forked from wagov/wasocshared
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
21 changed files
with
425 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
21 changes: 21 additions & 0 deletions
21
docs/advisories/20240723002-Okta-Releases-Browser-Plugin-Advisory.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # Okta Releases Browser Plugin Advisory - 20240723002 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware of a cross-site scripting security vulnerability found in the Okta Browser Plugin (Chrome/Edge/Firefox/Safari). The issue occurs when the plugin prompts the user to save credentials within Okta Personal. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | -------------------------------- | --------------------------------------------------------------- | ---- | -------- | | ||
| | Okta Browser Plugin | Affected at 6.5.0 through 6.31.0 | [CVE-2024-0981](https://nvd.nist.gov/vuln/detail/CVE-2024-0981) | 7.1 | High | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Okta: <https://trust.okta.com/security-advisories/okta-browser-plugin-reflected-cross-site-scripting-cve-2024-0981/> | ||
|
|
||
| ## Reference | ||
|
|
||
| - SecurityOnline: <https://securityonline.info/okta-patches-cross-site-scripting-flaw-cve-2024-0981-in-browser-plugin/> |
23 changes: 23 additions & 0 deletions
23
docs/advisories/20240724001-CISA-Updates-Known-Exploites-Catalog.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # CISA Updates Known Exploited Catalog - 20240724001 | ||
|
|
||
| ## Overview | ||
|
|
||
| CISA has added two new vulnerabilities to its [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog), based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE # | CVSS v4/v3 | Severity | | ||
| | --------------------------- | --------------------------- | ------------------------------------------------- | ---------- | -------- | | ||
| | Microsoft Internet Explorer | versions IE6 through to IE8 | <https://nvd.nist.gov/vuln/detail/CVE-2012-4792> | 9.3 | High | | ||
| | Twilio products | all versions before 25.1.0 | <https://nvd.nist.gov/vuln/detail/CVE-2024-39891> | 5.3 | Medium | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hrs...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Microsoft Advisory: <http://technet.microsoft.com/security/advisory/2794220> | ||
| - Twilio Advisory: <https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS> |
20 changes: 20 additions & 0 deletions
20
docs/advisories/20240724003-CISA-Publishes-New-ICS-Advisories.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # CISA Publishes New ICS Advisories - 20240724003 | ||
|
|
||
| ## Overview | ||
|
|
||
| CISA has released multiple advisories for Industrial Control Systems (ICS) related vendors. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Industry | Vendor | Vendor Link(s) | | ||
| | ----------------------------------------------------------------------------------------------- | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | Critical Manufacturing, Defense Industrial Base, Information Technology, Transportation Systems | National Instruments | [ICSA-24-205-01](https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-01) </br> [ICSA-24-205-03](https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-03) | | ||
| | Energy | Hitachi | [ICSA-22-333-02](https://www.cisa.gov/news-events/ics-advisories/icsa-22-333-02) </br> [ICSA-24-205-02](https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02) | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. | ||
|
|
||
| ## Additional References | ||
|
|
||
| - CISA Article: <https://www.cisa.gov/news-events/alerts/2024/07/23/cisa-releases-four-industrial-control-systems-advisories> |
33 changes: 33 additions & 0 deletions
33
docs/advisories/20240725001-ISC-Releases-BIND9-Advisories.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # ISC Releases Multiple BIND 9 Security Advisories - 20240725001 | ||
|
|
||
| ## Overview | ||
|
|
||
| The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. | ||
|
|
||
| ## What is the vulnerability? | ||
|
|
||
| | CVE # | Product(s) and Version(s) Affected | CVSS v4/v3 | Severity | | ||
| | --------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | -------- | | ||
