Publications

LISTEN HERE: AUSCERT “Share Today, Save Tomorrow” CTI – The importance of information and why context matters In this episode, AUSCERT features the following guests: Chris Horsley, Cosive David Stockdale, AUSCERT Anthony sits down with previous AUSCERT employee Chris from Cosive to discuss Cyber Threat Ingelligence, the importance of information and why context matters so much. In the second half of the episode, Bek chats with David Stockdale, Director of AUSCERT to reflect on the past 12 months achievements and celebration of 30 years of AUSCERT. This episode was hosted by Anthony Caruana and Bek Cheb. Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know! The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.

AUSCERT 30 Years 30 Stories – Megan Cox As AUSCERT’s Event Coordinator, Megan Cox knows a thing or two about what it’s like to be part of the Australian cyber security community. Reflecting on the positive culture of AUSCERT and the cybersecurity industry, Megan encourages people from all walks of life to become a member. Getting to share this space with great people is what drives Megan’s passion as she shares her voice in the AUSCERT 30 Years 30 Stories series. What is your favourite highlight about the AUSCERT conference? The conference is a truly unique experience. At its essence, it is a bunch of industry professionals getting together from across Australia and internationally, which is cool to see. I don’t come from a cyber background, so it was interesting for me to learn a lot in a very short amount of time about the industry. I get to meet so many great people who are members, prospective members, and conference attendees, and we get the great opportunity to tell them more about AUSCERT. What attracted you to work for AUSCERT? All of the reviews online regarding AUSCERT as an organisation were highly positive. At the time I was looking for an opportunity like this, and wanted a role that had a nice culture that supported its people, and encouraged staff to have career progression. When I saw that AUSCERT had the backing of UQ, I was like, “Oh, that can only be a good organisation.” What is your most significant highlight from your time working with AUSCERT? Besides the podcast, it’s the little bits and bobs we do on the sides like the monthly wine and cheese nights. I love getting to know everyone in our office in a more casual atmosphere. As a woman in the industry, what would you say to other young professional women wanting to enter the industry and are hesitant about the barriers? What words of encouragement would you give them? I can understand 100% where they’re coming from. I think that of all the male-dominated industries, cyber is probably the most accepting of anyone and everyone. Giving it a go is probably the best advice there is for any profession. If it’s not for you, then it’s not for you, but at least you know you’re not going to sit there in 50 years and wonder “What could have been”?    

Greetings, Spear phishing is experiencing a significant surge, marked by a rise in both prevalence and sophistication. Cyber Criminals employ highly targeted techniques to deceive their victims, demonstrating a precision that focuses on specific individuals or organisations. The particularly concerning aspect of these attacks lies in their high success rate, attributed to their effectiveness in appearing genuine. A joint advisory from key nations – Australia, Canada, New Zealand, the United Kingdom, and the United States, highlights the spear phishing techniques employed by the Russian state-based actor, Star Blizzard. This advisory aims to raise awareness regarding the increasingly sophisticated tactics used by cyber adversaries to target individuals and organisations globally. Notably these techniques are commonly directed at sectors such as academia, defence, governmental organisations, NGO’s (Non-Governmental Organisations), and political figures. While Star Blizzard has predominately targeted the UK and US, the advisory serves as a global warning, urging everyone to remain vigilant. The evolving nature of these attacks necessitates a collective effort to stay informed and proactive against the growing threats. The advisory provides valuable insights into spear-phishing campaigns and offers guidance on recognising potential signs of deception. In spear-phishing campaigns, cybercriminals gather detailed information about their targets including names, titles, and relationships. This level of personalisation makes these phishing attempts more convincing and challenging to identify. The perpetrators often impersonate high-ranking executives of trusted individuals within an organisation, manipulating employees into divulging sensitive information or performing actions that could compromise security. The emails appear very legitimate as they often use cloned email templates from the target organisation, increasing the likelihood that recipients will trust and act upon them. This method usually involves social engineering tactics, manipulating human psychology to exploit trust or authority. Attackers may leverage information from social media, organisational information, or other sources to craft convincing and targeted messages. Staying informed about these tactics and remaining vigilant are crucial steps in fortifying defences against such deceptive cyber threats. Empower your employees by allocating resources for training and investing in broader education and awareness initiatives. Head to our website for more information on upcoming training courses for 2024! Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle Date: 2023-12-12 Author: Security Week [Please see AUSCERT Bulletins: ESB-2023.7419, ESB-2023.7418, ESB-2023.7413] Adobe warned users on both Windows and macOS systems about exposure to code execution, memory leaks and denial-of-service security issues. Software maker Adobe on Tuesday rolled out fixes for code execution flaws in the enterprise-facing Illustrator, Substance 3D Sampler and After Effects products. Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day Date: 2023-12-12 Author: Bleeping Computer [Please see AUSCERT Bulletins: ASB-2023.(0230 – 0235)] Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution (RCE) bugs were fixed, Microsoft only rated three as critical. In total, there were four critical vulnerabilities, with one in Power Platform (Spoofing), two in Internet Connection Sharing (RCE), and one in Windows MSHTML Platform (RCE). Critical Vulnerability in popular Java framework Apache Struts2 Date: 2023-12-14 Author: ACSC [Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2023.7339.2] A Critical RCE vulnerability has been found in the Apache Struts2 Framework with ‘flawed file upload logic’. This can allow a temporary file upload to instead be uploaded to any directories and allow execution, such as the deployment of a web shell. Patches have been released for the framework itself, but mitigation will also require vendors applying these patches in all applications which use the framework. This includes multiple enterprise-oriented web applications. Exploitation attempts have been observed globally. UniFi devices broadcasted private video to other users’ accounts Date: 2023-12-15 Author: Ars Technica Users of UniFi, the popular line of wireless devices from manufacturer Ubiquiti, are reporting receiving private camera feeds from, and control over, devices belonging to other users, posts published to social media site Reddit over the past 24 hours show. “Recently, my wife received a notification from UniFi Protect, which included an image from a security camera,” one Reddit user reported. “However, here's the twist—this camera doesn't belong to us.” WordPress 6.4.2 Patches Remote Code Execution Vulnerability Date: 2023-12-08 Author: Security Week WordPress last week released a security update for the popular content management system (CMS) to address a remote code execution (RCE) vulnerability. The flaw addressed in the open source CMS is a property oriented programming (POP) chain issue introduced in WordPress core 6.4. It can be combined with a different object injection flaw, allowing attackers to execute PHP code on vulnerable websites. Apple Ships iOS 17.2 With Urgent Security Patches Date: 2023-12-11 Author: Security Week [Please see AUSCERT Bulletin: https://portal.auscert.org.au/bulletins/ESB-2023.7367] Apple on Monday rolled out security-themed iOS and iPadOS refreshes to address multiple serious vulnerabilities that expose mobile users to malicious hacker attacks. The newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes. ASB-2023.0230 – ALERT Microsoft Windows: CVSS (Max): 8.8 Microsoft has released its monthly security patch update for December 2023 which resolves 25 vulnerabilities in Windows and Windows Server. ESB-2023.7367 – iOS 17.2 and iPadOS 17.2: CVSS (Max): 7.1* The newest iOS 17.2 and iPadOS 17.2 rollout addresses a number of security issues , some serious enough to lead to arbitrary code execution or app sandbox escapes. ESB-2023.7339.2 – UPDATE Apache Struts: CVSS (Max): None A Critical RCE vulnerability has been found in the Apache Struts2 which has been exploited in the wild. Patches have been released and it is strongly recommended that IT Administrators take immediate action to apply these patches and ensure the security of their systems. ESB-2023.7344 – WordPress: CVSS (Max): None WordPress has released WordPress 6.4.2. for the popular content management system to address a remote code execution vulnerability. Site owners and administrators are advised to update to the fixed CMS version as soon as possible. ESB-2023.7413 – Adobe Illustrator: CVSS (Max): 7.8 Adobe has released an update for Adobe Illustrator 2023 and 2024. This update resolves critical vulnerabilities that could lead to arbitrary code execution. Stay safe, stay patched and have a good weekend! The AUSCERT team

Meet Joshua Finley, Data Centre Services Engineer at the Port of Melbourne. Having had personal experience with AUSCERT through website security and later with AUSCERT’s partnership with the Port of Melbourne, Joshua explains why he finds the membership to be well worth his time and money. Read on to find out more about Joshua’s AUSCERT connection. How did you first become involved with AUSCERT? For a long time, I hosted a large variety of websites, and back then, there wasn’t a great deal of cybersecurity resources. I became an AUSCERT member because I was looking for some help. Luckily when I started at the Port of Melbourne, as critical national infrastructure, they were already members and I got to pick up and run with our membership. What are the key benefits you’ve experienced as an AUSCERT member? Meeting the community in Melbourne has been super helpful; being able to network, and additionally receive timely alerts and notifications about the latest threats is very important. Lastly, having a point of contact to reach out to if we ever get into any trouble is reassuring. What advice would you give to someone who isn’t already an AUSCERT member? Simply, become a member and don’t think about it. We use the notification and alarms extensively and I also find the threat feed very useful. Also it’s very helpful having a point of contact to reach out to if we ever find ourselves in trouble. Looking ahead, what do you think the future holds for AUSCERT? There’s a huge space that AUSCERT could play in by extending services to a variety of non-government organisations as these organisations don’t have the footprint to do it themselves. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? Being non-for-profit, the motivations behind AUSCERT are true and pure – you don’t get this with a commercial organisation. Having a non-commercial partner  

