23 Jun 2023

Week in review

Greetings,

This week, the world celebrated Wi-Fi Day! In our very digitalised lives we take Wi-Fi for granted and overlook the appreciation it truly deserves. Nowadays the ability to connect to the internet anytime and anywhere has become an expectation that we all demand. It has become an essential part of our daily lives and has revolutionized our society and reshaped our global landscape.

Although Wi-Fi should be used with caution and diligence as it can also act as a gateway providing hackers with a direct channel into your computer or devices.. It is essential to adopt safe practices when using Wi-Fi networks, here are a few tips:

1) Connect to only known and trusted networks.

It is crucial to use common sense when connecting to Wi-Fi networks and only use trusted and reliable sources. When you encounter an unfamiliar network offering free internet in exchange for your details, be wary this could be a tactic to collect your personal information. It is risky to use free public WiFi as you don’t know how it has been set up or what safeguards or encryptions are in place. On these networks avoid internet activity that includes your sensitive or personal information. Utilising your own personal mobile hot-spot is ultimately the safest option when on the go.

2) Be careful what you open

Modern internet browsers such as Google Chrome will often let you know if you are visiting a site that uses an unencrypted HTTP link by labelling it “Not Secure”. People on the same Wi-Fi network as you can watch what you are doing on these sites relatively easily. So be careful what information you put on these sites as chances are someone could be watching it. Also turn off your filesharing and airdrop settings on your phone and laptop when using unsecure internet networks to ensure no one is able to discover your devices.

3) Stay Vigilant

Vigilance is key! We know no one reads the terms and conditions but in this case it could be the very thing that stops your data from being stolen for malicious intent. Often the red flags will be clear and should hinder you from clicking accept and signing on. Also an additional safeguard is to ensure your computer is equipped with the latest anti-virus protection and to keep on top of all your software updates. Having strong passwords and multi-factor authentication also provides an additional layer of protection.

Following these simple tips can ensure your Wi-Fi experience is enjoyable and will avoid you becoming a victim to malicious activity.


MOVEit Customers Urged to Patch Third Critical Vulnerability
Date: 2023-06-19
Author: Security Week

[AUSCERT has identified the impacted members (where possible) and contacted them via MSIN]
Progress Software is urging MOVEit customers to apply patches to a third critical vulnerability in the file transfer software in less than one month.
Tracked as CVE-2023-35708, the latest vulnerability is described as an SQL injection flaw that could allow an unauthenticated attacker to escalate privileges and access the MOVEit Transfer database.

VMware warns of critical vRealize flaw exploited in attacks
Date: 2023-06-20
Author: Bleeping Computer

[See AUSCERT Security Bulletin 14 June 2023 ESB-2023.3381.2]
VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code execution is being actively exploited in attacks.
“VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild,” the company said today.

Reddit hackers threaten to leak data stolen in February breach
Date: 2023-06-18
Author: Bleeping Computer

The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company.
On February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack.
This phishing attack allowed the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.

Data leak at major law firm sets Australia’s government and elites scrambling
Date: 2023-06-20
Author: The Register

An infosec incident at a major Australian law firm has sparked fear among the nation’s governments, banks and businesses โ€“ and a free speech debate.
The firm, HWL Ebsworth, has acknowledged that on April 28, “we became aware that a threat actor identified as ALPHV/BlackCat made a post on a dark web forum claiming to have exfiltrated data from HWL Ebsworth.”

A Vulnerability in ShareFile Storage Zones Controller Could Allow for Remote Code Execution
Date: 2023-06-20
Author: Center for Internet Security

[See AUSCERT Security Bulletin 14 June 2023 ESB-2023.3357]
A vulnerability have been discovered in ShareFile Storage Zones Controller which could allow for remote code execution. Storage Zones Controller extends the ShareFile Software as a Service (SaaS) cloud storage. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.


ESB-2023.3381.2 – UPDATED ALERT VMware Aria Operations for Networks: CVSS (Max): 9.8

VMware has released patches to remediate multiple vulnerabilities in Aria Operations for Networks which maybe exploited in the wild.

ESB-2023.3483 – Jenkins and Jenkins-2-plugins: CVSS (Max): 8.8

Multiple vulnerabilities affecting Jenkins and Jenkins-2-plugins have been addressed by the vendor.

ESB-2023.3521 – iOS 15.7.7 and iPadOS 15.7.7: CVSS (Max): None

Apple addressed three zero-day vulnerabilities used to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.

ESB-2023.3522 – macOS Ventura: CVSS (Max): None

Apple pushed a new macOS Ventura 13.4.1 update which includes bug fixes and security updates for CVE-2023-32439 and CVE-2023-32434 which may be exploited in the wild.

ESB-2023.3550 – Cisco Duo Two-Factor Authentication: CVSS (Max): 6.2

Cisco has released software updates that address bypass vulnerability in Cisco Duo Two-Factor Authentication for macOS.


Stay safe, stay patched and have a good weekend!

The AUSCERT team