20240503002 & 20240503004 (#700)

* 20240503003 & 20240503004 * Format markdown docs --------- Co-authored-by: DGOV-Bryce <[email protected]>
wagov · May 3, 2024 · d98eea3 · d98eea3
1 parent 56dec06
commit d98eea3
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/docs/advisories/20240503002-Cisco-IP-Phones-Vulnerability.md b/docs/advisories/20240503002-Cisco-IP-Phones-Vulnerability.md
@@ -0,0 +1,25 @@
+# Cisco IP Phones Vulnerability - 20240503002
+
+## Overview
+
+Multiple vulnerabilities in Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, gain unauthorized access, or view sensitive information on an affected system.
+
+## What is vulnerable?
+
+| CVE                                                               | Severity | CVSS | Product(s) Affected                                                                                                                          | Dated      |
+| ----------------------------------------------------------------- | -------- | ---- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
+| [CVE-2024-20376](https://nvd.nist.gov/vuln/detail/CVE-2024-20376) | **High** | 7.5  | **IP Phone 6800, 7800, and 8800 Multiplatform Firmware versions 2.0.4 and earlier** </br> **Video Phone 8875 version 2.3.1.001 and earlier** | 01/05/2024 |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS)
+
+## Additional References
+
+- https://www.tenable.com/cve/CVE-2024-20376
diff --git a/docs/advisories/20240503004-Awareness-NSA-Highlights-Spearfishing.md b/docs/advisories/20240503004-Awareness-NSA-Highlights-Spearfishing.md
@@ -0,0 +1,21 @@
+# NSA Highlights Mitigations against North Korean Actor Email Policy Exploitation - 20240503004
+
+## Overview
+
+### What has been observed?
+
+The National Security Agency (NSA) and Federal Bureau of Investigation (FBI) have released a report detailing how Northern Korean actors are exploiting weak DMARC security policies to mask spearphishing efforts. These efforts include emails that appear to be from legitimate journalists, academics, or other experts in East Asian affairs.
+
+## What is the threat?
+
+Malicious actors commonly conduct social engineering and spear phishing attacks against organisations using fake emails. By modifying the sender’s address, or other parts of an email header to appear as though the email originated from a different source, a malicious actor is able to increase the likelihood of their target complying with a request, such as opening a malicious attachment or disclosing information.
+
+## Recommendation
+
+The WASOC recommends administrators follow the advice of the Australian Signals Directorate and implement and maintain SPF, DKIM, and DMARC to combat against email spoofing and spear phishing attempts:
+
+- [How to Combat Fake Emails](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/email-hardening/how-combat-fake-emails)
+
+## Additional References
+
+- NSA Press Release: [NSA Highlights Mitigations against North Korean Actor Email Policy Exploitation](https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3762915/nsa-highlights-mitigations-against-north-korean-actor-email-policy-exploitation/)