  AUSCERT 30 Years 30 Stories – Mark Jackson Viewing the AUSCERT membership as a two-way value exchange, Mark Jackson hopes to put in just as much as he receives working alongside AUSCERT. As the Security Services Lead at MYOB, providing tax, accounting, and other business services to multiple individuals and companies across Australia, Mark’s AUSCERT story spans years. How did you first become involved with AUSCERT, and what motivated you to become a member? I’ve worked in many different organisations and at one in particular, I was prompted to investigate AUSCERT and sign up. Many years later, I’ve crossed multiple organisations and am still a member. What are some of the key benefits and experiences of an AUSCERT membership? The key services that I’ve used across my career are AUSCERT’s threat and vulnerability intelligence, along with takedown services. These services have been invaluable to the workplaces I’ve been a part of providing guidance through various incidents, good advice, and leading us to the right people to workshop a solution. How has AUSCERT evolved over the years, and what changes have you seen in the cybersecurity landscape that have affected the organisation’s work? Back in the day, cybersecurity was only attached to infrastructure. Just about every company needs to mature to deal with today’s challenges. The services AUSCERT offers and how they approach security have changed to match modern threats. What advice would you give to someone considering becoming an AUSCERT member? Be sure to lean on the network and stay in contact. Like anything, you get out what you put in. Looking ahead, what do you think the future holds for AUSCERT, and how do you see the organisation continue to play a role in the cybersecurity community? Given the depth and breadth of AUSCERT’s connections within the community, the organisation’s pool of information will be highly valuable. It’s the community that gives AUSCERT a much broader picture of things that might impact individual companies that they might not see otherwise. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? AUSCERT’s connection to a wider set of industries and partnerships than cybersecurity silos is their most significant drawcard. AUSCERT collates a broader view of the threats that are out there and what’s happening in general.

Greetings, Automation has long been recognized as the future, but is the future already upon us? The emergence of next-generation connectivity, exemplified by autonomous vehicles and smart cities, signals the dawn of a new era in digital infrastructure. The integration of artificial intelligence (AI) and advanced robotics is propelling automation to new heights, revolutionizing productivity across diverse industries. In this transformative landscape, building our capabilities in these cutting-edge technologies becomes imperative. Doing so ensures that we not only keep up with change but also position ourselves to capitalize on emerging opportunities as they arise. New emerging technologies are likely to transform cyber roles and reshape skill requirements as automated tools assume greater responsibility for core network protection functions. Minister Clare O’Neil has outlined the critical role of automation in the 2023-2030 Cyber Security Strategy. In response to cybercriminals increasingly employing sophisticated technologies to automate ransomware attacks, the strategy advocates a proactive approach through the deployment of automated threat detectors. Essentially, the strategy recognizes automation as a cornerstone in the ongoing battle against cyber threats. The investment in automated solutions and real-time collaboration underscores a commitment to staying ahead in the dynamic cybersecurity landscape, ensuring a robust defence against emerging cyber threats. Successfully implementing automation relies heavily on a strong foundation of clear definitions, guidelines, and processes Often organisations struggle with automation due to a lack of well-documented processes and limited staffing resources. This along with other factors such as maturity and process monitorability, contributes to the challenges security teams face when implementing automation. Successful automation requires a pragmatic approach where teams identify and prioritize processes that are feasible and provide the greatest impact on efficiency and risk reduction. To conclude we would like to remind you of the webinar discussion we have coming up next week designed to support you with the development and submission of your presentations for AUSCERT2024! Register here Atlassian patches critical RCE flaws across multiple products Date: 2023-12-06 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via email]. [See AUSCERT bulletins: ESB-2023.7312, ESB-2023.7311, ESB-2023.7310, ESB-2023.7308] Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks Date: 2023-12-01 Author: Bleeping Computer [Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2023.6704.2] VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins to manage data centers spread across multiple locations as Virtual Data Centers (VDC). The auth bypass security flaw (CVE-2023-34060) only impacts appliances running VCD Appliance 10.5 that were previously upgraded from an older release. However, VMware says it doesn't affect fresh VCD Appliance 10.5 installs, Linux deployments, and other appliances. "Sierra:21" vulnerabilities impact critical infrastructure routers Date: 2023-12-06 Author: Bleeping Computer [Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2023.7318] A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws discovered by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS (open Network Demarcation Service). AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity. Nissan