30 Aug 2024
Week in review
Greetings,
This week, our team travelled to Adelaide to connect with our members! We had the opportunity for meaningful one-on-one conversations, gathered valuable feedback, and shared updates on our upcoming service developments.
There is still time to register for the Digital Nation exclusive Brisbane event that is on Wednesday 4th of September, which delves deep into the evolving landscape of cyber security in Australia. Don't miss the opportunity to hear insights from our General Manager Ivano Bongiovanni! Click here to register.
We released a new blog post on Tabletop Exercises (TTXs) this week! TTXs are an essential tool for testing an organisation's ability to respond effectively to security incidents. These exercises help identify gaps in incident response plans and prepare teams for real-world crises by guiding participants through realistic, discussion-based scenarios focused on roles, responsibilities, coordination, and decision-making.
TTXs can be tailored to meet your organisation's specific needs, whether for incident response, business continuity, crisis management, or a mix of these areas. Participants from all roles—operational staff, cybersecurity professionals, communication teams, and executives—benefit from these exercises, enhancing cross-role coordination during incidents. Click here to read the full article!
In case you missed it, this week we published an analysis of the Jenkins CLI path traversal vulnerability, CVE-2024-23897, exclusively for AUSCERT members. At the time of publication, just over 4% of Jenkins servers worldwide have been updated to mitigate this critical vulnerability. It's often useful to present a trusted third party's review when prioritising patching tasks, and we hope this analysis will assist those of you striving to patch your Jenkins instance.
The Analyst Team has added Critical MSINs to AUSCERT's Early Warning SMS Alert Service, in addition to the existing critical vulnerability notifications. Whilst members' existing email notifications remain the same, the contacts nominated for Early Warning SMS Alerts will also now receive a corresponding SMS for Critical MSINs. The text message will always begin with the word "AUSCERT" and will direct the recipient to check for emails from AUSCERT for further information. Members can add additional Early Warning SMS Alert contacts in the Member Portal.
Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day
Date: None
Author: Security Week
Malware hunters at Lumen Technologies have caught Chinese APT Volt Typhoon exploiting a fresh zero-day in Versa Director servers to hijack credentials to break into downstream customers’ networks.
The high-severity vulnerability, tracked as CVE-2024-39717, was added to the CISA must-patch list over the weekend after Versa Networks confirmed zero-day exploitation and warned that the Versa Director GUI can be hacked to plant malware on affected devices.
Exchange Online mistakenly tags emails as malware
Date: None
Author: Bleeping Computer
Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine.
"Users' email messages containing images may be incorrectly flagged as malware and quarantined," Microsoft said in a service alert posted on the Microsoft 365 admin center two hours ago.
"We're reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan."
Tracked under EX873252, this ongoing service degradation issue seems to be widespread, according to reports from system administrators, and it also impacts messages with image signatures.
Vulnerability prioritization is only the beginning
Date: None
Author: Help Net Security
To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threat intelligence information.
Three steps to secure compliance with Australia’s new technology asset stocktake requirements
Date: None
Author: Security Brief
The recently introduced PSPF Direction 002-2024 requires Australian Government entities to identify and actively manage their technology assets.
Compliance is imperative. By June 2025, all government entities and their suppliers must complete a technology asset stocktake on all internet-facing systems or services to identify all technology assets managed by, or on behalf of, the entity. This directive is a crucial step towards strengthening cybersecurity posture and ensuring efficient IT asset management.
How Paris Olympic authorities battled cyberattacks, and won gold
Date: None
Author: SecurityIntelligence
The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.
In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.
Google has updated Chrome for Desktop versions addressing multiple vulnerabilities
Ubuntu has released updates for drupal7 package to patch vulnerabilities that are currently being exploited
A null pointer dereference leading to DoS has been addressed in various F5 products through mitigation
ESB-2024.5558 – Cisco Nexus Switches
A Denial of Service vulnerability has been fixed in NX-OS Software currently affecting Cisco Nexus 3000 and 7000 Series Switches.
Stay safe, stay patched and have a good weekend!
The AUSCERT team