8 Nov 2024

Week in review

Greetings,

With only a few months left of the year, it’s the perfect opportunity to begin forecasting for next year by gathering insights, refining strategies and reconnecting with key members of the community! With events and celebrations already filling up the calendar fast, we encourage our Brisbane members to save the date for November 21st and our Melbourne members for November 27th! These meet-ups are excellent opportunities to exchange ideas, share industry insights, and contribute to shaping the future together. Don’t miss out on this chance to connect and collaborate!

This week, cyber criminals have been exploiting DocuSign’s "Envelope: create" API to conduct business email compromise (BEC) attacks with convincing fake invoices and bypassing spam filters. Wallarm warns of the associated risks, while DocuSign urges users to verify sender and payment details to prevent fraud. This underscores the growing importance of secure verification practices as BEC attacks rise.

Lastly, a final reminder for AUSCERT2025 tutorial submissions! If you have fresh insights or a session idea, now is the time to submit—deadline is Monday 11th November. As we move into the final months of the year, let’s celebrate our achievements, connect with peers, and prepare for a successful 2025. We look forward to seeing you at the meet-ups and hearing your ideas for AUSCERT2025!


CVE-2024-42509 (CVSS 9.8): Critical Vulnerability Exposes Aruba Access Points to Attack
Date: 2024-11-06
Author: Security Online

HPE Aruba Networking has issued a security advisory warning of multiple critical vulnerabilities affecting Access Points running Instant AOS-8 and AOS-10. The company has released patches addressing these vulnerabilities, which, if exploited, could lead to remote code execution (RCE), unauthorized access, and even full system compromise.

LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk
Date: 2024-10-30
Author: Infosecurity Magazine

[AUSCERT has identified the impacted members and contacted them via email]
A vulnerability in the LiteSpeed Cache plugin for WordPress, which has over 6 million active installations, has been discovered allowing unauthenticated visitors to gain administrator-level access by exploiting a security flaw in the plugin’s role simulation feature. This flaw permitted unauthorized access that could lead to the installation of malicious plugins.
The LiteSpeed Cache plugin is widely used for site optimization and supports popular WordPress plugins like WooCommerce, bbPress and Yoast SEO.

Google fixes two Android zero-days used in targeted attacks
Date: 2024-11-05
Author: Bleeping Computer

[Please also see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2024.7175/]
Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities.
Tracked as CVE-2024-43047 and CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks.
"There are indications that the following may be under limited, targeted exploitation," says Google's advisory.
The CVE-2024-43047 flaw is a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges.

Microsoft SharePoint RCE bug exploited to breach corporate network
Date: 2024-11-02
Author: Bleeping Computer

[AUSCERT has identified the impacted members (where possible) and contacted them via email]
[Please also see AUSCERT's updated bulletin: https://portal.auscert.org.au/bulletins/ASB-2024.0128.2/]
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.
CVE-2024-38094 is a high-severity (CVSS v3.1 score: 7.2) RCE flaw impacting Microsoft SharePoint, a widely used web-based platform functioning as an intranet, document management, and collaboration tool that can seamlessly integrate with Microsoft 365 apps.

Google Claims World First As AI Finds 0-Day Security Vulnerability
Date: 2024-11-05
Author: Forbes

An AI agent has discovered a previously unknown, zero-day, exploitable memory-safety vulnerability in widely used real-world software. It’s the first example, at least to be made public, of such a find, according to Google’s Project Zero and DeepMind, the forces behind Big Sleep, the large language model-assisted vulnerability agent that spotted the vulnerability.


ESB-2024.7250 – Cisco Unified Industrial Wireless Software: CVSS (Max): 10.0

A critical vulnerability in Cisco's UWRB access points allows attackers to execute commands as a root user. The flaw is due to improper validation of input, which can be exploited remotely. Cisco has issued patches to fix the issue and advises affected users to apply them immediately.

ESB-2024.7215 – Google Chrome: CVSS (Max): None

Google released an emergency Chrome update to fix two critical use-after-free vulnerabilities (CVE-2024-10826 and CVE-2024-10827) that could lead to remote code execution and system compromise. Users are urged to update their browsers immediately to mitigate security risks.

ESB-2024.7175 – Google Android: CVSS (Max): 8.4*

In its November 2024 update, Google patched 40 Android vulnerabilities, including two actively exploited zero-days: CVE-2024-43047 and CVE-2024-43093. CVE-2024-43047, a use-after-free flaw in Qualcomm’s DSP, could lead to privilege escalation and device compromise, while CVE-2024-43093 affects Android’s framework, exposing devices to potential attacks. Users are urged to update their devices promptly to mitigate these risks.

ASB-2024.0128.2 – Microsoft Office, Microsoft Office Services and Web Apps: CVSS (Max): 8.8

AUSCERT updated its bulletin from 10 July to include the addition of CVE-2024-38094 to CISA's KEV catalog. This vulnerability is actively being exploited by attackers to gain access to corporate networks.


Stay safe, stay patched and have a good weekend!

The AUSCERT team