11 Aug 2023

Week in review

Greetings,

If you haven’t been keeping up with the Matildas over the past few weeks, you’ve definitely been missing out! The team is on an impressive winning streak, triumphing over Denmark on Monday and Canada last week. Their remarkable performance has captured the nation’s attention, with widespread support pouring in from every corner. Witnessing the outpouring of love and encouragement from this immensely talented female team has been truly heartening and inspiring. Anticipation is building as we eagerly await the future victories of this extraordinary team of athletes!

We are very excited to announce the AUSCERT2023 conference video recordings are now available on our YouTube Channel! Relive your favourite moments or catch-up on missed sessions from the two feature packed days of presentations, tutorials, debates, and panel discussions. Watch cybersecurity leader Tara Dharnikota’s thought provoking session exploring the evolving threat landscape and the ways to stay ahead. Or listen to expert Peter Jackson as he explains the five cybersecurity controls that can be utilised together to create an effective industrial control system (ICS) or operational technology security program Also don’t miss the riveting panel discussion with leading cyber security professionals addressing the important subject of data governance and cyber security. Highlighting the challenges and opportunities presented by emerging technologies, evolving regulatory landscapes and the growing sophistication of cyber threats.

On the topic of Data Governance our very own Director, Dr David Stockdale, alongside academic experts from UQ Associate Professor Sergeja Slapničar, Dr Micheal Axelsen, and Dr Ivano Bongiovanni, released a research paper this week titled ‘A pathway model to five lines of accountability cybersecurity governance’. The research paper delves into the accountability of the five lines in cybersecurity governance: cyber security control functions, chief information security office, internal audit, executive management and the boards of directors, and looks into the configuration and methodology that organizations employ to govern cybersecurity. Additionally, it sheds light on the primary factors influencing the formation of these configurations and relationships, while providing practical recommendations for both practitioners and researchers.


New PaperCut critical bug exposes unpatched servers to RCE attacks
Date: 2023-08-04
Author: Bleeping Computer

[AUSCERT has identified the impacted members (where possible) and contacted them via MSIN]
PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote code execution on unpatched Windows servers.
Tracked as CVE-2023-39143, the flaw results from a chain of two path traversal weaknesses discovered by Horizon3 security researchers that enable threat actors to read, delete, and upload arbitrary files on compromised systems following low-complexity attacks that don't require user interaction.

Officials Warn Of Energy Grid Risk Due To Foreign-Made Solar Tech
Date: 2023-08-08
Author: channelnews

According to the Cyber Security Cooperative Research Centre, Australia’s use of foreign-made solar panel tech has made the country susceptible to targeted attacks, which could result in an undermining of power grids causing large-scale blackouts.
The top cyber research body also warned the threat comes primarily from solar inverters, the technology that converts solar energy to electricity, which is manufactured in Beijing, a city holding around 76% of the global market supply.

Melbourne Airport upgrades web security, DDoS protections
Date: 2023-08-07
Author: iTnews

Melbourne Airport has deployed Cloudflare’s web application firewall (WAF) and moved its network perimeter to Cloudflare’s global network edge to protect its multi-layered IT environment and public-facing network against DDoS attacks.
Chief information officer Anthony Tomai said that maintaining visibility and implementing integrated security solutions was a serious challenge because the airport relies on a diverse variety of IT-supported services to serve its 25 million annual passengers and work with its 40 airline partners.

SA Power Networks reduces high-severity cyber incidents
Date: 2023-08-08
Author: iTnews

SA Power Networks has reduced the number of cyber incidents it classifies as high-severity by automating its analysis of prior incidents to help it find and address vulnerabilities.
A high-severity incident, according to the state's sole energy distribution provider, is a confirmed breach to IT or OT sytems, or significant unauthorised access or disclosure of highly confidential and/or customer data.

Most VPNs can be tricked into leaking traffic
Date: 2023-08-09
Author: itnews

Nearly 70 VPN clients and servers are vulnerable to a long-standing attack that can cause them to leak user traffic, university researchers have claimed.
“Our tests indicate that every VPN product is vulnerable on at least one device”, the researchers wrote, with VPNs running on Apple devices most likely to be vulnerable, but most VPNs on Windows and Linux also are. VPNs running on Android were the most likely to be secure, they said.


ESB-2023.4562 – Adobe Acrobat and Reader: CVSS (Max): 8.6

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS which addressed 30 critical, important, and moderate CVEs that could lead to application denial-of-service, security feature bypass, memory leaks, and arbitrary code execution. Adobe says it's not aware of any of their vulnerabilities being exploited in the wild.

ESB-2023.4548 – Intel RealSenseTM SDK: CVSS (Max): 6.7

Intel has released an update for Intel RealSense SDK that fixes a security vulnerability which if exploited could lead to an escalation of privilege.

ESB-2023.4488 – Android OS: CVSS (Max): 7.5*

The most recent Android Security Bulletin contains details of security vulnerabilities impacting Android devices. The most severe of these issues is remote (proximal/adjacent) code execution in the system component. Security patch levels of 2023-08-05 or later address the issues.

ASB-2023.0165 – ALERT Microsoft Windows: CVSS (Max): 9.8*

Microsoft released fixes for 36 vulnerabilities in Windows and Windows server which include three RCE vulnerabilities in the Microsoft Message Queuing component of Windows operating systems that were each given a CVSSv3 score of 9.8 and a rating of critical.

ASB-2023.0161 – Microsoft Exchange Server: CVSS (Max): 9.8

Microsoft has fixed 6 flaws in Microsoft Exchange Server 2016 and 2019 which could lead to Elevation of Privilege, Remote Code Execution or Spoofing.


Stay safe, stay patched and have a good weekend!

The AUSCERT team