Merge branch 'wagov:main' into main

docs/advisories/20240131002-Mitigation-Defend-Agaist-Exploitation-of-Ivanti.md

@@ -0,0 +1,26 @@
+# New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways - 20240131002
+
+## Overview
+
+CISA has released new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices ([CVE-2023-46805](https://nvd.nist.gov/vuln/detail/CVE-2023-46805) and [CVE-2024-21887](https://nvd.nist.gov/vuln/detail/CVE-2024-21887)).
+
+## What is vulnerable?
+
+| Product(s) Affected | Summary | Severity | CVSS |
+| ------------------- | ------- | -------- | ---- |
+| **ICS 9.1R18**      |         | **High** | 8.2  |
+| **ICS 22.6R2**      |         | **High** | 8.2  |
+| **IPS 9.1R18**      |         | **High** | 8.2  |
+| **IPS 22.6R2**      |         | **High** | 8.2  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+## Additional References
+
+- [NVD - CVE-2023-46805 (nist.gov)](https://nvd.nist.gov/vuln/detail/CVE-2023-46805)

docs/advisories/20240202001-CISA-Known-Exploited-Vulnerabilities.md

@@ -0,0 +1,28 @@
+# CISA Known Exploited Catalog - 20240202001
+
+## Overview
+
+Apple have released a critical security advisory relating to Type Confusion Vulnerability impacting multiple apple products.
+
+## What is vulnerable?
+
+| Product(s) Affected                                    | CVE                                                               | Severity | CVSS |
+| ------------------------------------------------------ | ----------------------------------------------------------------- | -------- | ---- |
+| Apple macOS **Versions** before 14.3, 13.6, 12.7       | [CVE-2024-23222](https://nvd.nist.gov/vuln/detail/CVE-2024-23222) | **High** | 8.8  |
+| Apple iOS and iPadOS **Versions** before 17.3 and 16.7 |                                                                   |          |      |
+| Apple tvOS **Versions** before 17.3                    |                                                                   |          |      |
+| Apple safari **Versions** before 17.3                  |                                                                   |          |      |
+
+## What has been observed?
+
+CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [NIST CVE-2024-23222](https://nvd.nist.gov/vuln/detail/CVE-2024-23222)
+
+### Additional Resources
+
+-[CISA Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

docs/advisories/20240202002-Docker-Container-Vulnerabilities.md

@@ -0,0 +1,32 @@
+# Docker Container Runtime Component Vulnerabilities - 20240202002
+
+## Overview
+
+An attacker could use the core container infrastructure components of docker containers to escape the container and gain unauthorized access to the underlying host operating system from within the container.
+
+## What is vulnerable?
+
+| Component(s) Affected      | CVE                                                               | Severity     | CVSS |
+| -------------------------- | ----------------------------------------------------------------- | ------------ | ---- |
+| OCI runc                   | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | **High**     | 8.6  |
+| Buildkit Mount             | [CVE-2024-23653](https://nvd.nist.gov/vuln/detail/CVE-2024-23651) | **High**     | 8.7  |
+| Buildkit GRPC SecurityMode | [CVE-2024-23653](https://nvd.nist.gov/vuln/detail/CVE-2024-23653) | **Critical** | 10.0 |
+| BuildKit Buildtime         | [CVE-2024-23652](https://nvd.nist.gov/vuln/detail/CVE-2024-23652) | **Critical** | 9.8  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours* (refer [Patch Management](../guidelines/patch-management.md)):
+
+You will likely need to update your Docker daemons and Kubernetes deployments, as well as any container build tools that you use in CI/CD pipelines, on build servers, and on your developers' workstations
+
+- [Runc 1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12) - Fix for CVE-2024-21626
+- [Docker buildkit Release 0.12.5](https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/) - Fix for CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653
+
+### Additional Resources
+
+- [Moby and Open Container Vulenrabilities - CISA](https://www.cisa.gov/news-events/alerts/2024/02/01/moby-and-open-container-initiative-release-critical-updates-multiple-vulnerabilities-affecting)
+- [Synk "leaky vessels" report](https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/)

docs/advisories/20240202003-Microsoft-Edge-Security-Update.md

@@ -0,0 +1,23 @@
+# Microsoft Edge Security Updates - 20240202003
+
+## Overview
+
+Microsoft has released security updates to address vulnerabilities in Microsoft Edge (Chromium-based)remote code execution [CVE-2024-21399](https://www.cve.org/CVERecord?id=CVE-2024-21399). Threat actor could exploit one of these vulnerabilities to obtain sensitive information.
+
+## What is vulnerable?
+
+| Product(s) Affected              | Severity | CVSS                                                                                                                                                                  |
+| -------------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Microsoft Edge 121.0.2277.98** | **High** | [8.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2024-21399&vector=AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H&version=3.1&source=Microsoft%20Corporation) |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+## Additional References
+
+- [Microsoft Security Updates](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21399)

