//Week in review - 9 Feb 2024
Greetings,
AUSCERT2024 registrations are now open – secure the early bird rates now! AUSCERT Member Tokens have been dispatched so make sure to utilise these great discounted and complimentary tickets. Our tutorial schedule offers a great selection of workshops covering diverse subjects like threat hunting, incident response, risk management, and machine learning. This year, we received the highest number of presentation submissions in the history of our conference! We're eagerly anticipating the program committee's selection of the best presentations for an exciting and informative program. Join us for an exceptional experience at AUSCERT2024!
One of our favourite aspects of the conference is the chance to reconnect with our community. Each year, our goal is to curate a program featuring speakers who are experts and leaders in their fields, while also promoting diversity to ensure we incorporate different perspectives and mindsets. A notable highlight from AUSCERT2023 was the significant presence of outstanding female speakers in the program. Particularly impressive was keynote speaker Rachel Tobac, a globally renowned expert in social engineering.
Speaking of social engineering, with Valentine’s Day approaching now is a great time to promote good cyber hygiene in your workplace and personal life. You can further bolster cyber security resilience in your workplace with a variety of new training courses we’ve recently added to our line-up, including the highly sought-after "Data Governance Principles and Practices." This course is designed to educate participants on the key components of a successful framework, covering best practices and real-world examples. Attendees will learn the essential skills and knowledge required to implement a successful data governance program in their organisations.
Here’s some highlights from this week’s cyber security news:
Critical Cisco bug exposes Expressway gateways to CSRF attacks
Date: 2024-02-07
Author: Bleeping Computer
[AusCERT has identified impacted members (where possible) and contacted them via email]
[Please also see AusCERT bulletin: https://auscert.org.au/bulletins/ESB-2024.0836]
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.
Attackers can exploit CSRF vulnerabilities to trick authenticated users into clicking malicious links or visiting attacker-controlled webpages to perform unwanted actions such as adding new user accounts, executing arbitrary code, gaining admin privileges, and more.
JetBrains warns of new TeamCity auth bypass vulnerability
Date: 2024-02-06
Author: Bleeping Computer
JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. Tracked as CVE-2024-23917, this critical severity flaw impacts all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can be exploited in remote code execution (RCE) attacks that don't require user interaction.
AnyDesk says hackers breached its production servers, reset passwords
Date: 2024-02-02
Author: Bleeping Computer
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
AnyDesk is a remote access solution that allows users to remotely access computers over a network or the internet. The program is very popular with the enterprise, which use it for remote support or to access colocated servers.
Critical Remote Code Execution Vulnerability Patched in Android
Date: 2024-02-06
Author: Security Week
[Please also see AUSCERT bulletin: https://auscert.org.au/bulletins/ESB-2024.0766]
Google on Monday announced patches for 46 vulnerabilities in Android, including a critical-severity bug leading to remote code execution. The flaw, tracked as CVE-2024-0031 and impacting Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14, was identified in the platform’s System component. “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” Google explains in its advisory.
QNAP Patches High-Severity Bugs in QTS, Qsync Central
Date: 2024-02-05
Author: Security Week
[AusCERT has identified the impacted members (where possible) and contacted them via email]
Taiwan-based QNAP Systems has released patches for two dozen vulnerabilities across its products, including two high-severity flaws leading to command execution.
The bugs, tracked as CVE-2023-45025 and CVE-2023-39297, are described as OS command injection flaws that impact QTS versions 5.1.x and 4.5.x, QuTS hero versions h5.1.x and h4.5.x, and QuTScloud version 5.x.
The first issue, QNAP says, can be exploited by users to execute commands via the network, under certain system configurations. The second bug requires authentication for successful exploitation, the company says.
Critical vulnerability in Mastodon is pounced upon by fast-acting admins
Date: 2024-02-02
Author: The Register
Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers.
With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely.
While very little has been released by way of technical details – allowing admins time to patch before attackers devise exploits – vulnerabilities with such high CVSS scores tend to lead to severe consequences on the affected product and are often relatively easy to exploit.
ASB-2024.0035.2 – UPDATE FortiSIEM
AUSCERT has issued an advisory to its members regarding a critical flaw in Fortinet's FortiSIEM product. Initially, there were some confusions on this advisory as the vendor directed customers to a previously resolved issue from October last year. However, the confusion has since been cleared up. AusCERT advises its members to follow the vendor's recommendations and promptly apply the necessary patches to address the issue.
ESB-2024.0836 – ALERT Cisco Expressway Series: CVSS (Max): 9.6
Multiple vulnerabilities have been discovered in Cisco Expressway Series collaboration gateways, with two of them being classified as Critical. Cisco has taken action by releasing security updates to mitigate these vulnerabilities.
ESB-2024.0766 – Android: CVSS (Max): 7.5*
Google has recently made an announcement regarding the release of patches for 46 vulnerabilities found in Android. Among these vulnerabilities is a critical-severity bug that could potentially result in remote code execution. This particular flaw, identified as CVE-2024-0031, affects the Android Open Source Project.
ESB-2024.0751 – WordPress: CVSS (Max): None
WordPress has recently launched version 6.4.2, focusing on resolving 7 bug fixes in Core. Additionally, this release includes an important security fix. The users are advised to promptly update their sites to ensure optimal security and functionality.
ESB-2024.0798 – Google Chrome: CVSS (Max): None
Google has updated the Stable channel to 121.0.6167.160 for Mac and Linux and Windows will be rolled out over the coming days/weeks. This update includes 3 security fixes.
Stay safe, stay patched and have a good weekend!
The AusCERT team
