability could allow a remote attacker to execute arbitrary commands or disclose sensitive information. mySCADA recommends updating to latest versions of the software to address the issue.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
