24 Feb 2023

Week in review

Greetings,

We are very excited to announce that registrations are now open for the AUSCERT2023 Cyber Security Conference – Back to the Future!

This year we are doing a couple of things differently with our tutorials. Firstly, we have worked hard to finalise the selection and scheduling of tutorials earlier than usual. This means that attendees can select their preferred tutorials at the time they complete their conference registration.

Secondly, to leverage the advantages of diverse groups working and learning together we are creating and holding space to improve the gender diversity in our tutorials. Some tutorials are limited-capacity, and registrations for these are on a ‘first come, first served’ basis, with additional requests going into a waitlist. This year we’re reserving some spaces in these tutorials which we will fill from the waitlist by selecting people that identify as women, creating more opportunities for skills-improvement as part of the conference experience!

News emerged this week that malicious actors are leveraging the popularity of ChatGPT to create fake web sites and social media pages used to distribute malware and steal credit card data. This is a good reminder that malicious actors are extremely good at recognising what people are interested in, concerned about or titillated by, and ruthlessly use this knowledge to achieve their objectives.

Here is a selection of the rest of this week’s notable cyber security news articles, compiled by the AUSCERT analyst team:


GoDaddy says a multi-year breach hijacked customer websites and accounts
Date: 2023-02-18
Author: Ars Technica

GoDaddy said on Friday that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites.
GoDaddy is one of the world’s largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion. In a filing Thursday with the Securities and Exchange Commission, the company said that three serious security events starting in 2020 and lasting through 2022 were carried out by the same intruder.

Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities
Date: 2023-02-21
Author: Security Week

The iOS 16.3 and macOS Ventura 13.2 advisories, originally released on January 23, have been updated to add three vulnerabilities. One of them is CVE-2023-23520, a race condition affecting the crash reporter component, which can allow an attacker to read arbitrary files as root.
The other two security holes impact the ‘foundation’ component in Apple’s operating systems and they can allow an attacker to “execute arbitrary code out of its sandbox or with certain elevated privileges”, according to the tech giant.

ChatGPT is bringing advancements and challenges for cybersecurity
Date: 2023-02-21
Author: Help Net Security

Understanding why ChatGPT is garnering so much attention takes a bit of background. Up until recently, AI models have been quite “dumb”: they could only respond to specific tasks when trained on a large dataset providing context on what to find. But, over the last five years, research breakthroughs have taken AI to a whole new level, enabling computers to better understand the meaning behind words and phrases.

Medibank reveals attack vector and cost of 2022 security breach
Date: 2023-02-23
Author: iTnews

Medibank is going to take a $26 million half-year hit as the result of its 2022 security breach, and this is expected to climb to between $40 million and $45 million over the full year.
The insurer has also gone public for the first time with technical detail of the attack.
In a half-year results announcement [pdf], Medibank said the attacker first obtained the user ID and password used by a third-party IT services contractor.


ESB-2023.1013 – ALERT FortiNAC: CVSS (Max): 9.8

A critical severity vulnerability affecting FortiNAC has been patched by Fortinet

ESB-2023.1049 – ALERT FortiWeb: CVSS (Max): 9.3

A stack based buffer overflow vulnerability leading to RCE has been addressed by Fortinet

ESB-2023.1090 – VMware Carbon Black App Control: CVSS (Max): 9.1

VMware has addressed an injection vulnerability affecting VMware Carbon Black App Control

ESB-2023.1105 – Tenable.sc: CVSS (Max): 9.8

Tenable has released updates for multiple vulnerabilities in third party software leveraged by Tenable.sc

ESB-2023.1142 – clamav: CVSS (Max): 9.8

A possible Remote Code Execution and Information Leak vulnerability have been fixed in the Clamav package


Stay safe, stay patched and have a good weekend!

The AUSCERT team