21 Jul 2023

Week in review

Greetings,

Cancer is a dangerous disease that tragically claims the lives of so many people far too quickly, leaving a void in our beautiful world and hearts. It’s a disease that touches us all, whether it’s our colleague, friend, family or even ourselves. It finds a way to infiltrate our lives, reminding us of its presence and the urgent need for continued efforts in research, prevention, and support for those impacted.

Security2Cure has organised a very special cyber security conference in honour of those affected by this heart-breaking disease. The conference will be an opportunity to knowledge-share and network with cyber security professionals with a mission to promote cancer awareness and raise money for cancer research. You will hear about fascinating cyber security topics ranging from incident response to imposter syndrome to fatigue management. In addition, there'll be a panel of heartfelt insights from people who have been impacted by the disease. A full list of the speakers and abstracts can be viewed here.
All money raised will be donated straight to the Spirit2Cure cancer research charity. To register and for further details, go to their site at Security2Cure. If you aren’t able to attend the conference, then please contribute to this great cause by donating here.

This week we released our training schedule for the rest of 2023! With so many great courses to choose from, be sure to secure your spot as soon as possible as spaces are limited. The foundation of building strong cyber security resilience for your organisation relies on empowering your staff with the relevant knowledge, skills and strategies through interactive and professional training courses.

Explore our diverse list of courses below:

Intermediate Cyber Security – Internet Technologies (NEW)
• 24-25 August 2023, 9am – 12:30pm AEST each day Register now

Introduction to Cyber Security for IT Professionals
• 14-15 August 2023, 9am – 12:30pm AEST each day Register now

Cyber Security Risk Management
• 5-6 September 2023, 9am – 12:30pm AEST each day Register now

Incident Response Planning
• 10-11 October 2023, 9am – 12:30pm AEST each day Register now

For more information on our training courses visit our website AUSCERT Education


Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!
Date: 2023-07-14
Author: Naked Security

[AUSCERT has notified members using Zimbra Collaboration Suite (where possible) via MSIN]
Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says “could potentially impact the confidentiality and integrity of your data.”
The vulnerability is what’s known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X, such as clicking through to site Y, gives the operator of site X a sneaky chance to implant rogue JavaScript code into the web pages that your browser receives back from Y.

New critical Citrix ADC and Gateway flaw exploited as zero-day
Date: 2023-07-18
Author: Bleeping Computer

[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and “strongly urges” to install updated versions without delay.
The security issue may be the same one advertised earlier this month on a hacker forum as a zero-day vulnerability.

MOVEit Hack: Number of Impacted Organizations Exceeds 340
Date: 2023-07-17
Author: Security Week

The number of entities impacted by the MOVEit attack carried out by a notorious cybercrime group now reportedly exceeds 340 organizations and 18 million individuals.
Brett Callow, a threat analyst at cybersecurity firm Emsisoft who has been monitoring the campaign, said over the weekend that he is aware of 347 impacted organizations, including 58 educational institutions in the United States. This includes Colorado State University, which last week confirmed that student and employee data may have been stolen.

CISA Unveils Guide to Aid Firms Transition to Cloud Security
Date: 2023-07-18
Author: Info Security Magazine

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive factsheet on July 17, 2023, to assist businesses transitioning to cloud environments in ensuring data security and safeguarding critical assets.
Named Free Tools for Cloud Environments, the factsheet offers network defenders and incident response/analysts open-source tools, methods and guidance for identifying, mitigating and detecting cyber threats, vulnerabilities and anomalies while operating in cloud or hybrid environments.

Adobe emergency patch fixes new ColdFusion zero-day used in attacks
Date: 2023-07-19
Author: Bleeping Computer

[See AUSCERT Security Bulletin 20 July 2023 ESB-2023.4101]
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks.
As part of today’s out-of-band update, Adobe fixed three vulnerabilities: a critical RCE tracked as CVE-2023-38204 (9.8 rating), a critical Improper Access Control flaw tracked as CVE-2023-38205 (7.8 rating), and a moderate Improper Access Control flaw tracked as CVE-2023-38206 (5.3 rating).


ASB-2023.0151 – Oracle PeopleSoft: CVSS (Max): 9.8

This Critical Patch Update contains 9 new security patches for Oracle PeopleSoft. 8 of these vulnerabilities may be remotely exploitable without authentication.

ESB-2023.4101 – Adobe ColdFusion: CVSS (Max): 9.8

Adobe released updates to resolve critical and moderate vulnerabilities that could lead to arbitrary code execution and security feature bypass.

ESB-2023.4042.2 – UPDATED ALERT Citrix ADC & Citrix Gateway: CVSS (Max): 9.8

Multiple critical vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

ESB-2023.3941 – Siemens SIMATIC CN 4100: CVSS (Max): 9.9

ICS-CERT published security advisory on Siemens equipment and successful exploitation could allow an attacker to gain privilege escalation and bypass network isolation.


Stay safe, stay patched and have a good weekend!

The AUSCERT team