discloses cyber incident in Australia and NZ Date: 2023-12-07 Author: iTnews Carmaker Nissan is investigating a cyber incident affecting undisclosed systems used by its Australian and New Zealand operations. The company said in a statement overlaid on its homepage that the “Australian and New Zealand Nissan Corporation and Financial Services advises that its systems have been subject to a cyber incident.” Apple fixes two new iOS zero-days in emergency updates Date: 2023-12-30 Author: Bleeping Computer [Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2023.7211] Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1," the company said in an advisory issued on Wednesday. Establishing New Rules for Cyber Warfare Date: 2023-12-05 Author: Dark Reading The efforts of the International Committee of the Red Cross (ICRC) to establish rules of engagement to combatants in a cyberwar should be applauded internationally, even if adherence is likely to be limited. The ICRC recently released a set of rules for civilian hackers involved in conflicts to follow in order to clarify the line between civilians and combatants, as cyberspace can be a blurry place to work in — especially during a war. ESB-2023.6704.2 – UPDATE VMware Cloud Director Appliance: CVSS (Max): 9.8 VMware has released Cloud Director Appliance 10.5.1 to fix the authentication bypass vulnerability reported in November 2023. ESB-2023.7318 – Sierra Wireless AirLink with ALEOS firmware: CVSS (Max): 8.1 Multiple vulnerabilities have been reported in Sierra Wireless AirLink with ALEOS which if exploited could result in a cross site scripting or denial-of-service attack. ESB-2023.7309 – Google Chrome: CVSS (Max): None Google announced the release of Chrome 120 to the stable channel for Mac,Linux and Windows. This update contains patches for 10 vulnerabilities. ESB-2023.7308 – ALERT Confluence Data Center and Confluence Server: CVSS (Max): 9.0 The Template Injection vulnerability in Confluence Data Center and Server allows an authenticated attacker to inject unsafe user input into a Confluence page which could result in a RCE attack on an affected instance. Atlassian recommends applying patches to the affected installations. ESB-2023.7339.2 – UPDATE Apache Struts: CVSS (Max): None The Apache Struts group has released Apache Struts versions 6.3.0.2 & 2.5.33 to address a potential security vulnerability identified as CVE-2023-50164. Stay safe, stay patched and have a good weekend! The AUSCERT team

 AUSCERT 30 Years 30 Stories – Dave O’Loan Long-time AUSCERT affiliate and member, Dave O’Loan shares his journey with AUSCERT. As Head of Cyber Relations at the Australian Academic Research Network (AARNet), Dave has had many touchpoints with AUSCERT throughout his career. The sharing of information and diverse collaboration is why Dave continues to support and remain a member of AUSCERT. How did you first get involved with AUSCERT and what motivated you to become a member? AUSCERT is a partner with AARNet within AHECS, the Australian Higher Education Cyber Security Service. Prior to that, I had a long history of working within the academic and research sector. AUSCERT is part of The University of Queensland, linking with AARNet as a shareholder. Therefore, we have a close relationship around securing our sector and broadly sharing information. What are some of the key benefits and experiences of an AUSCERT membership? AARNet gains a lot of benefits through the sharing of threat intelligence, technical indicators, advisories, and bulletins. We also gain a lot from the AUSCERT community, including the conference, and other communities that bring security individuals together to share information effectively. How has AUSCERT evolved over the years, and what changes have you seen in the cybersecurity landscape that have affected the organisation’s work? AUSCERT has evolved by leveraging events like the annual conference and building a strong, information-sharing community. The evolution includes stronger partnerships, distributing information, and bringing different industry verticals together. AUSCERT plays a significant role in ensuring the CERT function is carried out and making sure there’s timely advice available for members. What advice would you give to someone considering becoming an AUSCERT member? AUSCERT memberships have numerous benefits, providing access to information, people, skills, and knowledge that an organisation might not have in-house. The membership allows for asking questions, gaining guidance, and receiving information that helps protect systems, networks, and people. AUSCERT’s training contributes to the cybersecurity maturity of an organisation. What do you think the future holds for AUSCERT, and how do you see the organisation continuing to play a vital role in the cybersecurity community? Many people don’t like answering this question, but I see a bright future for AUSCERT. With the evolving cybersecurity landscape, more entities need to be involved in the broader uplift. AUSCERT’s long history of support and leveraging its capabilities will contribute significantly to achieving a more secure nation. How has your membership in AUSCERT impacted your organisation’s overall approach to cybersecurity? The membership has provided unique information sharing, a subscription model with significant value, and the ability to maintain multiple cybersecurity partners. Different partners contribute advice and guidance across various aspects like risk, threat intel, and governance. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? AUSCERT’s unique nature lies in the shared information it has available through different partners. Maintaining different cybersecurity partners is critical because no single organisation has the knowledge or capacity to understand all risks, threats and governance challenges an organisation could face.

