14 Jul 2023

Week in review

Greetings,

It’s that time of year again! The BDO and AUSCERT 2022 Cyber Security Results are in!

For the seventh year in a row, organisations across Australia and New Zealand were surveyed to identify the challenges and threats experienced in 2022 as well as what organisational leaders have prioritised to protect key assets and infrastructure. The findings from the report give a comprehensive overview of the present cyber security landscape in Australia and New Zealand. It delves into recent trends in cyber threats, their impact and the measures being implemented to mitigate these risks.

In the ever-evolving digital landscape, the significance of implementing strong cybersecurity measures has escalated. In 2022 BDO & AUSCERT reported a growing concern over data breaches, affecting individuals and high-profile organisations. The continuously evolving cyber threat landscape and increasing sophistication of attacks has emphasized the necessity for organisations to prioritise the development of cyber resilience.

Here are a few key themes that the report revealed.

1) Senior leadership is key to driving cyber security resilience

The report revealed the importance for Executive Leadership teams to take a more active role in Cyber governance in addition to being aware of the cyber risks within their organisations. The data collected indicated that although there had been a significant increase in attacks – concerningly there was a decline in senior leadership emphasis. Establishing effective leadership is crucial in fostering the adoption and implementation of policies and practices related to cyber security resilience.

2) The rapidly evolving cyber threat landscape

Rapid technology advancements have triggered the growth and increased sophistication of threats resulting in greater impacts during incidents. Data suggests cyber criminals are advancing at unprecedented levels relentlessly pursuing new methods to locate and exploit vulnerabilities. However reports indicate a concerning decline in organisations investing in the essential resources required to effectively detect and respond to incidents. Neglecting to allocate sufficient resources to cyber security can result in an increased vulnerability to attacks.

3) Importance of resilience

In this current landscape it is crucial for us all to realise we are all vulnerable to an attack at any time. Cyber resilience involves accepting this and planning accordingly for the different incidents that may occur, what assets may be targeted, how quickly we can identify the incident and how we respond.

If you’re interested in delving deeper into these topics or eager to gain further insights from the 2022 report, we invite you to download the complete report now!


SonicWall warns admins to patch critical auth bypass bugs immediately
Date: 2023-07-12
Author: Bleeping Computer

SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System (GMS) firewall management and Analytics network reporting engine software suites.
In total, the American cybersecurity company addressed a total of 15 security flaws today, including ones that can let threat actors gain access to vulnerable on-prem systems running GMS 9.3.2-SP1 or earlier and Analytics 2.5.0.4-R7 or earlier after bypassing authentication.

New Phishing Attack Spoofs Microsoft 365 Authentication System
Date: 2023-07-09
Author: Hack Read

Vade, a provider of email security and threat detection services, has released a report on a recently discovered phishing attack that involves the spoofing of the Microsoft 365 authentication system.
According to Vade’s Threat Intelligence and Response Center (TIRC), the attack email includes a harmful HTML attachment with JavaScript code. This code is designed to gather the recipient’s email address and modify the page using data from a callback function’s variable.

How kids pay the price for ransomware attacks on education
Date: 2023-07-07
Author: Malwarebytes

Modern ransomware attacks are as much about stealing data and threatening to leak it as they are about encrypting data. Which means that when a school or hospital is attacked, it's often students' and patients' data that's leaked if the ransom demand isn't met.
We have to wonder how greedy any person would need to be to show such a blatant disregard for how painful sharing that kind of information can be.
In our recent report on the state of ransomware in education we saw an 84% increase in known attacks on the education sector.

Storm-0978 attacks reveal financial and espionage motives
Date: 2023-07-11
Author: Microsoft Corporation

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress.

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers
Date: 2023-07-11
Author: Cisco Talos

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015.
Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.
Microsoft has blocked all certificates discussed in this blog and has released an advisory.

Apple re-releases zero-day patch after fixing browsing issue
Date: 2023-07-12
Author: Bleeping Computer

Apple fixed and re-released emergency security updates addressing a WebKit zero-day vulnerability exploited in attacks. The initial patches had to be withdrawn on Monday due to browsing issues on certain websites.
"Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly," Apple said on Tuesday.


ESB-2023.3892 – FortiOS and FortiProxy: CVSS (Max): 9.8

Fortinet has disclosed a critical vulnerability CVE-2023-33308 affecting FortiOS and FortiProxy. AUSCERT has identified impacted members (where possible) and notified them via MSIN

ESB-2023.3907 – Adobe ColdFusion: CVSS (Max): 9.8

Adobe has released security updates for ColdFusion versions 2023, 2021 and 2018

ESB-2023.3910 – Citrix ADC and Gateway: CVSS (Max): 9.6

A critical vulnerability has been discovered in Citrix Secure Access Client for Ubuntu

ASB-2023.0118 – ALERT Windows: CVSS (Max): 9.8*

Microsoft releases updates to Windows addressing several critical vulnerabilities

ESB-2023.3880 – macOS Ventura 13.4.1: CVSS (Max): None

Apple fixed an exploited zero-day vulnerability (CVE-2023-37450) in WebKit


Stay safe, stay patched and have a good weekend!

The AUSCERT team