//Week in review - 3 Nov 2023


This week, many of us excitedly dusted off our costumes and indulged in Halloween celebrations. The tradition is gradually gaining more traction in Australia, with an increasing number of children embracing the thrill of trick-or-treating. Both youngsters and adults enthusiastically engage in the festivities, dressing in a wide variety of costumes ranging from monsters to fairies. This festive time also provides a good opportunity for our children to learn about the various personas people can adopt in our community and digital world, some helpful and some unfortunately harmful.

Cyber security threats can be highly detrimental to an organisation’s reputation, financial stability and overall success. Gone are the days of cyber security being solely the IT department’s responsibility. Today, leadership at all levels must actively support policies and practices throughout the organisation. Fostering a progressive and active cyber security culture within the workplace is crucial for achieving organisational resilience.

Leaders and senior executives are now expected to possess a comprehensive understanding of cyber security risk management to ensure the safety and well-being of their organisation and its stakeholders. In a surprising development on Monday that has spooked some in the cybersecurity community, the Securities and Exchange Commission charged SolarWinds and its CISO Timothy Brown with fraud and internal control failures for allegedly misleading investors about its cyber security practices and known risks.

While this case is still unfolding, it serves as a valuable learning experience for us all. It underlines the critical importance of actively implementing strong cyber security risk management practices. Leadership plays a pivotal role in ensuring the safety of their organisation by possessing a comprehensive understanding of the cyber security risks relevant to them, and leading accordingly. Instead of jumping to conclusions, we should utilise this case as an opportunity to reflect on the significance of cyber security risk within organisations and the detrimental impacts that deceptive behaviour can have.

AUSCERT recognizes the increasing demands and pressures on leadership to possess cyber security risk management knowledge and skills. Therefore, we have launched a new training course designed to empower leaders in this critical area. The Cyber Resilience for Senior Executives course equips participants with the knowledge and skills required to effectively lead their organisation’s strategic response to the cyber security challenge and improve their organisational resilience. This course is suitable for any senior executives, with any background and no technical knowledge is required.

Critical vulnerability found in Atlassian Confluence software
Date: 2023-11-01
Author: iTnews

[AUSCERT has identified the impacted members (where possible) and contacted them via email. Also please see our bulletin: https://auscert.org.au/bulletins/ESB-2023.6313 ]
The company’s advisory for CVE-2023-22518 attributed a message to the company’s CISO, Bala Sathiamurthy, saying the users are “vulnerable to significant data loss” if the vulnerability is exploited. “There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances,” Sathiamurthy wrote.

RCE exploit for Wyze Cam v3 publicly released, patch now
Date: 2023-10-30
Author: Bleeping Computer

A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
Wyze Cam v3 is a top-selling, inexpensive indoor/outdoor security camera with support for color night vision, SD card storage, cloud connectivity for smartphone control, IP65 weatherproofing, and more.
Security researcher Peter Geissler (aka bl4sty) recently discovered two flaws in the latest Wyze Cam v3 firmware that can be chained together for remote code execution on vulnerable devices.

3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
Date: 2023-11-01
Author: Bleeping Computer

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability.
Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and servers, supporting Java and various cross-language clients and many protocols, including AMQP, MQTT, OpenWire, and STOMP

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)
Date: 2023-10-30
Author: Help Net Security

[Please see AusCERT bulletin: https://auscert.org.au/bulletins/ESB-2023.5826.2]
CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors.
According to security researcher Kevin Beaumont’s cybersecurity industry sources, one ransomware group has already distributed a Python script to automate the attack chain to their operators, and other groups have started leveraging a working exploit.

New CVSS 4.0 vulnerability severity rating standard released
Date: 2023-11-01
Author: Bleeping Computer

The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.
CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation (such as low, medium, high, and critical) based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.

ESB-2023.6234.3 – UPDATED ALERT BIG-IP Configuration Utility: CVSS (Max): 9.8

F5 is warning BIG-IP admins about recently disclosed Configuration utility unauthenticated remote code execution vulnerability (CVE-2023-46747)

ESB-2023.6266 – IBM Security QRadar SIEM: CVSS (Max): 9.8

IBM QRadar SIEM contains components that have been identified as vulnerable and can potentially be exploited using automated tools. However, IBM has taken the necessary steps to address the relevant CVEs.

ESB-2023.6321 – Zavio IP Camera: CVSS (Max): 9.8

Users of Zavio IP cameras are strongly urged to change their devices since proper updates to patch these vulnerabilities will not be available.

ESB-2023.6344 – ALERT Tenable Security Center: CVSS (Max): 9.8

Tenable has discovered vulnerabilities in Tenable Security Center, and released a critical patch to address these issues.

Stay safe, stay patched and have a good weekend!

The AusCERT team