Greetings, As December unfolds and ushers in the enchanting Christmas season, a wave of joy and warmth embraces us. It’s that magical time when we dust off cherished decorations and unwrap trees, inviting a festive cheer into our lives. May your December days be adorned with happiness, love and the spirit of giving as we immerse ourselves in the holiday spirit! On that note this year’s theme for AUSCERT2024 highlights the significant influence that everyone’s actions can carry within the broader cyber community. It promotes the idea of passing it forward by demonstrating how shared knowledge and collaboration can create a ripple effect, strengthening the entire cyber industry. Submit a presentation and contributing to the growth and development of our community. Join our upcoming webinar discussion to gain support in enhancing your presentation skills In cyber news this week, the Queensland Parliament has successfully enacted a mandatory data breach notification scheme, set to impact state agencies from mid-2025 and local governments from mid-2026. Government agencies will be subject to new requirements for managing personal information, after the ‘Information Privacy and Other Legislation Amendment Act 2023’ was passed by parliament on Wednesday. Under the scheme, agencies must notify affected individuals and the Office of the Information Commissioner of data breaches that have the potential to result in serious harm. This proactive notification process empowers individuals by enabling them to take decisive action to manage risks and mitigate potential harm arising from a data breach. Mandating notification underscores the importance of data security for agencies, prompting a more proactive approach to preventing and managing data breaches.In essence, this legislative measure not only safeguards individuals but also serves as a catalyst for improved data security practices within government entities. Queensland has become only the second state to legislate a mandatory data breach notification scheme for public sector entities, along with NSW. In other news, the ACSC Essential Eight Maturity Model (E8MM) was recently updated to better assist organisations in protecting their digital assets against cyber threats. Key focus areas for this update have included balancing patching timeframes, increasing adoption of phishing-resistant multifactor authentication, supporting management of cloud services, and performing incident detection and response for internet-facing infrastructure. Critical bug in ownCloud file sharing app exposes admin passwords Date: 2023-11-24 Author: Bleeping Computer [AUSCERT has identified the impacted members (where possible) and contacted them via email] Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials. ownCloud is an open-source file sync and sharing solution designed for individuals and organizations wishing to manage and share files through a self-hosted platform. It is used by businesses and enterprises, educational institutes, government agencies, and privacy-conscious individuals who prefer to maintain control over their data rather than hosting it at third-party cloud storage providers. Essential Eight Maturity Model Update Date: 2023-11-27 Author: ASD As the Australian Signals Directorate (ASD) is committed to providing cyber security advice that is contemporary, fit for purpose and practical, the Essential Eight Maturity Model (E8MM) is updated annually. In doing so, it is designed to assist organisations in protecting their internet-connected information technology networks against common cyber threats. Key focus areas for this update have included balancing patching timeframes, increasing adoption of phishing-resistant multifactor authentication, supporting management of cloud services, and performing incident detection and response for internet-facing infrastructure. AI systems ‘subject to new types of vulnerabilities,’ British and US cyber agencies warn Date: 2023-11-28 Author: The Record “AI systems are subject to new types of vulnerabilities,” the 20-page document warns — specifically referring to machine-learning tools. The new guidelines have been agreed upon by 18 countries, including the members of the G7, a group that does not include China or Russia. The guidance classifies these vulnerabilities within three categories: those “affecting the model’s classification or regression performance”; those “allowing users to perform unauthorized actions”; and those involving users “extracting sensitive model information.” Guidelines for secure AI system development Date: 2023-11-27 Author: NCSC This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties. Okta Breach Impacted All Customer Support Users—Not 1 Percent Date: 2023-11-29 Author: WIRED In late October, the identity management platform Okta began notifying its users of a breach of its customer support system. The company said at the time that about 1 percent of its 18,400 customers were impacted by the incident. But in a massive expansion of this estimate early this morning, Okta said that its investigation has uncovered additional evidence that, in fact, all of its customers had data stolen in the breach two months ago. ESB-2023.7196 – Tenable Nessus: CVSS (Max): 9.8 Several of the third-party components (HandlebarsJS, OpenSSL, and jquery-file-upload) were found to contain vulnerabilities, and updated versions have been made available by the providers ESB-2023.7117 – ALERT Google Chrome: CVSS (Max): None The Stable channel has been updated to 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows. This update includes 7 security fixes ESB-2023.7077 – Perl: CVSS (Max): 9.8 Perl incorrectly handled printing certain warning messages. An attacker could possibly use this issue to cause Perl to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. ( CVE-2022-48522 ) ESB-2023.7135 – Delta Electronics InfraSuite Device Master: CVSS (Max): 9.8 Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and obtain plaintext credentials ESB-2023.7211 – ALERT Apple: CVSS (Max): None Apple is aware of a report that this issue may have been exploited against some versions of iOS Stay safe, stay patched and have a good weekend! The AUSCERT team

