17 Mar 2023

Week in review

Greetings,

Before we get too caught up in St Patrick's Day celebrations today, we wanted to remind you that early bird registrations for the upcoming AUSCERT2023 Cyber Security Conference end in two weeks. Don't miss out on this opportunity to connect with industry experts and gain valuable knowledge and skills to enhance your organisation's security posture.

Additionally, don’t forget that Member Tokens will also expire in two weeks, so be sure to use them before then. You can ask your member representative for help with that, and if you’re yet to write your business case to attend AUSCERT2023, check out last week’s blog for some convincing ideas to include.

Not to throw too much of a downer on celebrations, remember any popular event like St Patrick’s Day can potentially be weaponised for use by scammers. The same goes for impactful news stories, such as this week’s unfortunate collapse of multiple financial institutions in the USA and Latitude’s cyber incident.

I’m sure we can all imagine “viral St Patrick’s Day videos”, “we regret to inform you of a data breach”, “you have a toll trip on 17/03/2023, to avoid penalty notice please pay immediately” or similar hooks to entice victims to click malicious links.

It could be argued that good cyber hygiene at home also helps improve cyber resilience in the workplace, because staff may employ the same practices whether they are handling their own personal data or the information assets of their employer. In your next internal cyber awareness campaign, why not include some personal cyber hygiene tips – there’s plenty of content available online. Over the years we’ve also seen some very inventive training modules created in-house by some of our members – if you’ve designed one, why not share your ideas with other professionals in the AUSCERT Slack Channel?

And now a selection of this week’s notable cyber security news articles, compiled by the AUSCERT Analyst Team:


Fortinet: New FortiOS bug used as zero-day to attack govt networks
Date: 2023-03-13
Author: Bleeping Computer

Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss.
Fortinet released security updates on March 7, 2023, to address this high-severity security vulnerability (CVE-2022-41328) that allowed threat actors to execute unauthorized code or commands.

Microsoft fixes Outlook zero-day used by Russian hackers since April 2022
Date: 2023-03-14
Author: Bleeping Computer

Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations.
The security vulnerability was exploited in attacks to target and breach the networks of fewer than 15 government, military, energy, and transportation organizations between mid-April and December 2022.

Commonwealth Bank details transaction abuse detection method
Date: 2023-03-16
Author: iTnews

The Commonwealth Bank has provided more detail of the data points and language models it is using to detect financial abuse in transaction descriptions.
The bank’s AI labs team has a research paper published on arXiv [pdf] that describes the “multi-step approach” and also invites input from “the wider research community” to improve on the current method.

What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge
Date: 2023-03-10
Author: The Register

Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the cloud software slinger's customers.
According to America's financial watchdog, the SEC, Blackbaud will cough up the cash – without admitting or denying the regulator's findings – and will cease and desist from committing any further violations.

Why Healthcare Boards Lag Other Industries in Preparing for Cyberattacks
Date: 2023-03-15
Author: Dark Reading

As leaders responsible for prioritizing their organizations' goals, board members must push the cybersecurity agenda forward. Yet new research shows healthcare boards are far behind their peers in making cybersecurity a priority and understanding cyber-risks, despite the potentially severe consequences to patient safety and care.
"Cybersecurity: The 2022 Board Perspective," a new global report from Proofpoint and Cybersecurity at MIT Sloan, found that cybersecurity is much lower on healthcare boards' agendas compared with other sectors. Although 77% of the 600 board members surveyed suggested cybersecurity is a top priority for their organizations, only 59% of healthcare directors concurred.


ESB-2023.1515 – VMware Cloud Foundation: CVSS (Max): 9.8

A remote code execution vulnerability via XStream open source library affecting VMware Cloud Foundation has been reported. VMware has released an update to address the issue.

ESB-2023.1535 – Tenable products: CVSS (Max): 9.1

A vulnerability was reported in Tenable products. Tenable has updated its compliance plugins and audit files to remediate the issue.

ASB-2023.0057 – ALERT Windows: CVSS (Max): 9.8

Microsoft's Patch Tuesday included fixes for 56 vulnerabilities across Windows and Windows Server.

ASB-2023.0055 – ALERT Microsoft Office, Office Services and Web Apps: CVSS (Max): 9.8

Microsoft has released its monthly security patch update that resolves 10 vulnerabilities in Microsoft Office, Office Services and Web Apps.

ESB-2023.1557 – Adobe Creative Cloud: CVSS (Max): 8.6

Adobe's recent update for the Creative Cloud Desktop for Windows fixes a critical vulnerability that could lead
to arbitrary code execution if exploited.

ASB-2023.0058 – Latitude Cyber Incident

AUSCERT reports a data breach incident affecting Latitude Financial which appears to have been affecting customers across Australia and New Zealand.


Stay safe, stay patched and have a good weekend!

The AUSCERT team