//Week in review - 25 Aug 2023


As the days gradually lengthen and a gentle warmth begins to replace cold, the end of winter approaches. The transition between seasons represents a period of renewal and regeneration mirroring the continuous evolution of nature’s cycle. This natural pattern parallels our own expedition of self-growth and development. As spring approaches, it’s time to ready ourselves for the beginning of a new flourishing chapter. Let’s grasp this opportunity to consciously make choices that lead us to a more evolved version of ourselves. Take proactive steps now to shed the metaphorical cocoon of winter and emerge like a butterfly, gracefully navigating through new opportunities and prospects.

To aid our members’ growth in the realm of cyber security we offer a diverse range of professional training courses specifically crafted to empower you with the most relevant knowledge and skills. We are very excited to announce we have updated our courses and introduced a few new additions. This includes our new “Data Governance Principles and Practices” course which will teach attendees the key components of a successful data governance framework. The course covers best practices and real-world examples, equipping attendees with the fundamental skills and knowledge they require to accelerate the development of a successful program in their organisation – including methodologies for stakeholder management and creation of a “strategy on a page”. Whether you are a business analyst, data scientist, IT or cyber security professional, this course will provide you with an appreciation of how data governance contributes to cyber security and a better understanding of how to successfully manage your organisation's data assets. On completion of this course, practical data governance references and templates will be provided to participants. We have an in-person session and an online session coming up! For more information visit AusCERT Education.

Finally, what could be a more fitting moment to break free from the winter hibernation than by attending the Security2Cure cyber security conference and ring in the start of spring by helping to raise some much needed funds for Cancer Research. The event boasts an intriguing line-up of speakers, featuring keynote speaker Richard Boxall, CISO and Executive General Manager from the Suncorp Group. Scheduled for next Friday, September 1st this is an exceptional chance to be part of a remarkable initiative. Don’t miss out, register your attendance now.

WinRAR flaw lets hackers run programs when you open RAR archives
Date: 2023-08-18
Author: Bleeping Computer

[See AusCERT Security Bulletins 21 August 2023 ASB-2023.0168]
A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.
The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened.
The vulnerability was discovered by researcher "goodbyeselene" of Zero Day Initiative, who reported the flaw to the vendor, RARLAB, on June 8th, 2023.

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations
Date: 2023-08-22
Author: Security Affairs

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.
The group now is targeting Cisco VPN products to gain initial access to corporate networks.
Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China
Date: 2023-08-22
Author: WIRED

EVERY SOFTWARE SUPPLY chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software model to make their malware pose as legitimate, it represents a dangerous and potentially new adversary worth watching.

'Millions' of spammy emails with no opt-out? That'll cost you $650K
Date: 2023-08-22
Author: The Register

Experian has agreed to cough up $650,000 after being accused of spamming people with no opt-out button.
That sum will hardly be felt by the credit-reporting giant as its profits totaled $1.1 billion last year. The penalty stems from a complaint filed against it by the US Department of Justice on behalf of the Federal Trade Commission.
According to the Feds [PDF], California-based Experian Consumer Services, also known as ConsumerInfo.com, spammed folks with marketing offers after they signed up for free accounts to limit third-party access to their credit reports.

Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks
Date: 2023-08-23
Author: InfoSecurity Magazine

Check Point Research has released its 2023 Mid-Year Security Report. The research reveals a concerning 8% surge in global weekly cyber-attacks during Q2, marking the most significant increase in two years.
The report highlights the fusion of advanced artificial intelligence (AI) technology with traditional tools like USB devices used for disruptive cyber-attacks. It also uncovers a rise in ransomware attacks in the first half of 2023, introducing new ransomware groups to the scene.

ESB-2023.4792 – Firefox: CVSS (Max): 9.8

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

ASB-2023.0168 – WinRAR: CVSS (Max): 7.8

This vulnerability allows remote attackers to execute arbitrary code on systems where WinRAR is installed by exploiting a buffer overflow flaw in the data validation process

ESB-2023.4803 – Moodle: CVSS (Max): 8.0

The phpCAS library included with Moodle has been upgraded to version 1.6.0, which includes a fix for a serious security issue.

ESB-2023.4828 – Rockwell Automation ThinManager ThinServer: CVSS (Max): 9.8

Successful exploitation of these vulnerabilities could allow an attacker to remotely delete arbitrary files with system privileges.

Stay safe, stay patched and have a good weekend!

The AusCERT team