//Week in review - 8 Dec 2023
Greetings,
Automation has long been recognized as the future, but is the future already upon us? The emergence of next-generation connectivity, exemplified by autonomous vehicles and smart cities, signals the dawn of a new era in digital infrastructure. The integration of artificial intelligence (AI) and advanced robotics is propelling automation to new heights, revolutionizing productivity across diverse industries. In this transformative landscape, building our capabilities in these cutting-edge technologies becomes imperative. Doing so ensures that we not only keep up with change but also position ourselves to capitalize on emerging opportunities as they arise. New emerging technologies are likely to transform cyber roles and reshape skill requirements as automated tools assume greater responsibility for core network protection functions.
Minister Clare O’Neil has outlined the critical role of automation in the 2023-2030 Cyber Security Strategy. In response to cybercriminals increasingly employing sophisticated technologies to automate ransomware attacks, the strategy advocates a proactive approach through the deployment of automated threat detectors. Essentially, the strategy recognizes automation as a cornerstone in the ongoing battle against cyber threats. The investment in automated solutions and real-time collaboration underscores a commitment to staying ahead in the dynamic cybersecurity landscape, ensuring a robust defence against emerging cyber threats.
Successfully implementing automation relies heavily on a strong foundation of clear definitions, guidelines, and processes Often organisations struggle with automation due to a lack of well-documented processes and limited staffing resources. This along with other factors such as maturity and process monitorability, contributes to the challenges security teams face when implementing automation. Successful automation requires a pragmatic approach where teams identify and prioritize processes that are feasible and provide the greatest impact on efficiency and risk reduction.
To conclude we would like to remind you of the webinar discussion we have coming up next week designed to support you with the development and submission of your presentations for AUSCERT2024! Register here
Atlassian patches critical RCE flaws across multiple products
Date: 2023-12-06
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email].
[See AUSCERT bulletins: ESB-2023.7312, ESB-2023.7311, ESB-2023.7310, ESB-2023.7308]
Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS.
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
Date: 2023-12-01
Author: Bleeping Computer
[Please see AUSCERT bulletin: https://auscert.org.au/bulletins/ESB-2023.6704.2]
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th.
Cloud Director is a VMware platform that enables admins to manage data centers spread across multiple locations as Virtual Data Centers (VDC).
The auth bypass security flaw (CVE-2023-34060) only impacts appliances running VCD Appliance 10.5 that were previously upgraded from an older release. However, VMware says it doesn't affect fresh VCD Appliance 10.5 installs, Linux deployments, and other appliances.
"Sierra:21" vulnerabilities impact critical infrastructure routers
Date: 2023-12-06
Author: Bleeping Computer
[Please see AUSCERT bulletin: https://auscert.org.au/bulletins/ESB-2023.7318]
A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.
The flaws discovered by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS (open Network Demarcation Service).
AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity.
Nissan discloses cyber incident in Australia and NZ
Date: 2023-12-07
Author: iTnews
Carmaker Nissan is investigating a cyber incident affecting undisclosed systems used by its Australian and New Zealand operations.
The company said in a statement overlaid on its homepage that the “Australian and New Zealand Nissan Corporation and Financial Services advises that its systems have been subject to a cyber incident.”
Apple fixes two new iOS zero-days in emergency updates
Date: 2023-12-30
Author: Bleeping Computer
[Please see AUSCERT bulletin: https://www.auscert.org.au/bulletins/ESB-2023.7211]
Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year.
"Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1," the company said in an advisory issued on Wednesday.
Establishing New Rules for Cyber Warfare
Date: 2023-12-05
Author: Dark Reading
The efforts of the International Committee of the Red Cross (ICRC) to establish rules of engagement to combatants in a cyberwar should be applauded internationally, even if adherence is likely to be limited. The ICRC recently released a set of rules for civilian hackers involved in conflicts to follow in order to clarify the line between civilians and combatants, as cyberspace can be a blurry place to work in — especially during a war.
ESB-2023.6704.2 – UPDATE VMware Cloud Director Appliance: CVSS (Max): 9.8
VMware has released Cloud Director Appliance 10.5.1 to fix the authentication bypass vulnerability reported in November 2023.
ESB-2023.7318 – Sierra Wireless AirLink with ALEOS firmware: CVSS (Max): 8.1
Multiple vulnerabilities have been reported in Sierra Wireless AirLink with ALEOS which if exploited could result in a cross site scripting or denial-of-service attack.
ESB-2023.7309 – Google Chrome: CVSS (Max): None
Google announced the release of Chrome 120 to the stable channel for Mac,Linux and Windows. This update contains patches for 10 vulnerabilities.
ESB-2023.7308 – ALERT Confluence Data Center and Confluence Server: CVSS (Max): 9.0
The Template Injection vulnerability in Confluence Data Center and Server allows an authenticated attacker to inject unsafe user input into a Confluence page which could result in a RCE attack on an
affected instance. Atlassian recommends applying patches to the affected installations.
ESB-2023.7339.2 – UPDATE Apache Struts: CVSS (Max): None
The Apache Struts group has released Apache Struts versions 6.3.0.2 & 2.5.33 to address a potential security vulnerability identified as CVE-2023-50164.
Stay safe, stay patched and have a good weekend!
The AusCERT team
