forked from wagov/wasocshared
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
32 changed files
with
428 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
docs/advisories/20240823001-SolarWinds-Releases-Critical-Update.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# SolarWinds Releases Critical Update - 20240823001 | ||
|
||
## Overview | ||
|
||
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| ------------------------ | --------------------------------------- | ----------------------------------------------------------------- | ---- | ------------ | | ||
| SolarWinds Web Help Desk | **all versions before** 12.8.3 Hotfix 2 | [CVE-2024-28987](https://nvd.nist.gov/vuln/detail/CVE-2024-28987) | 9.1 | **Critical** | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- SolarWinds article: <https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2> | ||
|
||
## Additional References | ||
|
||
- Cybersecurity News article: <https://securityonline.info/solarwinds-web-help-desk-hit-by-critical-vulnerability-cve-2024-28987> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# CISA Releases New ICS Advisories - 20240823002 | ||
|
||
## Overview | ||
|
||
CISA has released multiple advisories for Industrial Control Systems (ICS) related vendors. | ||
|
||
## What is vulnerable? | ||
|
||
| Vendor | Advisory Link(s) | | ||
| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| Rockwell | [ICSA-24-235-01](https://www.cisa.gov/news-events/ics-advisories/icsa-24-235-01) </br> [ICSA-24-235-02](https://www.cisa.gov/news-events/ics-advisories/icsa-24-235-02) | | ||
| MOBOTIX | [ICSA-24-235-03](https://www.cisa.gov/news-events/ics-advisories/icsa-24-235-03) | | ||
| Avtec | [ICSA-24-235-04](https://www.cisa.gov/news-events/ics-advisories/icsa-24-235-04) | | ||
| Mitsubishi Electric | [ICSA-20-282-02](https://www.cisa.gov/news-events/ics-advisories/icsa-20-282-02) | | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. | ||
|
||
- CISA Advisory: <https://www.cisa.gov/news-events/alerts/2024/08/22/cisa-releases-five-industrial-control-systems-advisories> |
22 changes: 22 additions & 0 deletions
22
docs/advisories/20240826001-Chromium-Vulnerability-Known-Exploitation.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Chromium Vulnerability Known Exploitation - 20240826001 | ||
|
||
## Overview | ||
|
||
Google has released updates to address a Type confusion vulnerability in V8 in Chrome and chromium based browsers (e.g. Microsoft Edge) which could allow remote attacker(s) to exploit heap corruption via a crafted HTML page. The vulnerability is actively exploited in the wild. | ||
|
||
## What is vulnerable? | ||
|
||
| **Product(s) Affected** | **Version(s)** | **CVE #** | **CVSS v4/v3** | **Severity** | | ||
| ----------------------- | ----------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -------------- | ------------ | | ||
| Microsoft Edge | prior to 128.0.2739.42 | [CVE-2024-7971](https://nvd.nist.gov/vuln/detail/CVE-2024-7971) | 8.8 | High | | ||
| Google Chrome | prior to 128.0.6613.84 for Linux <br>prior to 128.0.6613.84 for Windows <br/>prior to 128.0.6613.85 for Mac | [CVE-2024-7971](https://nvd.nist.gov/vuln/detail/CVE-2024-7971) | 8.8 | High | | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
## Additional References | ||
|
||
- Microsoft Security Response Center: <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971> | ||
- Google Chrome Releases: <https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html> | ||
- The Hacker News: <https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html> |
25 changes: 25 additions & 0 deletions
25
docs/advisories/20240826002-Progress-WhatsUp-Gold-Critical-Update.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Progress WhatsUp Gold Critical Update - 20240826002 | ||
|
||
## Overview | ||
|
||
The Progress WhatsUp Gold team has recently disclosed multiple critical vulnerabilities affecting all versions of the software released before 2024.0.0. These vulnerabilities, identified as CVE-2024-6670, CVE-2024-6671, and CVE-2024-6672, pose significant risks to organizations using outdated versions of the network monitoring tool. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| ------------------- | -------------------- | --------------------------------------------------- | --------------------- | -------------------------------------------- | | ||
| Progress WhatsUp | **Gold \< 2024.0.0** | CVE-2024-6670 <br> CVE-2024-6671 <br> CVE-2024-6672 | 9.8 <br> 9.8 <br> 8.8 | **Critical** <br> **Critical** <br> **High** | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- Progress Community article: <https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024> | ||
|
||
## Additional References | ||
|
||
- Cybersecurity News article: <https://securityonline.info/critical-vulnerabilities-uncovered-in-progress-whatsup-gold-cve-2024-6670-cve-2024-6671/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# SonicWall Publishes Critical Updates - 20240827001 | ||
|
||
## Overview | ||
|
||
SonicWall has published an advisory relating to critical updates affecting multiple products that, if successfully exploited, could grant malicious actors unauthorized access to the devices. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Version(s) | CVE # | CVSS v4/v3 | Severity | | ||
| -------------------------- | -------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---------- | -------- | | ||
| SonicWall Firewall devices | - Gen5 \<= 5.9.2.14-12o <br> - Gen6 \<= 6.5.4.14-109n <br> - Gen7 \<= 7.0.1-5035 | [CVE-2024-40766](https://nvd.nist.gov/vuln/detail/CVE-2024-40766) | 9.3 | Critical | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- Sonicwall Security Advisory: <https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015> |
21 changes: 21 additions & 0 deletions
21
docs/advisories/20240830001-CISA-Advisory-on-RansomHub-Ransomware.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# CISA Releases Joint Advisory on RansomHub Ransomware - 20240830001 | ||
|
||
## Overview | ||
|
||
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) [#StopRansomware: RansomHub Ransomware](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a), detailing its indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). RansomHub, previously known as Cyclops and Knight, has become a successful ransomware-as-a-service model, attracting affiliates from other major variants like LockBit and ALPHV. | ||
|
||
## What has been observed? | ||
|
||
CISA added this vulnerabilty based on CVEs observed [Cybersecurity Alerts & Advisories](https://www.cisa.gov/news-events/cybersecurity-advisories?f%5B0%5D=advisory_type%3A94) catalog on *August 28, 2024*. | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators perform a scan for the IOCs included and apply the mitigations as per CISA instructions. | ||
|
||
**Immediate action to take includes:** | ||
|
||
1. Secure and closely monitor Remote Desktop Protocol (RDP). | ||
1. Maintain offline backups of data, and regularly maintain backup and restoration. | ||
1. Enable and enforce phishing-resistant multifactor authentication (MFA). |
22 changes: 22 additions & 0 deletions
22
docs/advisories/20240903001-Zabbix-Code-Execution+Vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Zabbix Server Critical Vulnerability - 20240903001 | ||
|
||
## Overview | ||
|
||
The WA SOC has been made aware of vulnerability discovered in Zabbix Server that allows attackers with restrited administrative permissions to execute arbitrary code. | ||
The flaw, identified in the Ping script execution within the Monitoring Hosts section, could compromise the infrastructure. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Version(s) | CVE # | CVSS v4/v3 | Severity | | ||
| ------------------- | --------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---------- | -------- | | ||
| Zabbix Server | Zabbix Server versions 6.4.0 to 6.4.15<br>Zabbix Server versions 7.0.0alpha1 to 7.0.0rc2 <br> | [CVE-2024-22116](https://nvd.nist.gov/vuln/detail/CVE-2024-22116) | 9.9 | Critical | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- Zabbix Bugs and Issues: <https://support.zabbix.com/browse/ZBX-25016> |
Oops, something went wrong.