22 Mar 2024

Week in review

Greetings,

As AUSCERT2024 approaches, we want to remind all our valued members to make the most of their Member Tokens before they expire on April 5th. Also, Early Bird Registrations are closing on this date too, so if you want to save on costs, register now! This year's program is exceptional, featuring a diverse range of cutting-edge workshops, influential speakers, and exciting activities. Seize this incredible opportunity to learn, network, and engage with industry leaders. Secure your spot today and join us for an unforgettable event! For more information, visit the AUSCERT2024 website.

Charities and not-for-profit organisations in Australia are facing an escalating number of cyber threats. In the 2022-23 financial year alone, the Australian Signals Directorate (ASD) received nearly 94,000 cybercrime reports, indicating one report filed approximately every 6 minutes. Recognising this concerning trend, the ASD is urging these entities to enhance their online security measures and stay vigilant.
Due to their limited resources, charities and not-for-profit organisations are increasingly vulnerable to malicious attacks. Such incidents can result in substantial costs, including financial losses, data breaches, reputational damage, loss of trust from donors and beneficiaries, and overall harm to the community they serve.

Not to fear, AUSCERT is here to help! Our members have access to a team of experts who can provide guidance, support, and assistance when incidents arise! An effective cyber security incident response is essential for maintaining organisational objectives by avoiding or limiting the impact of cyber security incidents.

Register for our Incident Response Planning Course to develop the skills needed to write and implement a bespoke incident response plan for your organisation. This course is designed to provide organisations with crucial information and knowledge to execute one of the critical elements of incident response preparation. Our upcoming course is scheduled for 16-17 April from 9am – 12:30pm, with limited places available so register now!


Fujitsu found malware on IT systems, confirms data breach
Date: 2024-03-18
Author: Bleeping Computer

Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data.
"We have confirmed the presence of malware on several of our business computers, and as a result of our internal investigation, it has been discovered that files containing personal information and information related to our customers could be illicitly removed," reads a Fujitsu notice.

New fact sheet for critical infrastructure leaders – actions to mitigate PRC state-sponsored cyber activity
Date: 2024-03-20
Author: ASD

Together with our international partners, we have released the PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders fact sheet.
The fact sheet provides guidance for critical infrastructure leadership to protect their infrastructure and critical functions from Volt Typhoon – a state-sponsored cyber actor linked to the People’s Republic of China (PRC).

Human risk factors remain outside of cybersecurity pros’ control
Date: 2024-03-15
Author: Help Net Security

Cyber threats are growing at an unprecedented pace, and the year ahead is fraught with cybercrime and incidents anticipated ahead of the busy election year where over 50 countries head to the polls, according to Mimecast.
With new threats like AI and deepfake technology, the stakes are higher than ever to execute a strong cyber defense.

Microsoft announces deprecation of 1024-bit RSA keys in Windows
Date: 2024-03-18
Author: Bleeping Computer

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security.
Rivest–Shamir–Adleman (RSA) is an asymmetric cryptography system that uses pairs of public and private keys to encrypt data, with the strength directly related to the length of the key. The longer these keys, the harder they are to crack.
1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor. Experts in the field consider 2048-bit keys safe until at least 2030.

Threat landscape for industrial automation systems. H2 2023
Date: 2024-03-19
Author: Kaspersky ICS CERT

In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%.
In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only industry to see a slight (0.5 pp) increase in the second half of the year.


ESB-2024.1635 – Nessus Products: CVSS (Max): 7.8

A privilege escalation vulnerability in Nessus plugin has been addressed. This vulnerability affects Nessus and Nessus Agent

ESB-2024.1680 – Atlassian Self-Managed Products: CVSS (Max): 10.0

Atlassian has released patches for multiple vulnerabilities in its monthly security update

ESB-2024.1683 – Firefox: CVSS (Max): 6.5*

Firefox has been updated to version 124 addressing multiple vulnerabilities

ESB-2024.1717 – Jenkins (core): CVSS (Max): 7.5

Jenkins (core) has been updated to address a Denial of Service vulnerability


Stay safe, stay patched and have a good weekend!

The AusCERT team