6 Oct 2023
Week in review
Greetings,
This month is Cyber Security Awareness Month, an important time for all to enhance their knowledge of cyber security and to take proactive steps to safeguard their information and devices. At AUSCERT, we hold the belief that cyber security should be an integral part of our everyday routines and should be considered as an enabler in every organisation. Yet we recognize that for the broader public who may not be as immersed in the cyber security world, this month serves as a timely reminder of its crucial role in our lives. We’d like to emphasize the role of cyber leaders in extending their expertise and advocating everyone within their organisation, community, or home to adopt the following simple tips. Click here to read our blog for some shareable tips.
Engaging in regular training is crucial for staying ahead in the field of cyber security. AUSCERT offers a diverse range of training courses that are specifically designed to provide you with the most relevant and up-to-date knowledge and skills. With experienced practitioners offering real-world advice and solutions, you can ensure you are well-equipped.
In particular, the importance of data governance is continually growing in today’s data-centric business landscape. Many industries and organisations are subject to regulatory requirements regarding data management and privacy, making it a pivotal component in an effective organisation. Our Data Governance Principles and Practices training course equips participants with the fundamental skills and knowledge required to develop a structured framework that your organisation can follow to ensure it is managing data effectively. The course also includes information about how effective data governance contributes to cyber security initiatives. Hurry, this is the last opportunity for this year to register for our training course. For more information click here.
In conclusion, let’s lead our community towards being safer online! With improved knowledge, we can ensure that we are cyber-wise and better prepared to protect ourselves and organisations from cyber threats. Together we can make a safer cyber world!
Millions of Exim mail servers exposed to zero-day RCE attacks
Date: 2023-09-29
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
Found by an anonymous security researcher and disclosed through Trend Micro's Zero Day Initiative (ZDI), the security bug (CVE-2023-42115) is due to an Out-of-bounds Write weakness found in the SMTP service.
Atlassian patches critical Confluence zero-day exploited in attacks
Date: 2023-10-04
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks. "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances," the company said.
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day
Date: 2023-10-04
Author: Security Week
[See AUSCERT Security Bulletin 05 October 2023: ESB-2023.5703]
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
The Cupertino device maker on Wednesday rushed out a new patch to cover a pair of serious vulnerabilities and warned that one of the issues has already been exploited as zero-day in the wild.
In a barebones advisory, Apple said the exploited CVE-2023-42824 kernel vulnerability allows a local attacker to elevate privileges, suggesting it was used in an exploit chain in observed attacks.
The biggest hack of 2023 keeps getting bigger
Date: 2023-10-02
Author: Wired
In a field of shocking, opportunistic espionage campaigns and high-profile digital attacks on popular businesses, the biggest hack of 2023 isn’t a single incident, but a juggernaut of related attacks that keeps adding victims to its score. In the coming months, more people, as many as tens of millions, could find out that their sensitive information has been compromised. But more still will likely never learn of the situation or its impact on them.
New 'Looney Tunables' Linux bug gives root on major distros
Date: 2023-10-03
Author: Bleeping Computer
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader.
The GNU C Library (glibc) is the GNU system's C library and is in most Linux kernel-based systems. It provides essential functionality, including system calls like open, malloc, printf, exit, and others, necessary for typical program execution.
ESB-2023.5669 – ALERT Cisco Emergency Responder: CVSS (Max): 9.8
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted
ESB-2023.5668 – ALERT Confluence Data Center and Confluence Server: CVSS (Max): 10.0
Privilege Escalation Vulnerability in Confluence Data Center and Server
ESB-2023.5632 – firefox-esr: CVSS (Max): 9.8
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code
ESB-2023.5637 – exim4: CVSS (Max): 9.8
Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used
Stay safe, stay patched and have a good weekend!
The AUSCERT team