4 Aug 2023

Week in review

Greetings,

This week, the moon made a stunning appearance, captivating the world with its extraordinary beauty. Larger and brighter than ever, the majestic supermoon illuminated the night sky, drawing people’s eyes upward in awe. Its radiant glow was visible to all, uniting people from different corners of the globe, mesmerized by its allure. Just as the moon goes through its various phases, cyber security operates on a layered defence approach, encompassing detection, prevention, response and foresight planning. This week's full moon symbolizes completion and strength, reflecting the importance of building a resilient cyber security strategy.

We are thrilled to announce the release of the latest episode of ‘Share Today, Save Tomorrow’ – Episode 25 – What does the future hold. Join Anthony as he reunites with his old friend, the captivating and renowned Futurist, Dr Joseph Voros. An expert in the field of strategic foresight, Dr Voros provides valuable insights into the fascinating realm of preparing for uncertain futures. His work alongside governments worldwide has been instrumental in navigating the ever-evolving threat landscape of cyber security. Touching on the big trends in the future cybersecurity space, Dr Voros also comments on how artificial intelligence may pose more threats than benefits to us. Listen to this insightful conversation that explores how strategic thinking can shape a more secure and resilient future.

As Artificial Intelligence (AI) Technology continues to advance and become increasingly sophisticated, the security risks associated with their use and potential for misuse also increase. The capabilities of AI open up new opportunities for hackers and malicious actors to create more targeted and authentic cyber attacks. Already we are starting to see chatbots trained specifically for malicious purposes such as phishing, social engineering, exploiting vulnerabilities and creating malware. The trend of using generative AI Chatbots is growing and the adoption rate is increasing as it can provide easy solutions for less capable threat actors or those wanting to expand operations to other regions and lack the language skills. A growing concern in the field of AI is the need for reforms and shared safety protocols. As AI systems become more advanced, experts are increasingly aware of the potential risks they pose to society and humanity. Just as the moon provides a guiding light in the darkness of the night, experts must remain vigilant and advocate for better safety protocols across the AI industry to ensure accountability and transparency.


Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks
Date: 2023-07-31
Author: Security Week

[AUSCERT has directly notified affected members about this vulnerability where possible]
Ivanti has warned customers about a second zero-day vulnerability in its Endpoint Manager Mobile (EPMM) product that has been exploited in targeted attacks.
Further investigation by cybersecurity firm Mnemonic revealed the existence of CVE-2023-3508, a high-severity flaw that allows an authenticated attacker with administrator privileges to remotely write arbitrary files to the server.
Late last week, Ivanti published an advisory and CISA issued an alert to inform organizations about this second vulnerability and warn them of active exploitation. Organizations have been urged to immediately patch their devices.

Malware spotted on Barracuda email gateways
Date: 2023-07-31
Author: itnews

The need to replace Barracuda email gateways has taken on a new urgency, with America’s Computer and Infrastructure Security Agency (CISA) warning it has identified three malware variants planted on vulnerable devices.
Earlier this year, Barracuda advised that a remote code execution bug (CVE-2023-2868) in some of its email security gateways required affected devices to be replaced.
Some units clearly remain in service, and CISA has warned it has identified three malware variants it has spotted on Barracuda devices.

Threat actors abuse Google AMP for evasive phishing attacks
Date: 2023-08-01
Author: Bleeping Computer

Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees.
The idea behind using Google AMP URLs embedded in phishing emails is to make sure that email protection technology does not flag messages as malicious or suspicious due to Google’s good reputation.
The AMP URLs trigger a redirection to a malicious phishing site, and this additional step also adds an analysis-disrupting layer.

Relying on CVSS alone is risky for vulnerability management
Date: 2023-07-31
Author: Help Net Security

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion.
In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation.

Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023
Date: 2023-08-02
Author: The Hacker News

About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year.
"Critical manufacturing (37.3% of total reported CVEs) and Energy (24.3% of the total reported) sectors are the most likely to be affected," the OT cybersecurity and asset monitoring company said in a report shared with The Hacker News.

Apple rejects new name 'X' for Twitter iOS app because… rules
Date: 2023-07-29
Author: Bleeping Computer

Mr. Musk may have successfully pushed Twitter's new name and logo, 'X', and even made the vanity domain x.com redirect to the social media website, but that's not to say, the Mathematical double-struck letter will fit the bill everywhere.
Turns out, Apple's App Store can't accept the new name for Twitter's iOS app because of minimum character requirements.


ESB-2023.4293 – OpenSSH: CVSS (Max): 9.8

Ubuntu has fixed an OpenSSH vulnerability that allowed programs to be run as a user login when using ssh-agent forwarding.

ESB-2023.4385 – SUSE Manager: CVSS (Max): 9.4

SUSE has released an update that resolves three vulnerabilities and 38 fixes for SUSE Manager.

ESB-2023.4425 – Red Hat Ansible Automation Platform: CVSS (Max): 9.8

Red Hat has released security fixes to openshift-clients to resolve issues such as excessive memory growth and denial of service from excessive resource consumption.

ESB-2023.4430 – python-django: CVSS (Max): 9.8

A fix has been released for python-django packages to address missing sanitising of emails and URL validators, which could result in a denial of service.

ESB-2023.4413 – Linux Kernel RT (Live Patch 0 for SLE 15 SP5): CVSS (Max): 8.2

An update has been released to resolve four vulnerabilities. The fixed security issues included addressing exploits to achieve local privilege escalation and unauthorized execution of management commands.

ESB-2023.4414 – .NET 6.0: CVSS (Max): 8.1

An update has been released to resolve various security vulnerabilities that could lead to a symlink attack and crashing due to unmanaged heap corruption.


Stay safe, stay patched and have a good weekend!

The AUSCERT team