AUSCERT Week in Review for 5th January 2024

Greetings,

As the calendar turns the page to the dawn of 2024 a sense of excitement and anticipation fills the air. The arrival of the new year symbolises a journey towards development and progression for every one of us. We stand prepared to embrace new challenges, learn from the past and propel ourselves forward into an era of growth and prosperity. Just as individuals set resolutions for the new year to pursue good health and fortune, businesses must also create resolutions for improved cybersecurity practices.

In our rapidly evolving digital ecosystem, the year ahead promises both ground-breaking strides and the continuous evolution of technology advancements. As organisations gear up to defend against ever-more-sophisticated cyber threats, the role of artificial intelligence and machine learning has elevated threats to new heights.

Collaboration is a cornerstone in the cyber realm, as information sharing among industries, governments, and security communities becomes integral to staying one step ahead of cyber threats. The exchange of threat intelligence, best practices and incident response strategies becomes integral to creating a resilient defence ecosystem. The start of 2024 emphasizes the need for a united front against cyber-attacks, as threats become increasingly borderless and interconnected. Therefore our theme for AUSCERT2024 is “Pay it Forward,” as it highlights the importance of passing it forward by demonstrating how shared knowledge and collaboration can create a ripple effect, strengthening the entire field of cyber security.

Cyber Conferences serve as an invaluable platform to cultivate new relationships, establish improved communication channels, and facilitate information sharing across organisations and the broader community. Join us at AUSCERT2024 and discover the power of amplifying your impact in the realm of cyber security. The theme for this year highlights the significant influence that everyone’s action can carry within the broader cyber community. We are already hard at work, developing a ground-breaking program of tutorials and presentations, so keep your eyes peeled for more updates. Please note Call for Presentations closes on the 29th of January. We encourage you to submit as soon as possible!

Critical Apache OFBiz Vulnerability in Attacker Crosshairs
Date: 2024-01-29
Author: Security Week

[Please also see AUSCERT bulletin: ASB-2024.0001.2 ]
The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning (ERP) system.
Apache OFBiz is leveraged by several ERP and other types of projects, including the widely used Atlassian Jira issue tracking and project management software.
The nonprofit cybersecurity organization Shadowserver reported seeing signs of in-the-wild exploitation for an Apache OFBiz vulnerability tracked as CVE-2023-49070 shortly after details of a different OFBiz bug, CVE-2023-51467, were disclosed by SonicWall.

Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
Date: 2024-01-28
Author: Security Week

[ AUSCERT has shared the indicators of compromise associated with CVE-2023-7102 through MISP.]
The recently disclosed vulnerability affecting Barracuda Email Security Gateway (ESG) appliances has been exploited as a zero-day to target government, high-tech and IT organizations, according to Mandiant.
The ESG vulnerability, tracked as CVE-2023-7102, is an arbitrary code execution flaw impacting ‘Spreadsheet::ParseExcel’, an open source library used by ESG devices to check Excel email attachments for malware

Victoria State's court suffers 'unsettling' and 'distressing' cyber hack
Date: 2024-01-02
Author: 9 News

Victoria's court system has confirmed that it suffered a cyberattack, with bosses admitting it could be "unsettling" and "distressing" for those affected.
Court Services Victoria said "unauthorised access" was gained to the courts audiovisual technology network just before Christmas.
It means hackers have got hold of some video and audio recordings as well as transcriptions of court proceedings from between November 1 and December 21.

Mandiant’s account on X hacked to push cryptocurrency scam
Date: 2024-01-03
Author: Bleeping Computer

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam.
"We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.

The law enforcement operations targeting cybercrime in 2023
Date: 2024-01-01
Author: Bleeping Computer

In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks.
While some of these operations were more successful than others, law enforcement has been increasingly using hack-back tactics to infiltrate operations and disrupt them.

21 New Mac Malware Families Emerged in 2023
Date: 2024-01-03
Author: Security Week

A total of 21 new malware families designed to target macOS systems were discovered in 2023, according to Patrick Wardle, a researcher specializing in the security of Apple devices.
Wardle has published a blog post analyzing the new malware families that emerged last year and the total number represents an increase of over 50% compared to 2022.
For each of the new malware families, Wardle’s blog describes the infection vector, persistence mechanism, features, and purpose. Malware samples have also been made available.

ASB-2024.0001 – Apache OFBiz

AusCERT has recently issued its initial ASB for the year, which highlights an important security concern. The bulletin addresses an Authentication Bypass vulnerability, identified as CVE-2023-51467, affecting Apache OfBiz. To ensure the safety of your systems, AusCERT strongly advises its members who utilize OfBiz to promptly update to the recommended version.

ESB-2024.0093 – Google Chrome: CVSS (Max): None

Several vulnerabilities have been discovered in Google Chrome. These vulnerabilities have the potential to be exploited by remote attackers, leading to remote code execution and denial of service of the affected system. Google has released patches to mitigate these issues.

ESB-2024.0092 – Android: CVSS (Max): 9.8*

Multiple vulnerabilities have been identified in Android devices, with one of the most critical being a high-security vulnerability found in the Framework component. This particular vulnerability has the potential to result in a local escalation of privilege, requiring no additional execution privileges. It is crucial to address this issue promptly to ensure the security of the Android devices.

ESB-2024.0096 – IBM Cloud Pak System Software: CVSS (Max): 9.8

IBM has recently released an advisory reporting a vulnerability in its WebSphere Application Server Pattern which can impact IBM Cloud Pak System. IBM has released updates to address the issue.

ESB-2024.0108 – Rockwell Automation FactoryTalk Activation: CVSS (Max): 9.8

An Out-of-Bounds Write flaw has been detected in Rockwell Automation's FactoryTalk Activation Manager, which if exploited could result in an attacker gaining full access to the system. Users of the affected software are strongly recommended to promptly implement the necessary risk mitigations.

Stay safe, stay patched and have a good weekend!

The AusCERT team