2 Feb 2024
Week in review
Greetings,
What better way to kickstart your cybersecurity goals this year by improving your knowledge with the most relevant strategies? This week, our team has been busy creating a schedule of training courses for our members to register for in 2024! Remember, the best way to get ahead of threats and attacks is to have the most relevant education and training in effective strategies to successfully mitigate cyber risks. Head to our Training page for more information on courses you can register for! Alternatively, contact us for more information at training@auscert.org.au.
During a big week filled with security patches and updates, various vendors and platforms released fixes for different vulnerabilities. AUSCERT’s team of expert analysts worked diligently to issue bulletins, ensuring members were informed of the latest information. We specialise in vulnerability research, delivering consistently formatted bulletins across major platforms and vendors to streamline security patching. Once a patch for a vulnerability is publicly released by a vendor, it is recommended to apply it as soon as possible, as malicious actors are expected to start developing code to exploit it.
Although with an abundance of updates flooding in daily, we understand the importance of prioritising effectively to ensure your resources are adequately utilised. Our security bulletins provide concise summaries, enabling quick comprehension of essential information, severity determination, and prioritisation of organisational patching efforts. Each vulnerability comes with a recommended resolution, including patching, upgrading, and mitigation suggestions. AUSCERT publishes Security Bulletins each business day, curating and checking content to ensure up-to-date information for our members.
Members can also subscribe to the Daily Bulletins Digest, summarising all the Security Bulletins published throughout the day in a single email. If you would like to update your organisational Security Bulletins to the Daily Bulletins Digest simply email – membership@auscert.org.au.
By maintaining clear and streamlined patch management processes and procedures, organisations can position themselves to act swiftly upon vulnerability announcements and patch releases. Strategy minimises the attack surface of systems, leading to an enhancement in your overall security posture.
CVE-2024-20253 (CVSS 9.9): Cisco Unified Communications Products RCE Vulnerability
Date: 2024-01-24
Author: Security Online
[Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2024.0493.2]
[AUSCERT has identified impacted members (where possible) and contacted them via email]
Cisco has patched a critical Unified Communications and Contact Center Solutions security flaw that can let unauthenticated, remote attackers execute arbitrary code on an affected device. This security flaw is tracked as CVE-2024-20253.
At the heart of CVE-2024-20253 lies a perilous gap in security: the improper handling of user-provided data as it is ingested into memory. This flaw opens the door for unauthenticated, remote attackers to craft and dispatch malicious messages to a listening port on vulnerable devices.
Booking.com scams that look ‘so real’ have surged, costing Australians thousands of dollars
Date: 2024-01-31
Author: ABC News
Australia’s consumer rights watchdog has seen a sharp increase in Australians mentioning popular accommodation site Booking.com when they report experiencing or falling victim to a scam.
Scam reports mentioning Booking.com significantly increased in 2023 and caused Australians to lose more than $337,000, according to the Australian Competition and Consumer Commission (ACCC).
The ACCC said its Scamwatch program received 363 reports of scams in 2023 which mentioned Booking.com — one of the most visited travel booking sites in the world.
CISA warns of patched iPhone kernel bug now exploited in attacks
Date: 2024-01-31
Author: Bleeping Computer
CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.
Tracked as CVE-2022-48618 and discovered by Apple’s security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.
The company has yet to reveal if the vulnerability was also silently patched more than two years ago when the advisory was first issued.
Bringing the Essential Eight into the Cloud
Date: 2024-01-31
Author: Australian Cyber Security Magazine
MIT Technology Review Insights named Australia the leader in its inaugural Cyber Defense Index country rankings for 2022-2023. In recent years, Australia has made some key moves to improve the country’s security posture. In 2020, they invested $1.67B as part of Cyber Security Strategy 2020. A year later, they updated maturity levels to the Essential Eight, their comprehensive guide for businesses trying to protect themselves against cyberattacks. In 2022, they appointed Clare O’Neil as their first-ever dedicated Minister for Cyber Security.
Ransomware payments drop to record low as victims refuse to pay
Date: 2024-01-29
Author: Bleeping Computer
The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware.
This trend became apparent in mid-2021 when the payment rate dropped to 46% after previously being 85% at the start of 2019.
According to Coveware, the reason for this continual drop is multifaceted, including better preparedness by organizations, a lack of trust towards cybercriminals promising not to publish stolen data, and legal pressure in some regions where paying a ransom is illegal.
ESB-2024.0667 – Google Chrome: CVSS (Max): None
Google has updated Chrome to address multiple vulnerabilities
ESB-2024.0714 – ALERT GitLab Community Edition and Enterprise Edition: CVSS (Max): 9.9
GitLab has addressed several vulnerabilities including a critical with CVSS 9.9. The advisory was published on 25 January
ESB-2024.0670 – Splunk Add-on Builder: CVSS (Max): 8.2
An Information disclosure vulnerability has been patched in Splunk Add-on Builder
Stay safe, stay patched and have a good weekend!
The AUSCERT team