Greetings, This week we released a new episode of our Share Today, Save Tomorrow podcast – episode 28: Cyber Artefacts. In this episode Anthony sits down with Mike Pritchard from Cydarm Technologies to discuss Mike’s passion for collecting hardware artefacts that provide insights into the history of cyber security. Mike showcases extraordinary artefacts dating back 60-70 years, offering a glimpse into the foundations of the computer industry. In the final part of the episode, Anthony hands over to Bek Cheb, AUSCERT’s Business Manager, who has a chat with our Principal Analyst, Mark Carey-Smith, about AUSCERT2024 and the exceptional mentoring support available for speakers. If you’re interested in speaking at AUSCERT2024 but are unsure about what to present or struggling to choose a topic, we’re hosting a webinar to address any concerns and guide you through the process of formulating a concept for your presentation. If you’d like to attend, please register here AUSCERT is thrilled to introduce a new service for our members – AusMISP. So, what is AusMISP, you might be asking? Well, AusMISP is a platform that facilitates the sharing of threat intelligence with members. The platform features a shared curated feed of threat indicators that members can utilise to enhance their network security. This collaborative effort includes threat intelligence acquired from trusted communities and organisations, contributing to the enhancement of members' cyber security posture. For our higher education members, we have an existing special sector specific platform AHECS ISAC, which includes AusMISP data and additional threat indicators relevant to this sector. Eager to learn more about AusMISP and exactly what it entails? Head to our website or message our membership team who can provide you with a Starter Guide and other resources to help your organisation implement it as part of your cyber security strategy! To conclude if you’re looking for some captivating reading this weekend, then delve into the “Australia’s Strategic Vision in Cyber Security” written by Sasenka Abeysooriya, Program Director and Senior Strategic Advisor at UQ and AUSCERT Director and UQ CISO David Stockdale. The article summarises the visionary leadership, strategic layers of defence, and the broader implications of Australia’s 2023-2030 Cyber Security Strategy. Securing Customer Personal Data for Small to Medium Businesses Date: 2023-11-17 Author: ASD The latest Annual Cyber Threat Report found that cybercrime reports have increased compared to data from the previous year, with one report now received every 6 minutes. During the 2022-23 financial year, the cost of cybercrime to businesses increased by 14%. Per cybercrime report, small businesses experienced an average financial loss of $46,000, while cybercrime cost medium businesses an average of $97,200. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has launched a new publication on Securing Customer Personal Data for Small and Medium Businesses. Gov commits $18.2m for SME cyber security boost Date: 2023-11-21 Author: iTnews The federal government has announced two initiatives aimed at boosting support to small and medium businesses (SMEs) to fortify their cyber security skills. The government has promised $7.2 million to set up a voluntary cyber health-check program, enabling access to a free, self-assessments of cyber security maturity. It’s also committed another $11 million towards the Small Business Cyber Resilience Service, which offers one-on-one assistance towards cyber challenges, and covers cyber attack recovery. Malware dev says they can revive expired Google auth cookies Date: 2023-11-21 Author: Bleeping Computer The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing session to log in to a website's services automatically. As these cookies allow anyone possessing them to log in to the owner's account, they commonly have a limited lifespan for security reasons to prevent misuse if stolen. Researchers want more detail on industrial control system alerts Date: 2023-11-22 Author: CyberScoop At the beginning of July, Rockwell Automation released a security advisory about a vulnerability in one of its products. Working with the U.S. government, the company said it had become aware that a state-backed hacking unit had developed the ability to run malicious code on the communication modules of an industrial controller. The company wouldn’t identify who had this ability to attack its products and an accompanying advisory from the Cybersecurity and Infrastructure Security Agency said there were no known instances of the vulnerability being exploited in the wild. Cybersecurity Investment Involves More Than Just Technology Date: 2023-11-17 Author: Dark Reading Organizations are looking for a "high value for money" when deciding how to allocate their cybersecurity budgets, and there is a "greater focus on getting value from existing resources," according to S-RM's "Cyber Security Insights Report 2023." The report, which reflects responses from 600 C-suite business leaders and senior IT professionals within large organizations, found that the top five investment areas were cybersecurity technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organizations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). ESB-2023.6886 – Tenable Security Center: CVSS (Max): 8.8 Tenable Security Center has been updated to address vulnerabilities affecting third-party components ESB-2023.6945 – Atlassian Products: CVSS (Max): 8.5 Several high severity vulnerabilities have been patched in various Atlassian products ESB-2023.6949 – Firefox: CVSS (Max): 7.5 Mozilla has updated Firefox to address multiple vulnerabilities ESB-2023.6997 – Intel NUC Software Products: CVSS (Max): 8.8 Intel has addressed several vulnerabilities affecting NUC Software products in its quarterly update Stay safe, stay patched and have a good weekend! The AUSCERT team

