25 Oct 2024

Week in review

Greetings,

AUSCERT is excited to announce the launch of AUSCERT2025! From 20–23 May, we’ll be returning to the Gold Coast, and we invite you to join us for another year of dynamic keynote speakers, innovative tutorials, and ground-breaking presentations. Let’s come together to evolve and thrive in the ever-evolving world of cyber security.

Call for Tutorials is officially open! We encourage everyone to submit their proposals or spread the word to someone who should. The submission deadline is 11 November, so don’t miss your chance to contribute to AUSCERT2025 and be part of one of the most anticipated cyber security events of the year!

This year we’re offering new sponsorship packages to suit different organisations, including options tailored specifically for start-ups.By sponsoring AUSCERT2025 your business will gain a unique platform to showcase its solutions, connect with potential clients, and expand its presence within the cyber security community. Contact us today to learn more about how your organisation can get involved!

The theme for AUSCERT2025, ‘Evolve and Thrive’,highlights the critical need for continuous innovation, learning, and the application of new knowledge to stay ahead of cyber criminals. Inspired by the prehistoric reign of dinosaurs, ‘Evolve and Thrive’ serves as a powerful metaphor for modern cyber security challenges. Just as dinosaurs—once dominant but ultimately unable to adapt—became extinct, organisations today must embrace innovation to remain relevant in an increasingly hostile digital landscape. Head to our website for more information


VMware Struggles to Fix Flaw Exploited at Chinese Hacking Contest
Date: 2024-10-21
Author: Security Week

[Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2024.5949/]
For the second time in as many months, the virtualization tech vendor pushed a patch to cover a remote code execution vulnerability first documented — and exploited — at a Chinese hacking contest earlier this year.
“VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812,” the company said in an updated advisory on Monday. No additional details were provided.

Bank impersonation scams are reportedly on the rise. Here's how to spot one and stay safe
Date: 2024-10-19
Author: SBS News

If you've recently received a call from someone claiming to be from a bank, be cautious about sharing any personal information.
It may be an attempt to steal your money.
Scams in which criminals call, email or message people pretending to be from a bank are on the rise, according to a warning from the government's National Anti-Scam Centre.
"The scammers ask you for personal or financial information or to transfer funds or to give them a one-time security code over the phone," the centre's Scamwatch service warned on Friday

Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems
Date: 2024-10-23
Author: Security Week

[Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2024.6898/]
[AUSCERT also identified the impacted members (where possible) and contacted them via email]
The US government’s cybersecurity agency CISA on Wednesday called urgent attention to a critical vulnerability in Fortinet’s FortiManager platform and warned that remote hackers are already launching code execution exploits.
The security defect, tracked as CVE-2024-47575, is documented as a “missing authentication for critical function vulnerability” in the FortiManager fgfmd daemon.

CISA Warns Recent Microsoft SharePoint RCE Flaw Exploited in Attacks
Date: 2024-10-23
Author: Security Week

The US cybersecurity agency CISA on Tuesday warned that a recently patched remote code execution (RCE) vulnerability in Microsoft SharePoint Server has been exploited in the wild.
The issue, tracked as CVE-2024-38094 (CVSS score of 7.2) and addressed with July 2024 Patch Tuesday updates, can be exploited over the network without user interaction, but requires authentication as a highly privileged user.
“An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server,” Microsoft explains in its advisory.

Google Warns of Samsung Zero-Day Exploited in the Wild
Date: 2024-10-22
Author: Security Week

A zero-day vulnerability in Samsung’s mobile processors has been leveraged as part of an exploit chain for arbitrary code execution, Google’s Threat Analysis Group (TAG) warns.
Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung’s October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device.
“An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory reads.


ESB-2024.6916 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services: CVSS (Max): 5.8

Cisco has issued an urgent update for vulnerabilities affecting ASA and FTD VPNs, which are currently being actively exploited. The flaw could allow attackers to bypass security measures and gain unauthorized access. Users are strongly urged to apply the patches promptly to protect their systems from potential threats.

ESB-2024.6874 – Google Chrome: CVSS (Max): None

This October, Google rolled out critical updates for Chrome, addressing high-risk vulnerabilities, including a significant flaw in the Extensions (CVE-2024-10229) and two in the V8 JavaScript engine (CVE-2024-10230 and CVE-2024-10231). Users on Chrome 129 should upgrade to version 130 for enhanced protection against potential threats.

ESB-2024.5949.2 – VMware vCenter Server: CVSS (Max): 9.8

Broadcom has issued new patches for previously addressed vulnerabilities (CVE-2024-38812 and CVE-2024-38813) in vCenter Server, as one of these flaws was not fully resolved initially and could enable attackers to execute remote code.

ESB-2024.6898 – FortiManager fgfmd: CVSS (Max): 9.8

The "FortiJump" vulnerability (CVE-2024-47575) has been exploited in zero-day attacks since June 2024, affecting over 50 servers, according to Mandiant. This flaw, which involves missing authentication in FortiManager and FortiManager Cloud, allows attackers to execute arbitrary code through specially crafted requests. Fortinet confirmed the exploitation and noted that attackers have automated the exfiltration of sensitive data, prompting CISA to add this vulnerability to its Known Exploited Vulnerabilities catalog.

ESB-2024.6899 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 8.7

GitLab has patched two critical vulnerabilities, CVE-2024-8312 and CVE-2024-6826, which could allow attackers to escalate privileges and execute arbitrary code. Users are strongly advised to update to the latest versions to mitigate potential risks. The vulnerabilities have been addressed in GitLab's security releases to enhance overall platform security.


Stay safe, stay patched and have a good weekend!

The AUSCERT team