docs/advisories/20240205001-Juniper-Networks-Security-Advisory.md

@@ -0,0 +1,21 @@
+# Juniper Networks Security Advisory - 20240205001
+
+## Overview
+
+Juniper Networks released a security bulletin to address multiple vulnerabilities affecting Juniper Secure Analytics optional applications. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
+
+## What is vulnerable?
+
+| Product(s) Affected                                                                                                                                                                                                                                                                          | Severity     | CVSS |
+| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---- |
+| Juniper Secure Analytics (JSA) Applications <br />- Log Collector **versions before** v1.8.4 <br />- SOAR Plugin App **versions before** 5.3.1  <br />- Deployment Intelligence App **versions before** 3.0.12 <br />- User Behavior Analytics Application add-on **versions before** 4.1.14 | **Critical** | 9.1  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Juniper Support Portal](https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved-in-JSA-Applications?language=en_US)

docs/advisories/20240205002-Google-Chrome-Security-Updates.md

@@ -0,0 +1,22 @@
+# Google Chrome Security Updates - 20240205002
+
+## Overview
+
+Google has released new updates for Google Chrome to address a Use-After-Free in Network vulnerability which could allow a threat actor to potentially exploit heap corruption via a malicious file.
+
+## What is vulnerable?
+
+| Product(s) Affected                                        | Summary                                                                                                       | Severity | CVSS |
+| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------- | ---- |
+| **Google Chrome** <br /> Versions Prior to: 121.0.6167.139 | This vulnerability could allow a remote attacker to potentially exploit heap corruption via a malicious file. | **NA**   | N.A  |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Chrome Releases: Stable Channel Update for Desktop (googleblog.com)](https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html)
+
+## Additional References
+
+- [NVD - CVE-2024-1077 (nist.gov)](https://nvd.nist.gov/vuln/detail/CVE-2024-1077)
+- [CVE-2024-1077 - Security Update Guide - Microsoft - Chromium: CVE-2024-1077 Use after free in Network](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1077)

docs/advisories/20240207001-CISA-Adds-One-Known-Exploited-Vulnerability-to-Catalog.md

@@ -0,0 +1,21 @@
+# CISA Adds One Known Exploited Vulnerability to Catalog - 20240207001
+
+## Overview
+
+Google Chrome have released a high security advisory relating to a Type Confusion vulnerability impacting in V8 in Google Chrome.
+
+## What is vulnerable?
+
+| CVE ID                                                          | Product(s) Affected                              | Severity | CVSS |
+| --------------------------------------------------------------- | ------------------------------------------------ | -------- | ---- |
+| [CVE-2023-4762](https://nvd.nist.gov/vuln/detail/CVE-2023-4762) | Google Chrome **versions before** 116.0.5845.179 | **High** | 8.8  |
+
+## What has been observed?
+
+CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [CISA Known Exploited Vulnerability](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

docs/advisories/20240207002-Critical-Android-Security-Advisory.md

@@ -0,0 +1,29 @@
+# Critical Android Security Advisory - 20240207002
+
+## Overview
+
+The Android Security Advisory releases details of a High security vulnerabilities affecting Android devices. The vulnerability could lead to remote code execution with no additional execution privileges needed.
+
+## What is vulnerable?
+
+[2024-02-01 security patch level vulnerability details](https://source.android.com/docs/security/bulletin/2024-02-01#2024-02-01-security-patch-level-vulnerability-details)
+
+| Product(s)Affected                                                                                                                                                          | Severity |
+| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
+| - [Framework](https://source.android.com/docs/security/bulletin/2024-02-01#framework) <br />- [System](https://source.android.com/docs/security/bulletin/2024-02-01#system) | **High** |
+
+[2024-02-05 security patch level vulnerability details](https://source.android.com/docs/security/bulletin/2024-02-01#2024-02-05-security-patch-level-vulnerability-details)
+
+| Product(s)Affected                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Severity |
+| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
+| - [Arm components](https://source.android.com/docs/security/bulletin/2024-02-01#arm-components) <br />- [MediaTek components](https://source.android.com/docs/security/bulletin/2024-02-01#mediatek-components) <br />- [Unisoc components](https://source.android.com/docs/security/bulletin/2024-02-01#unisoc-components)<br />- [Qualcomm components](https://source.android.com/docs/security/bulletin/2024-02-01#qualcomm-components) <br />- [Qualcomm closed-source components](https://source.android.com/docs/security/bulletin/2024-02-01#qualcomm-closed-source) | **High** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Android Bulletin February 2024](https://source.android.com/docs/security/bulletin/2024-02-01)

docs/advisories/20240208001-Linux-Shim-Loader-RCE-Vulnerability.md

@@ -0,0 +1,26 @@
+# Shim Bootloader RCE Vulnerability - 20240208002
+
+## Overview
+
+A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
+
+## What is vulnerable?
+
+| Product(s) Affected              | Summary                                                               | Severity     | CVSS |
+| -------------------------------- | --------------------------------------------------------------------- | ------------ | ---- |
+| Red Hat Enterprise Linux 7, 8, 9 | [**CVE-2023-40547**](https://nvd.nist.gov/vuln/detail/CVE-2023-40547) | **Critical** | 9.8  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48hrs...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [**Shim Github Repository**](https://github.com/rhboot/shim/releases/tag/15.8)
+
+## Additional References
+
+- [Dark Reading: Linux Distros Hit by RCE Vulnerability in Shim Bootloader](https://www.darkreading.com/vulnerabilities-threats/rce-vulnerability-in-shim-bootloader-impacts-all-linux-distros)
+- [Red Hat Customer Portal](https://access.redhat.com/security/cve/CVE-2023-40547)