AUSCERT Week in Review for 4th October 2024

Greetings,

Cyber Security Awareness Month is here! This is the ideal opportunity to educate those who are less tech-savvy about essential online safety practices. This global initiative emphasises the growing importance of cyber security for individuals, businesses, and organisations. With this year’s theme, Secure Our World, the focus is important as we confront an increasing number of sophisticated cyber threats.

Whilst, Cyber Security Awareness Month typically focuses on educating individuals, especially non-technical staff, about basic online safety practices, phishing prevention, and password hygiene. It’s important to remember cyber security isn’t a one-off effort; it’s a holistic practice across not only cyber but also all GRC executives and the board of directors.

Organisations should prioritise proactive Governance, Risk, and Compliance (GRC) measures. GRC is a holistic framework that integrates governance, risk management, and compliance, helping organisations not only meet regulatory obligations but also stay ahead of the rapidly evolving cyber threat landscape. A well-executed GRC strategy improves decision-making, safeguards sensitive data, and enhances overall cyber resilience.

Cyber security is a shared responsibility that requires close collaboration across all teams within an organisation. Transparent, regular reporting to senior leadership, along with comprehensive employee training programmes, is crucial for minimising vulnerabilities and fostering a security-conscious culture organisation-wide.

AUSCERT provides expert advice and consultations to help your organisation navigate the complexities of Governance, Risk, and Compliance (GRC) enhancing your cyber security posture in line with your business objectives. Our team specialises in guiding organisations to confidently adhere to industry frameworks, standards, and benchmarks. Contact us today to learn more about our GRC services and how we can support your security and compliance goals – grc@auscert.org.au

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
Date: 2024-10-02
Author: The Hacker News

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
"These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout Vedere Labs said in a technical report shared with The Hacker News.

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Date: 2024-09-30
Author: The Hacker News

[AUSCERT has published security bulletins for these updates]
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks.
"These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher Pedro Umbelino said in a report published last week.

Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Date: 2024-09-26
Author: Microsoft

Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and law enforcement. Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations.

Meta, Australian banks tout progress on taking down scam ads
Date: 2024-10-03
Author: iTnews

Meta has taken down some 8000 so-called "celeb bait" scam ads from Facebook and Instagram as part of a new effort with Australian banks to curb the practice.
The scams use images of famous people, often generated by artificial intelligence, to trick consumers into giving money to non-existent investment schemes.
The US social media giant said it took down the scam ads after receiving 102 reports since April from the Australian Financial Crimes Exchange, an intelligence-sharing body run by the country's main banks.

Zimbra RCE Vuln Under Attack Needs Immediate Patching
Date: 2024-10-02
Author: Dark Reading

[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Attackers are actively targeting a severe remote code execution vulnerability that Zimbra recently disclosed in its SMTP server, heightening the urgency for affected organizations to patch vulnerable instances right away.
The bug, identified as CVE-2024-45519, is present in the Zimbra postjournal service component for email journaling and archiving. It allows an unauthenticated remote attacker to execute arbitrary commands on a vulnerable system and take control of it. Zimbra issued updates for affected versions last week but has not released any details of the flaw so far.

ESB-2024.6304 – Juniper Junos OS: CVSS (Max): None

Juniper Networks has released a security advisory regarding vulnerabilities in multiple products using the RADIUS protocol which are susceptible to forgery attacks (Blast RADIUS).

ESB-2024.6323 – Mozilla Firefox: CVSS (Max): 9.8

Mozilla has fixed critical vulnerabilities in Firefox 131. These vulnerabilities could allow for arbitrary code execution or denial of service attacks across various platforms, including desktop and Android.

ESB-2024.6335 – Optigo Networks ONS-S8 Spectra Aggregation Switch: CVSS (Max): 9.8

CISA's advisory identifies critical vulnerabilities in Optigo Networks' ONS-S8 Spectra Aggregation Switch, which could allow attackers to bypass authentication, execute remote code, or upload arbitrary files.

ESB-2024.6389 – Cisco Nexus Dashboard Fabric Controller (NDFC): 9.9

Cisco Nexus Dashboard Fabric Controller (NDFC) has a critical vulnerability that allows authenticated, low-privileged remote attackers to execute arbitrary commands via a command injection flaw in the REST API and web UI. Cisco advises to apply patches to address this issue​.

Stay safe, stay patched and have a good weekend!

The AUSCERT team