AUSCERT 30 Years 30 Stories – Trace Borrero Trace Borrero works at the University of Southern Queensland and through the university’s connection to AUSCERT, Trace has developed into a well-trained and active part of the AUSCERT community. From graduate to professional, check out Trace’s AUSCERT story. How did you first become a member of AUSCERT? I came directly out of my degree in cyber security and landed in a role at the University of Southern Queensland. The university were already members, so I became a member. How do you use the AUSCERT service and what benefit do you receive? We use the Malware Information Sharing Platform (MISP) a lot, and we’ve learned to automate from there. When I graduated there was a lot of talk about the intel and IOCs that came from AUSCERT. We would be looking for them in our environment and acting on them if needed. Whenever we’d see widespread phishing, we’d be able to send it to AUSCERT and they would handle it. To me as a graduate, it was magic. I didn’t understand what was going on, but I knew that it was taken care of. Now that I’ve learned the ropes, it’s a plus, because there is a lot of groundwork in the backend that AUSCERT handle for you. How do you think AUSCERT has evolved over the years? I’ve been a member for five years, so I’ve seen lots of change in the direction the industry is heading. AUSCERT is trying to remain cutting edge, which is important. Recently, automation is the new buzzword. Automation is one place that AUSCERT have adapted successfully, preparing their members to automate and thinking about what type of automation that members want. What advice would you give to someone considering becoming an AUSCERT member? It’s worth it – one of the best things you could do, is simply attend the conference and see what it’s all about. It’s hard to see AUSCERT’s benefit purely from the website. Meeting AUSCERT’s members, attending events, or just the conference, is a good place to start. What do you think the future holds for AUSCERT? I assume AUSCERT will continue to try and stay cutting edge. They will also continue to look out for their members as best they can, in whatever way that means. What sets AUSCERT apart from other organisations in the cyber security industry? AUSCERT are looking out for you. Obviously, they have their own interests, but their interests are their members. You don’t see that very often, specifically when you look at other vendors. Simply having someone to bounce your ideas off, and then receiving feedback from AUSCERT and its member community is fantastic. To be able to say: “Oh, hey, I’ve seen this phishing email. Has anyone else seen it?” “Oh, yes, we’ve seen it, and these are the other IOCs or other attributes of it.” It’s truly a community of learning and collaboration.

LISTEN HERE: AUSCERT “Share Today, Save Tomorrow” – Cyber artefacts In this episode, AUSCERT features the following guests: Mike Pritchard, Cydarm Technologies Mark Carey-Smith, AUSCERT Anthony sits down with Mike to discuss his passion for collecting hardware artefacts that help us understand the history of cyber. In the second half of the episode, Bek chats with Mark Carey-Smith, Principal Analyst of AUSCERT about the launch AusMISP and the AUSCERT2024 mentoring program and call for presentations. This episode was hosted by Anthony Caruana and Bek Cheb. Our podcasts aim to provide fascinating insights, great stories from the field and lessons you can take back to your workplace. If you have any ideas or suggestions for what we can talk about, please let us know! The AUSCERT podcast can also be found on Spotify, Apple Podcasts and Google Podcasts.

Greetings, With Black Friday sales already underway, it’s a good reminder to remain vigilant. Each year the deals claim to be bigger and better, drawing people into excessive spending. Cyber criminals have become very sophisticated in exploiting this opportunity to execute cyber attacks. Educate your family and friends on the potential dangers of online shopping during this time! This week, the Australian Signals Directorate (ASD) released its annual cyber security threat report,revealing some very concerning statistics. The report indicates that cyber crimes continued to be a pervasive and endemic threat to Australia’s economic and social prosperity throughout 2022-23. Australia is perceived as a very popular target due to its booming e-commerce industry and relative wealth. The report revealed the most common cyber attacks on individuals consisted of identity fraud, online banking fraud and online shopping fraud. For Australian businesses, the cost of cyber crime has climbed by 14% with the most identified attack being compromised emails. Business email compromise fraud continues to significantly impact businesses with almost $80 million in reported losses. Malicious cyber actors often exploit unpatched and misconfigured systems or take advantage of weak or re-used credentials to access systems and networks. To defend against email attacks, set aside time for regular cyber security training and ensure staff are cautious of emails that contain requests for payment of change of bank details Thankfully for our nation we have a proactive Cyber Security Minister, Clare O’Neil, who understands the growing concerns of individuals and businesses and is taking proactive steps to mitigate these threats to our economy. Ms O’Neil is planning to create new legislation that would classify telecommunication companies as critical infrastructure for the first time, requiring company boards to comply with strict rules that already cover hospitals, utilities, ports, and energy generation assets. Following the high-profile Optus attack last year and nationwide network