6 Dec 2024
Week in review
Greetings,
The festive season is a time for celebration, but it’s also a period when cyber criminals ramp up their efforts to exploit busy, distracted, or unsuspecting individuals. As online shopping surges during Christmas, it’s essential to stay vigilant and take proactive steps to safeguard your personal information and devices. As cyber security professionals, it’s critical to not only apply best practices personally but also reinforce awareness among less tech-savvy colleagues, friends, and family members.
Phishing scams, fake e-commerce promotions, and delivery fraud are rampant during this period. Scammers create convincing fake websites, pay for top placement in search results, and set up fraudulent stores on social media to deceive consumers. Common tactics include fake travel deals, parcel delivery scams, and offers that seem too good to be true—designed to steal payments or personal data.
To protect yourself, always verify URLs for accuracy and security, avoid clicking on links in emails or messages, and download apps only from trusted sources. Use secure payment methods with consumer protections like PayPal or credit cards, and consider a low-limit credit card for online transactions. Avoid saving payment details in online accounts, and the more risky payment methods like bank transfers or cryptocurrencies.
Strengthen account and device security with unique passwords, multi-factor authentication, and regular software updates. Stay alert to parcel scams, verifying any messages even if expecting a delivery. If a deal seems too good to be true, access the retailer’s website directly to confirm its legitimacy.
Remember these three steps to avoid scams: Stop—Don’t rush into action; Check—Verify the offer through official channels or reviews; and Report—inform your bank and update passwords if you suspect a scam. By staying proactive, you can enjoy a safe and secure holiday season for all!
CVE-2024-42330 (CVSS 9.1): Zabbix Patches Critical Remote Code Execution Vulnerability
Date: 2024-11-28
Author: Security Online
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Popular open-source monitoring tool Zabbix has released urgent security updates to address a critical vulnerability that could allow attackers to execute arbitrary code on vulnerable systems. The vulnerability, tracked as CVE-2024-42330 and assigned a CVSS score of 9.1, affects multiple versions of Zabbix 6.0, 6.4, and 7.0.
Zabbix is widely used by organizations of all sizes to monitor their IT infrastructure, including networks, servers, and cloud services.
RomCom exploits Firefox and Windows zero days in the wild
Date: 2024-11-26
Author: We Live Security
[Please see the AUSCERT bulletin published in October for CVE-2024-9680: https://portal.auscert.org.au/bulletins/ESB-2024.6620/]
ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.
ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild, after the abuse of CVE-2023-36884 via Microsoft Word in June 2023.
CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks
Date: 2024-12-04
Author: Security Week
The US cybersecurity agency CISA on Tuesday warned that a path traversal vulnerability in multiple Zyxel firewall appliances has been exploited in the wild. The issue, tracked as CVE-2024-11667 (CVSS score of 7.5), is a high-severity flaw affecting the web management interface of Zyxel ATP, USG FLEX, and USG20(W)-VPN series devices.
Veeam warns of critical RCE bug in Service Provider Console
Date: 2024-12-03
Author: Bleeping Computer
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.
VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
Exploit released for critical WhatsUp Gold RCE flaw, patch now
Date: 2024-12-03
Author: Bleeping Computer
A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible.
The flaw is tracked as CVE-2024-8785 (CVSS v3.1 score: 9.8) and was discovered by Tenable in mid-August 2024. It exists in the NmAPI.exe process in WhatsUp Gold versions from 2023.1.0 and before 24.0.1.
ESB-2024.7833 – Google Chrome: CVSS (Max): 8.8
Google has released a security update for Chrome to fix a high-severity "type confusion" vulnerability (CVE-2024-12053) in the V8 JavaScript engine. This flaw could allow attackers to execute arbitrary code, bypassing Chrome’s sandbox and compromising system security. The issue was promptly patched in Chrome version 131.0.6778.108/.109 for Windows, Mac, and Linux.
ESB-2024.7802 – Cisco Adaptive Security Appliance WebVPN: CVSS (Max): 6.1
Cisco warns that the decade-old ASA vulnerability (CVE-2014-2120) is being actively exploited in attacks. This flaw, found in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) software, allows unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. Cisco urges customers to upgrade to fixed software versions following new exploitation attempts detected in November 2024.
ESB-2024.7832 – Siemens RUGGEDCOM APE1808: CVSS (Max): 10.0
Siemens products are affected by multiple vulnerabilities. These vulnerabilities could allow attackers to gain unauthorised access, cause denial-of-service conditions, or escalate privileges. Affected devices should be updated using Siemens patches, and access to the management interface should be limited to trusted IP addresses. CISA recommends protective measures to reduce exploitation risks, including securing network access and following industrial security guidelines. Additionally, users should be vigilant against social engineering attacks.
ESB-2024.7785 – Google Android: CVSS (Max): 8.4*
The Android Security Bulletin highlights critical vulnerabilities, with the most severe being a high-risk flaw in the System component, potentially allowing remote code execution without requiring additional privileges. The vulnerability could severely impact devices if platform and service mitigations are bypassed or disabled. Security patch levels of 2024-12-05 or later address all issues. Android partners were notified in advance, and source code patches have been released in the AOSP repository.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