| | [CVE-2024-4076](https://nvd.nist.gov/vuln/detail/CVE-2024-4076) | BIND </br> - 9.16.13 -> 9.16.50 </br> - 9.18.0 -> 9.18.27 </br> - 9.19.0 -> 9.19.24 </br> </br> BIND Supported Preview Edition </br> - 9.11.33-S1 -> 9.11.37-S1 </br> - 9.16.13-S1 -> 9.16.50-S1 </br> - 9.18.11-S1 -> 9.18.27-S1 | 7.5 | High | | ||
| | [CVE-2024-1975](https://nvd.nist.gov/vuln/detail/CVE-2024-1975) | BIND </br> - 9.0.0 -> 9.11.37 </br> - 9.16.0 -> 9.16.50 </br> - 9.18.0 -> 9.18.27 </br> - 9.19.0 -> 9.19.24 </br> (Versions prior to 9.16.48 were not assessed.) </br> </br> BIND Supported Preview Edition </br> - 9.9.3-S1 -> 9.11.37-S1 </br> - 9.16.8-S1 -> 9.16.49-S1 </br> - 9.18.11-S1 -> 9.18.27-S1 </br> (Versions prior to 9.16.48-S1 were not assessed.) | 7.5 | High | | ||
| | [CVE-2024-1737](https://nvd.nist.gov/vuln/detail/CVE-2024-1737) | BIND </br> - 9.11.0 -> 9.11.37 </br> - 9.16.0 -> 9.16.50 </br> - 9.18.0 -> 9.18.27 </br> - 9.19.0 -> 9.19.24 </br> (Versions prior to 9.11.0 were not assessed.) </br> </br> BIND Supported Preview Edition </br> - 9.11.4-S1 -> 9.11.37-S1 </br> - 9.16.8-S1 -> 9.16.50-S1 </br> - 9.18.11-S1 -> 9.18.27-S1 </br> (Versions prior to 9.11.4-S1 were not assessed.) | 7.5 | High | | ||
| | [CVE-2024-0760](https://nvd.nist.gov/vuln/detail/CVE-2024-0760) | BIND </br> - 9.18.1 -> 9.18.27 </br> - 9.19.0 -> 9.19.24 </br> (Versions prior to 9.18.1 were not assessed.) </br> </br> BIND Supported Preview Edition </br> - 9.18.11-S1 -> 9.18.27-S1 </br> (Versions prior to 9.18.24-S1 were not assessed.) | 7.5 | High | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| ISC Advisories: | ||
|
|
||
| - <https://kb.isc.org/docs/cve-2024-4076> | ||
| - <https://kb.isc.org/docs/cve-2024-1975> | ||
| - <https://kb.isc.org/docs/cve-2024-1737> | ||
| - <https://kb.isc.org/docs/cve-2024-0760> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - CISA Advisory: <https://www.cisa.gov/news-events/alerts/2024/07/24/isc-releases-security-advisories-bind-9> |
21 changes: 21 additions & 0 deletions
21
docs/advisories/20240725002-Docker-Releases-Critical-Security-Advisory.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # Docker Releases Critical Security Advisory - 20240725002 | ||
|
|
||
| ## Overview | ||
|
|
||
| Docker has released a security advisory relating to a vulnerability in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | Docker | v19.03.15 and below <br> v20.10.27 and below <br> v23.0.14 and below <br> v24.0.9 and below <br> v25.0.5 and below <br> v26.0.2 and below <br> v26.1.4 and below <br> v27.0.3 and below <br> v27.1.0 and below | [CVE-2024-41110](https://nvd.nist.gov/vuln/detail/CVE-2024-41110) | 9.9 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hrs...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Docker: <https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/> |
21 changes: 21 additions & 0 deletions
21
docs/advisories/20240725003-Google-Releases-New-Chrome-Stable-Version.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # Google Releases New Chrome Stable Version - 20240725003 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware of the release of Google Chrome stable versions. These are critical to mitigate multiple vulnerabilities discovered in Google Chrome that in the most severe case would allow a threat actor to perform arbitrary code execution. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | | ||
| | ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | Google Chrome | all versions below 127.0.6533.72 for Windows </br> all versions below 127.0.6533.73 for Mac </br> all versions below 127.0.6533.72 for Linux | CVE-2024-6988 </br> CVE-2024-6989 </br> CVE-2024-6991 </br> CVE-2024-6992 </br> CVE-2024-6993 </br> CVE-2024-6994 </br> CVE-2024-6995 </br> CVE-2024-6996 </br> CVE-2024-6997 </br> CVE-2024-6998 </br> CVE-2024-6999 </br> CVE-2024-7000 </br> CVE-2024-7001 </br> CVE-2024-7003 </br> CVE-2024-7004 </br> CVE-2024-7005 | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *1 month* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Google: <https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html> | ||
|
|
||
| ## Reference | ||
|
|
||
| - Center for Internet Security: <https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2024-084> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # CISA Releases Joint Advisory for North Korean Cyber Espionage Activity - 20240726001 | ||
|
|
||
| ## Overview | ||
|
|
||