outage last week, the Australian government believes it is necessary to include telcos under the Security of Critical Infrastructure Act. This means they will now be required to sign off on a new cyber risk management program every year or face potentially hundreds of thousands of dollars in penalties. To conclude, we are excited to notify you our Call for Presentations for AUSCERT2024 is now open! Submit your papers today! Microsoft Warns of Critical Bugs Being Exploited in the Wild Date: 2023-11-14 Author: Security Week [Please see AUSCERT bulletins: https://portal.auscert.org.au/bulletins/ASB-2023.0226 and https://portal.auscert.org.au/bulletins/ASB-2023.0223] The world’s largest software maker Microsoft on Tuesday released patches with cover for at least 59 documented security vulnerabilities, including a pair of critical-severity zero-days already being exploited in the wild. Redmond’s security response team documented a wide range of security defects in a range of Windows OS and components and called special attention to two vulnerabilities — CVE-2023-36033 and CVE-2023-36036 — being exploited in active attacks. LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed Date: 2023-11-14 Author: Bleeping Computer [AUSCERT identified the impacted members (where possible) and notified them via email on 11 October 2023] [We urge impacted members to promptly apply the patches in accordance with the vendor's recommendations, if they have not already done so] The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ago, thousands of internet-exposed endpoints are still running vulnerable appliances, many in the U.S. Novel backdoor persists even after critical Confluence vulnerability is patched Date: 2023-11-14 Author: The Register [AUSCERT identified the impacted members (where possible) and notified them via email on 01 November 2023] [We urge impacted members to promptly apply the patches in accordance with the vendor's recommendations, if they have not already done so] A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence. The backdoor provides attackers remote access to a victim, both its Confluence server and other network resources, and is found to persist even after Confluence patches are applied. Azure CLI credential leak part of Microsoft's monthly patch rollup Date: 2023-11-15 Author: iTnews [Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ASB-2023.0224] One of the critical vulnerabilities, CVE-2023-36052, is important enough to receive a detailed technical discussion in this blog post. The bug leaks credentials to GitHub Actions logs through the Azure command-line interface (CLI). Aviad Hahami of Palo Alto’s Prisma Cloud found that Azure CLI commands could be used to show sensitive data and output to continuous integration and continuous deployment (CI/CD) logs, Microsoft explained. Intel patches high-severity vulnerability affecting central processing units Date: 2023-11-15 Author: The Record The U.S. chip manufacturer Intel has patched a high-severity vulnerability affecting central processing units in its desktop, mobile and server products. The successful exploitation of the bug could allow hackers to gain higher-level access to the system, obtain sensitive information and even cause the machine to crash. The vulnerability, tracked as CVE-2023-23583 and codenamed Reptar, carries the CVSS severity score of 8.8 out of 10. There haven't been any reported incidents of an attack through Reptar in the wild. CISA warns of actively exploited Juniper pre-auth RCE exploit chain Date: 2023-11-13 Author: Bleeping Computer CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its advisory to notify customers that the flaws found in Juniper's J-Web interface (tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847) have been successfully exploited in the wild. "Juniper SIRT is now aware of successful exploitation of these vulnerabilities. Customers are urged to immediately upgrade," the company said. ESB-2023.6749 – FortiSIEM: CVSS (Max): 9.3 Fortinet has recently identified a critical vulnerability in the FortiSIEM report server. This vulnerability involves an OS command injection and could potentially be exploited by remote, unauthenticated attackers. By sending specially crafted API requests, these attackers may be able to execute arbitrary commands on the affected system. It is crucial for customers to be aware of this vulnerability and take appropriate measures to mitigate the risk. ESB-2023.6734 – Google Chrome: CVSS (Max): None Google has released an update for the Google Chrome Stable channel. The update version 119.0.6045.159 is specifically for Mac and Linux users, while Windows users will receive either version 119.0.6045.159 or 119.0.6045.160. It is recommended that users of Google Chrome on these platforms update to the latest version to ensure they have the most recent security enhancements and bug fixes. ESB-2023.6639 – Adobe ColdFusion: CVSS (Max): 9.8 Adobe has released an update for ColdFusion that addresses critical vulnerabilities. These vulnerabilities have the potential to result in the deserialization of untrusted data, improper access control, and other security issues ASB-2023.0223 – ALERT Microsoft Windows: CVSS (Max): 9.8* Microsoft has recently issued its monthly security patch update for November 2023. This update addresses a total of 32 vulnerabilities found in Windows and Windows Server. It is important to note that Microsoft has confirmed the active exploitation of CVE-36025, CVE-2023-36033, and CVE-2023-36036. ESB-2023.6704 – VMware Cloud Director Appliance: CVSS (Max): 9.8 An authentication bypass vulnerability has been identified in VMware Cloud Director Appliance with the CVE identifier CVE-2023-34060. This vulnerability affects VMware products that have been upgraded to version 10.5 from a previous version. To address this issue, updates have been released by VMware Stay safe, stay patched and have a good weekend! The AUSCERT team