27 Sep 2024

Week in review

Greetings,

One of the most important yet often overlooked aspects of cyber security is providing comprehensive training to all personnel. This training ensures employees understand their security responsibilities and how to mitigate risks effectively. For staff with specialized roles or elevated access to sensitive information, tailored privilege user training is crucial in addressing the unique risks they face beyond those of standard users. By equipping your team with the necessary knowledge and skills, you can foster a proactive and resilient cyber security culture within your organisation.

Yesterday, the Australian Signals Directorate (ASD) released updated Personnel Security Guidelines, highlighting the importance of strong internal security practices. One of the most frequently reported cyber crimes in Australia is Business Email Compromise (BEC), which led to financial losses exceeding $98 million in 2021โ€“2022. While 2024 statistics are still emerging, experts expect this trend to continue due to increasingly sophisticated cyber threat actors and reliance on digital communication.

Training and education are vital in mitigating BEC risks. Educating staff on identifying warning signs and establishing clear authorisation processes can significantly reduce the chances of falling victim to such attacks. The ASD has outlined several guidelines to help organisations better manage these risks.

For more targeted training, AUSCERT offers a range of courses tailored to various roles and skill levels. The Cyber Security Fundamentals course is designed to provide staff with essential, practical knowledge for staying safe online. Advanced courses are also available for technical teams, covering a wide array of specialized topics. Visit the AUSCERT website for more information on upcoming training courses!


Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
Date: 2024-09-20
Author: The Hacker News

[AUSCERT has identified the potentially impacted members and contacted them via Critical MSIN ]
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0.

CUPS flaws enable Linux remote code execution, but thereโ€™s a catch
Date: 2024-09-26
Author: Bleeping Computer

[Please also see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ASB-2024.0180/ ]
Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines.
Tracked as CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed) and CVE-2024-47177 (cups-filters) and discovered by Simone Margaritelli, these security flaws don't affect systems in their default configuration

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
Date: 2024-09-23
Author: The Hacker News

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution.
The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of adequate input validation.

WordPress Theme & Plugin Vulnerabilities Exposes Thousands of Sites
Date: 2024-09-23
Author: Cyber Security News

[AUSCERT has identified the potentially impacted members and contacted them via email]
Thousands of WordPress sites have been exposed to potential threats due to vulnerabilities in the Houzez theme and WordPress Houzez Login Register plugin.
The flaw is identified as CVE-2024-22303 and CVE-2024-21743. It affects versions up to 3.2.4 and 3.2.5 and is classified as a high-priority issue with a CVSS score of 8.8, indicating significant risk.

New guidance on detecting and mitigating Active Directory compromises
Date: 2024-09-26
Author: ACSC

Alongside our international partners, we have released new guidance on Detecting and Mitigating Active Directory compromises. This guidance provides strategies to help organisations mitigate the 17 most prevalent techniques used by malicious cyber actors to target Active Directory and gain access to their networks.
Detecting and mitigating Active Directory compromises builds on recent updates to the Information Security Manual (ISM) and includes a checklist with Active Directory security controls for organisations.

Critical Ivanti vTM auth bypass bug now exploited in attacks
Date: 2024-09-24
Author: Bleeping Computer

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.
Tracked as CVE-2024-7593, this auth bypass flaw is caused by an incorrect implementation of an authentication algorithm that lets remote unauthenticated attackers circumvent authentication on Internet-exposed vTM admin panels.


ASB-2024.0180 – Common Unix Printing System (CUPS): CVSS (Max): 9.0

Several critical vulnerabilities have been identified in the Common UNIX Printing System (CUPS) that could allow for remote code execution on Linux systems. However, these flaws necessitate specific configurations or user permissions for exploitation. Users are advised to implement the latest patches or mitigations to reduce potential risks.

ESB-2024.6106 – Apache Tomcat: CVSS (Max): None

A critical vulnerability has been identified in Apache Tomcat that could enable attackers to bypass security restrictions and gain unauthorised access to sensitive data. The flaw affects multiple versions of the server, necessitating prompt updates to mitigate risks. Users are urged to apply the latest patches to ensure their systems remain secure.

ESB-2024.6174 – Google Chrome: CVSS (Max): None

Multiple vulnerabilities have been found in Google Chrome, with the most severe enabling arbitrary code execution by attackers. This could allow them to install programs, access, modify, or delete data, or create accounts with full user rights, particularly affecting users with administrative privileges. Those with lower user rights may experience reduced impact but are still at risk.

ESB-2024.6028 – OpenShift Container Platform 4.15.33: CVSS (Max): 9.9

Flaws have been identified in Red Hat OpenShift, specifically CVE-2024-45496 and CVE-2024-7387, which could lead to potential privilege escalation and denial of service. These vulnerabilities may allow attackers to gain elevated access or disrupt services. Red Hat recommends users apply the latest updates to mitigate these risks.

ESB-2024.6186 – OMNTEC Proteus Tank Monitoring: CVSS (Max): 9.8

Critical vulnerabilities have been discovered in automated tank gauge systems, potentially allowing attackers to manipulate data and disrupt operations. These flaws could lead to significant safety and financial risks for organizations relying on these systems. Experts urge immediate action to address the vulnerabilities and enhance security measures.

ESB-2024.6182 – Tenable Nessus Network Monitor: CVSS (Max): 9.8

Tenable has released Nessus Network Monitor 6.5.0 to address multiple vulnerabilities found in third-party components like OpenSSL, expat, curl, and libxml2, which have been updated to secure versions. Additionally, a stored cross-site scripting vulnerability (CVE-2024-9158) was fixed, allowing privileged local attackers to inject code into the UI. Users are urged to upgrade to the latest version to mitigate these risks.


Stay safe, stay patched and have a good weekend!

The AUSCERT team