16 Dec 2022
Week in review
Greetings,
The AUSCERT team are excited to announce that the Call for Presentations and Sponsorship options for next year’s conference are open!
We believe that there is an abundance of potential speakers from far afield and close to home, even if people don’t know it. To help those unsure of what to speak about or, in need of some assistance, AUSCERT has implemented some new initiatives aimed at helping uncover talking points and help interested parties develop their presentation.
These include a mentorship program and a webinar titled, “I don’t have anything to talk about”, scheduled for early 2023.
If you would like some inspiration or ideas, perhaps an episode of our podcast, ‘Share Today, Save Tomorrow’ is in order. This includes our last episode of 2022 , released today, that features Dave Lewis, a speaker at this year’s conference and is currently a Global Advisory CISO for Cisco. Dave is also working towards his graduate degree at Harvard and wrote columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others.
If you’re considering sponsorship at AUSCERT2023, we have the usual offerings along with some returning favourites from this year – including the Gelato Cart – along with some fantastic new options that we think will be highly sought after! If you’d like to see what’s on offer, simply visit the sponsorship portal and request a copy of the Sponsorship Prospectus.
With just over a week until Christmas Day, many people have placed online orders for their gifts and no doubt are anticipating the delivery each day. If you are one of the many on the look-out for a delivery, beware of potential scams that make claims of a failed delivery, requesting you update your details – be warned, DO NOT click on any links!
This is just one of the ’12 Scams of Christmas’ that have been compiled to promote awareness and hopefully, keep everyone safe this Festive Season!
Fortinet confirms VPN vulnerability exploited in the wild
Date: 2022-12-12
Author: TechTarget
[Refer AUSCERT Security Bulletin ESB-2022.6458.2]
A critical zero-day vulnerability in Fortinet’s SSL-VPN has been exploited in the wild in at least one instance.
Fortinet issued an advisory Monday detailing the heap-based buffer overflow flaw, tracked as CVE-2022-42475, affecting multiple versions of its FortiOS SSL-VPN. Ranked a 9.3 on the common vulnerability scoring system, Fortinet warned the critical flaw could allow a remote unauthenticated attacker to execute arbitrary code.
“Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise,” Fortinet wrote in the advisory.
Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws
Date: 2022-12-13
Author: Bleeping Computer
Today is Microsoft’s December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws.
Six of the 49 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution, one of the most severe types of vulnerabilities.
Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw
Date: 2022-12-14
Author: Dark Reading
Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild.
The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32.
“Both must be configured with an SAML SP or IdP configuration to be affected,” Citrix noted in its security update.
TPG Telecom discloses hosted Exchange breach at iiNet, Westnet
Date: 2022-12-14
Author: iTnews
TPG Telecom has disclosed a breach of hosted Exchange services that run email accounts for up to 15,000 iiNet and Westnet business customers.
The telco said that Mandiant had “found evidence of unauthorised access” on December 13.
The target appeared to be “crypocurrency and financial information” contained within accounts, TPG Telecom said in a financial filing.
It appears the incident was identified as part of routine scans on networked assets.
Fire Rescue Victoria relies on radios and mobile phones as it probes mystery dispatch system outage
Date: 2022-12-15
Author: The Age
[Update at : https://www.frv.vic.gov.au/update-frv-outage}
Victorian firefighters will be forced to use mobile phones and radios for up to four days after their dispatch system suffered a mystery outage.
Fire Rescue Victoria acting Commissioner Gavin Freeman said the disruption was first noticed between 4am and 5am on Thursday.
The acting commissioner said fire trucks and crews were still able to be deployed in response to the incidents, and safety had not been compromised.
ESB-2022.6592 – Tenable.ad: CVSS (Max): 9.8
Tenable.ad leverages third-party software to help provide underlying functionality. One of the third-party components (Erlang) was found to contain vulnerabilities, and updated versions have been made available by the providers.
ESB-2022.6508 – macOS Ventura: CVSS (Max): 8.2*
macOS Ventura 13.1 addresses multiple important security issues.
ESB-2022.6481 – ALERT VMware vRealize Network Insight (vRNI): CVSS (Max): 9.8
Multiple vulnerabilities in VMware vRealize Network Insight (vRNI) were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products.
ESB-2022.6474 – ALERT Citrix ADC and Gateway: CVSS (Max): None
A vulnerability has been discovered in Citrix Gateway and Citrix ADC that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.
ASB-2022.0245 – ALERT Microsoft Windows: CVSS (Max): 8.5*
Microsoft has released its monthly security patch update for the month of December 2022 which outlined 31 vulnerabilities across multiple products
ESB-2022.6458.2 – UPDATED ALERT FortiOS: CVSS (Max): 9.3
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Stay safe, stay patched and have a good weekend!
The AUSCERT team