31 May 2024

Week in review


Following the amazing experience we had last week, the AUSCERT team dove straight back into work this week, leveraging the rich knowledge shared throughout the conference. With many new initiatives and projects on the horizon, our organisation is experiencing significant growth and development.

Each year, our key highlight from AUSCERT2024 is reconnecting with members we’ve met before, meeting new ones, and strengthening our community bond. Beyond the cutting-edge education, the conference's vibrant community fostered idea-sharing and facilitated valuable networking opportunities.

This year, we decided to give back to the community by donating the proceeds from our speaker gifts to a valuable charity in Australia. We chose RizeUp Australia, a community-driven organisation of passionate people dedicated to supporting families affected by domestic and family violence.

RizeUp Australia goes beyond raising awareness through speaking engagements. They have developed various programs to support and empower families via specialist domestic and family violence organisations. Their efforts include helping victims create new homes after fleeing violent situations, supporting children in their healing process, and raising much-needed funds for families who often have nothing but the clothes on their backs.

AUSCERT prioritised raising $6,500 to fund a whole house for families impacted by domestic violence. Thanks to the incredible support from our community, we exceeded our goal and raised nearly $10,000, which was directly donated to the RizeUp Foundation. These funds are dedicated to making a tangible difference in the lives of vulnerable individuals. Our mission was to create a significant impact and give back to the community, advocating for change to transform the cultural norms that adversely affect many lives in our nation.

Google Patches Fourth Chrome Zero-Day in Two Weeks
Date: 2024-05-24
Author: Security Week

[Please also see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2024.3425/]
Google on Thursday rolled out a fresh Chrome update to address another exploited vulnerability in the popular web browser, the fourth zero-day to be patched in two weeks.
Tracked as CVE-2024-5274, the high-severity flaw is described as a type confusion in the V8 JavaScript and WebAssembly engine.
“Google is aware that an exploit for CVE-2024-5274 exists in the wild,” the internet giant noted in an advisory.

Exploit released for maximum severity Fortinet RCE bug, patch now
Date: 2024-05-28
Author: Bleeping Computer

[Please also see AUSCERT's updated bulletin: https://portal.auscert.org.au/bulletins/ASB-2024.0035.3/]
Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February.
Tracked as CVE-2024-23108, this security flaw is a command injection vulnerability discovered and reported by Horizon3 vulnerability expert Zach Hanley that enables remote command execution as root without requiring authentication.

Remote Code Execution Threatens Qlik Sense Users
Date: 2024-05-23
Author: Security Online

[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Qlik, a prominent player in the data analytics space, has issued a critical security advisory warning users of a high-risk vulnerability (CVE-2024-36077) in their Qlik Sense Enterprise for Windows platform. With a CVSS score of 8.8, this vulnerability could allow attackers to escalate privileges and potentially execute arbitrary code on affected servers, posing a significant threat to data integrity and confidentiality.

Check Point releases emergency fix for VPN zero-day exploited in attacks
Date: 2024-05-29
Author: Bleeping Computer

Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks.
On Monday, the company first warned about a spike in attacks targeting VPN devices, sharing recommendations on how admins can protect their devices. Later, it discovered the source of the problem, a zero-day flaw that hackers exploited against its customers.

NVD Leaves Exploited Vulnerabilities Unchecked
Date: 2024-05-23
Author: Info Security Magazine

A majority of currently exploited software vulnerabilities are missing from the US National Vulnerability Database (NVD), a new VulnCheck report has found.
In the report published on May 23, the software security provider showed that 30 out of 59 known exploited vulnerabilities (KEVs) registered since February 12 have not yet been analyzed by the NVD team.
In total, 50.8% of KEVs are missing critical metadata.

More than half a billion customers' details reportedly stolen by notorious hacker
Date: 2024-05-29
Author: 9News

A notorious hacker has claimed to have stolen the personal data of more than half a billion Ticketmaster customers, likely including Australians.
In a widely reported dark web post, hacker ShinyHunters claims to have 1.3 terabytes of data from 560 million global Ticketmaster and Live Nation customers, including names, emails, addresses, phone numbers and the last four digits of credit card numbers.
The hacker is selling the data, which could potentially be used to commit identity theft and other types of fraud, for $US500 million (roughly $750 million).

ESB-2024.3425.3 – Google Chrome CVSS (Max): 8.8

CISA added CVE-2024-5274 to its Known Exploited Vulnerabilities Catalog and advises users to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

ASB-2024.0035.3 – FortiSIEM

Horizon3's Attack Team recently released a proof-of-concept (PoC) exploit and detailed a technical analysis related to CVE-2024-23109 and CVE-2024-23108 affecting FortiSIEM. AUSCERT advises all FortiSIEM 7.1.x users to promptly update to version 7.1.2 to prevent exploitation.

ESB-2024.3470 – Citrix Workspace App for Mac CVSS (Max): 7.7

A critical flaw has been discovered in the Mac version of the Citrix Workspace app, which could enable attackers to escalate their privileges from a local authenticated user to a root user. Identified as CVE-2024-5027, this vulnerability presents a serious threat to individuals and businesses that depend on Citrix Workspace for their virtual app and desktop access requirements.

ESB-2024.3525 – LenelS2 NetBox CVSS (Max): 9.8

Multiple vulnerabilities have been identified in LenelS2 NetBox. If exploited, these vulnerabilities could enable an attacker to bypass authentication and carry out harmful commands with heightened privileges.

ESB-2024.3515 – Google Chrome CVSS (Max): None

Google has rolled out an update with 11 security patches for its Stable channel. As a result of this update, the Stable channel has been upgraded to version 125.0.6422.141/.142 for Windows and Mac, and 125.0.6422.141 for Linux.

Stay safe, stay patched and have a good weekend!

The AUSCERT team