| CISA has released a joint Cybersecurity Advisory titled "North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime's Military and Nuclear Programs". This advisory was crafted to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju. | ||
|
|
||
| The Advisory states that the group primarily targets defence, aerospace, nuclear, and engineering entities to obtain sensitive and classified technical information and intellectual property to advance the regime’s military and nuclear programs and ambitions. The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC encourages all critical infrastructure organisations to review the advisory for listed known TTPs for conducting surveillance within their environments, and implement the recommended mitigations where applicable. | ||
|
|
||
| - [FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity](https://www.cisa.gov/news-events/alerts/2024/07/25/fbi-cisa-and-partners-release-advisory-highlighting-north-korean-cyber-espionage-activity) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # Telerik Releases Security Advisory - 20240726002 | ||
|
|
||
| ## Overview | ||
|
|
||
| Progress has published an advisory to address vulnerabilities in their Telerik Report Server product. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------------------ | --------------------------------------------- | --------------------------------------------------------------- | ---- | ------------ | | ||
| | Progress Telerik Report Server | **all versions before** 2024 Q2 (10.1.24.709) | [CVE-2024-6327](https://nvd.nist.gov/vuln/detail/CVE-2024-6327) | 9.9 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Progress Telerik Advisory: <https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - BleepingComputer blog post: <https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/> | ||
| - SecurityAffairs blog post: <https://securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html> |
27 changes: 27 additions & 0 deletions
27
docs/advisories/20240726003-GitLab-Releases-Security-Advisory.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # GitLab Releases Security Advisory - 20240726003 | ||
|
|
||
| ## Overview | ||
|
|
||
| GitLab has published an advisory to address vulnerabilities across multiple versions of its software. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ----------------------------------------------------------- | --------------------------------------------------------------------------------------- | --------------------------------------------------------------- | ---- | -------- | | ||
| | Enterprise Edition (EE) | - 16.11 **before** 17.0.5 <br/> - 17.1 **before** 17.1.3 <br/> - 17.2 **before** 17.2.1 | [CVE-2024-5067](https://nvd.nist.gov/vuln/detail/CVE-2024-5067) | 4.4 | Medium | | ||
| | GitLab Community Edition (CE) <br/> Enterprise Edition (EE) | - 16.7 **before** 17.0.5 <br/> - 17.1 **before** 17.1.3 <br/> - 17.2 **before** 17.2.1 | [CVE-2024-7057](https://nvd.nist.gov/vuln/detail/CVE-2024-7057) | 4.3 | Medium | | ||
| | GitLab Community Edition (CE) <br/> Enterprise Edition (EE) | - 12.0 **before** 17.0.5 </br> - 17.1 **before** 17.1.3 </br> - 17.2 **before** 17.2.1 | [CVE-2024-0231](https://nvd.nist.gov/vuln/detail/CVE-2024-0231) | 2.7 | Low | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - GitLab Patch Release: <https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - Securityonline blog post: <https://securityonline.info/gitlab-patches-six-security-flaws-urges-immediate-update/> |
20 changes: 20 additions & 0 deletions
20
docs/advisories/20240726004-CISA-Publishes-New-ICS-Advisories.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # CISA Publishes New ICS Advisories - 20240726004 | ||
|
|
||
| ## Overview | ||
|
|
||
| CISA has released multiple advisories for Industrial Control Systems (ICS) related vendors. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Vendor | Advisory Link(s) | | ||
| | -------- | -------------------------------------------------------------------------------- | | ||
| | Siemens | [ICSA-24-207-01](https://www.cisa.gov/news-events/ics-advisories/ICSA-24-207-01) | | ||
| | Positron | [ICSA-24-207-02](https://www.cisa.gov/news-events/ics-advisories/ICSA-24-207-02) | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. | ||
|
|
||
| ## Additional References | ||
|
|
||
| - CISA Article: <https://www.cisa.gov/news-events/alerts/2024/07/25/cisa-releases-two-industrial-control-systems-advisories> |
Oops, something went wrong.