24 Mar 2023

Week in review

Greetings,

Some of the articles about AI language models wanting to escape and become human might be slightly alarming, but a real alarmist point of view may be whether AI will replace existing roles undertaken by humans. Already we’ve seen use cases emerge in the cyber security industry like using ChatGPT to create a dark web monitoring tool, however the previous article does point out that it’s important to realise the limitations of AI – such as its reliance on training data.

Meanwhile entire new industries have sprung up in recent times, such as the field of data governance, and let’s not forget that cyber security itself is still a relatively young industry. Each of these industries and their sub-specialty areas require new training and fresh ideas.

Perhaps it’s safer to “future-proof against AI” and upskill? At an event themed “Back to the Future”, it’s very likely AI will be discussed at length and there’s a plethora of included training during the first two days in the form of half and full day tutorials of the AUSCERT2023 Cyber Security Conference. However at least as far as we’re aware, unlike McFly you can’t travel back or forward in time, and there’s only one week left for early bird registrations. Member Tokens also expire then, so if you haven’t seen yours yet, ask your member representative.

Another great way to learn and upskill is to follow cyber security podcasts like AUSCERT’s “Share Today, Save Tomorrow” – there’s a new one available now with some reflections on AUSCERT’s 30th birthday celebrations earlier this month.

And now a selection of this week’s notable cyber security news articles, compiled by the AUSCERT Analyst Team:


Ferrari Says Ransomware Attack Exposed Customer Data
Date: 2023-03-20
Author: Security Week

Italian sports car maker Ferrari said on Monday that a threat actor had demanded a ransom related to customer contact details that may have been exposed in a ransomware attack.
“Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm,” the iconic car maker said. “In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.”

Most consumers want data privacy and will act to defend it
Date: 2023-03-22
Author: IAPP

With new technologies, new types of data and new methods of collection defining of our current reality, privacy cannot merely be an afterthought. Language models are fueled by our personal data, artificial intelligence art generators sexualize without consent and the metaverse embodies “data collection on steroids.” In addition to these technological changes creating rifts in privacy, cracks have also appeared in the legal foundations protecting long-established privacy rights. New privacy risks, it seems, are everywhere.

How to turn off Wi-Fi calling on Android to combat hackers
Date: 2023-03-20
Author: Scripps News

Google’s Project Zero team discovered multiple security flaws with Samsung Galaxy smartphones that could allow hackers to target devices easily.
All a hacker would need is the victim’s phone number, which can be used to compromise the phone without the user knowing anything is wrong.
“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction and require only that the attacker know the victim’s phone number. With limited additional research and development,

Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022
Date: 2023-03-20
Author: Bleeping Computer

Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and Apple products.
Most of these vulnerabilities (53 out of 55) enabled the attacker to either gain elevated privileges or perform remote code execution on vulnerable devices.
Zero-day vulnerabilities are security weaknesses in software products that are publicly disclosed or exploited before a developer knows about it or releases a fix.

Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
Date: 2023-03-21
Author: Security Week

Organizations that use human-machine interface (HMI) and supervisory control and data acquisition (SCADA) products from UK-based industrial software maker Aveva have been informed about the existence of several potentially serious vulnerabilities.
Security advisories published last week by Aveva and the US Cybersecurity and Infrastructure Security Agency (CISA) inform users about three vulnerabilities in the InTouch Access Anywhere HMI and Plant SCADA Access Anywhere products. Software updates that patch all vulnerabilities are available from the vendor.

Rio Tinto says staff’s personal data may have been hacked in memo after an attack on GoAnywhere software
Date: 2023-03-23
Author: ABC News

Personal data of Rio Tinto Ltd’s former and current employees may have been stolen by a cybercriminal group, according to a staff memo.
Payroll information — such as pay slips and overpayment letters — belonging to a small number of employees from January 2023 had possibly been seized by the group, the memo showed.
“Investigations now indicate a possibility that Rio Tinto data may be impacted,” it said.


ESB-2023.1632 – thunderbird: CVSS (Max): 7.5

Debian reports that multiple security issues have been discovered in Thunderbird, which, if exploited could result in denial of service, the execution of arbitrary code or spoofing.

ESB-2023.1693 – Rockwell Automation ThinManager: CVSS (Max): 9.8

An advisory issued by ICS-CERT reports of two vulnerbilities in Rockwell Automation ThinManager and encourages the end-users to implement the risk mitigations provided by the vendor.

ESB-2023.1720.2 – Cisco DNA Center: CVSS (Max): 8.0

A vulnerability in Cisco DNA Center could could allow an authenticated, remote attacker to elevate privileges. Cisco has released software updates to address the vulnerability.

ESB-2023.1710 – Jenkins Plugins: CVSS (Max): 8.8

Vulnerabilities in a number of Jenkins plugins have been reported. Jenkins project has released updates for some vulnerable products.

ESB-2023.1727 – Cisco IOS XE Software for Cisco Catalyst 9300 Series: CVSS (Max): 6.1

Cisco has reported a high-rated vulnerability in its Catalyst 9300 series switches that could allow persistent code to be installed by an attacker at boot time.


Stay safe, stay patched and have a good weekend!

The AUSCERT team