28 Mar 2024

Week in review


As Easter approaches this weekend, many of us eagerly anticipate some well-deserved time off, relishing in chocolate eggs, and cherishing moments with loved ones. However, amidst the joyous festivities, we'd like to gently remind you that our member tokens and early bird registration fees will expire on April 5th for AUSCERT2024!

We're thrilled to unveil an engaging program, featuring Darren Kitchen as one of our esteemed keynote speakers. Darren's expertise promises to provide enlightening and invaluable insights for all attendees. Additionally, we're excited to announce that Risky Biz has confirmed a live podcast recording at AUSCERT2024! Be sure to seize the remaining time to secure your member tokens and early bird registration fees before this offer concludes.

This week, we released episode 32 of our podcast, titled "Behaviour Change to Reduce Threats." In this thought-provoking discussion, Anthony engages with Jane O’Loughlin from CERT NZ, exploring the critical importance of behaviour modification in mitigating cyber security threats. Jane actively advocates for increased awareness and action in cyber security, striving to make it more accessible and relevant to individuals.

Jane explains that despite cyber security’s widespread attention, research still indicates a concerning lack of seriousness among people regarding the issue, with many remaining unaware of the profound consequences of personal cyber attacks. Given the escalating sophistication and severity of threats, it's imperative for everyone to adopt proactive measures.

Cyber attackers leverage behavioural science to meticulously craft and target attacks, enhancing their success rates. Therefore, fostering a culture of cybersecurity consciousness and implementing effective behavioural modifications are crucial steps in safeguarding against cyber threats.

CERT NZ and The Research Agency have collaborated to produce "Cyber Change" – a book of behaviour change techniques aimed at promoting positive cybersecurity actions. This guide, tailored for government and industry agencies working in online security, shares valuable insights on improving the effectiveness of cyber security interventions.

In conclusion, AUSCERT wishes everyone a safe and happy Easter holiday! Our offices will be closed for the Easter long weekend from Friday 29th of March until Monday 1st of April inclusive. During this time auscert@auscert.org.au will not be monitored and no bulletins will be issued. However our analysts will remain on call for the period, if you experience a cyber incident, please log into the member portal for the 24/7 member hotline number.

Exploit released for Fortinet RCE bug used in attacks, patch now
Date: 2024-03-21
Author: Bleeping Computer

[AUSCERT utilised third-party search engines to identify and alert any impacted members]
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).

CISA tags Microsoft SharePoint RCE bug as actively exploited
Date: 2024-03-27
Author: Bleeping Computer

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.
Tracked as CVE-2023-24955, this SharePoint Server vulnerability enables authenticated attackers with Site Owner privileges to execute code remotely on vulnerable servers.

Australia Doubles Down On Cybersecurity After Attacks
Date: 2024-03-27
Author: Dark Reading

Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under.
The Australian government is carving out plans to revamp cybersecurity laws and regulations in the wake of a series of damaging high-profile data breaches that rocked the country.
Government officials recently released what it called a consultation paper that outlined specific proposals and solicited input from the private sector in a proclaimed strategy to position the nation as a world leader in cybersecurity by 2030.

Australian gov backs election system security after "highly likely" UK compromise
Date: 2024-03-26
Author: iTnews

The federal government has sought to assure Australians that electoral systems are secure after it emerged that UK electoral systems “were highly likely compromised” between 2021 and 2022.
The UK government, together with its cyber security agency, attributed “two malicious cyber campaigns targeting democratic institutions and parliamentarians” to China-affiliated threat groups.

Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters
Date: 2024-03-27
Author: SecurityWeek

Attackers have been exploiting a missing authentication vulnerability in the Ray AI framework to compromise hundreds of clusters, application security firm Oligo reports.
The issue, tracked as CVE-2023-48022 and disclosed in November 2023, exists because, in its default configuration, the open source compute framework for AI does not enforce authentication and does not support any type of authorization model.

ESB-2024.1744 – Firefox: CVSS (Max): 8.8

Mozilla has updated Firefox to version 124.0.1 addressing 2 critical vulnerabilities

ESB-2024.1805 – Google Chrome: CVSS (Max): None

Google has updated Chrome addressing multiple vulnerabilities

ESB-2024.1783 – macOS Ventura: CVSS (Max): 5.9

Apple has released an update to a remote code execution vulnerability in macOS Ventura

ESB-2024.1842 – Cisco IOS XE Software: CVSS (Max): 8.6

Cisco has released software updates for a denial of service vulnerability in IOS XE Software

ESB-2024.1787 – Rockwell Automation Arena Simulation Software: CVSS (Max): 7.8

Rockwell Automation has updated Arena Simulation Software to address multiple vulnerabilities

Stay safe, stay patched and have a good weekend!

The AusCERT team