28 Jul 2023
Week in review
Greetings,
Barbie Mania has introduced a concerning new trend of cyber-related attacks worldwide. Leveraging the distraction caused by the hype, criminals are taking advantage of this opportunity to launch attacks on unsuspecting individuals. Related attacks have risen since the promotion and release of the movie with the U.S. taking the brunt of the attacks, however other countries such as the UK and Australia are also being impacted. Criminals are exploiting this trend to trick people into clicking malicious links, harmful files or providing sensitive information leading to data breaches and financial losses. Blinded by excitement many people are acting impulsively, thus making them susceptible to these deceptive methods.
Social engineering cyber attacks like the Barbie trend are becoming increasingly sophisticated and pervasive. Criminals have recognized the power of using popular trends and emotional triggers as bait to manipulate and deceive people. Exploiting emotions and creating a sense of urgency or excitement can be a trigger for individuals to divulge their sensitive information. CTO of McAfee, Steve Grobman, explained that this is not a new trend and criminals will look for any opportunity to make their scam more attractive and believable, often leveraging popular and well-publicized events to trick users into clicking on malicious links. Social engineering attacks are all about the psychology of persuasion, targeting the mind and heart, with the main aim being to gain the trust of the target, encourage them to lower their guard and engage in unsafe actions.
Here are a few tips & tricks to avoid scams like these:
-
Stick with reliable suppliers, brands or networks.
If you’re unfamiliar with the brand, it’s best to investigate the source of the content. -
Use your judgement – and don’t let emotions cloud your judgement! If an offer seems too good to be true.. it often is! It is essential to be cautious of unexpected requests, unsolicited emails or messages.
-
Do your research – before giving away your sensitive details or financial information research the organisation and ensure they are a trustworthy source.
-
Members – contact us! If you're an AUSCERT member don't forget you can always contact us for support.
This deceptive tactic serves as a stark reminder of the ever-evolving methods cybercriminals employ to deceive and victimize people. By staying informed, employing strong security practices and being sceptical of suspicious communications we can better protect ourselves and our data from falling into the wrong hands.
Atlassian patches vulnerabilities in server, data centre products
Date: 2023-07-24
Author: IT News
[See AUSCERT Security Bulletins 26 July 2023 ESB-2023.4207, ESB-2023.4208 & ESB-2023.4209]
Atlassian last Friday announced fixes for three remote code execution (RCE) vulnerabilities.
The three bugs are rated as high rather than critical severity, since they’re exploitable only by authenticated users.
CVE-2023-22505, discovered in the company’s bug bounty program, has a CVSS score of 8, and was introduced in version 8.0.0 of Confluence data centre and server products.
It’s an RCE that allows an attacker to execute arbitrary code without user interaction.
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
Date: 2023-07-26
Author: Bleeping Computer
[See AUSCERT Security Bulletins 26 July 2023 ESB-2023.4186 & ESB-2023.4189]
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.
Ubuntu is one of the most widely used Linux distributions, especially popular in the U.S., having an approximate user base of over 40 million.
Ivanti patches MobileIron zero-day bug exploited in attacks
Date: 2023-07-24
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
US-based IT software company Ivanti has patched an actively exploited zero-day vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).
Ivanti released security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078 on Sunday.
ATO attackers filed $557 million in false claims
Date: 2023-07-26
Author: iTnews
Criminals exploiting a loophole in the government’s digital identity systems filed more than $550 million in false claims over the last two financial years, the ATO has disclosed.
The ABC reported this morning that criminals had found they could create bogus myGov accounts, and then link them to real taxpayers’ ATO files.
An earlier December 2022 investigation found attackers were using customer identity information stolen in high-profile data breaches like Optus and Medibank as part of the fraud.
Patch Now: Up to 900K MikroTik Routers Vulnerable to Total Takeover
Date: 2023-07-26
Author: Dark Reading
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Up to 900,00 MikroTik routers — a popular target for threat actors including nation-state groups — may be open to attack via a privilege escalation vulnerability in the RouterOS operating system.
The vulnerability (CVE-2023-30788) gives attackers a way to take complete control of affected MIPS-processor-based MikroTik devices and pivot into an organization's network, according to researchers from VulnCheck, which just published several new exploits for the flaw. Attackers can also use it to enable man-in-the-middle attacks on network traffic flowing through the router, they warned. Versions of MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to the issue.
ESB-2023.4155 – Citrix Hypervisor and XenServer : CVSS (Max): 6.2
Citrix has released a hotfix that includes AMD microcode to mitigate hardware issues on systems running Citrix Hypervisor on AMD Zen 2 CPUs.
ESB-2023.4156 – iOS and iPadOS: CVSS (Max): 8.8*
Apple issued its third security update in a month to remedy zero-day vulnerability CVE-2023-38606 exploited in Operation Triangulation. This update is available through iTunes for iPhone and Software Update on your iOS device.
ESB-2023.4158 – macOS Ventura 13.5: CVSS (Max): 8.8*
Apple pushed a new macOS Ventura 13.5 update which includes bug fixes and security updates for CVE-2023-37450 which may be exploited in the wild.
ESB-2023.4177 – Tenable Security Center: CVSS (Max): 7.5
Tenable has discovered a vulnerability in Tenable Security Centre, and released Patch SC-202307.1-6.x to address the issue.
Stay safe, stay patched and have a good weekend!
The AUSCERT team