Week in review
AUSCERT Week in Review for 14th March 2025
Greetings,
After last week’s whirlwind, it’s a relief to feel a sense of normality returning. However, for many still dealing with the aftermath of Cyclone Alfred, the road to recovery is far from over. Let’s stay mindful, support one another, and remain vigilant—especially as scammers continue to exploit those affected.
With AI-generated scams on the rise, this week, we’re focusing on how to recognise them, spot key warning signs, and protect ourselves.
Language can be a clear indicator of AI-generated content. Be on the lookout for overly formal phrasing, a lack of personal warmth, or awkward sentence structures. Similarly, when evaluating AI-generated visuals and audio, watch for unnatural movements, features that appear flawless yet artificial, and lighting inconsistencies. Backgrounds that look fabricated or hand gestures that seem stiff and unrealistic are additional warning signs.
Voice cloning and scam calls are another growing threat. Watch out for any unusual pacing, voices that sound inhumanly fast or slow, or a lack of natural pauses. Speech that comes across as either too flat or overly dramatic, along with tonal or pronunciation inconsistencies, can also be red flags.
To protect yourself from AI-driven scams, always stay cautious and verify unsolicited emails, calls, and messages. If an offer seems too good to be true or a request feels urgent, confirm it independently by reaching out to the person directly via a verified phone number or email. Never click on unknown links or respond without proper validation. Staying informed about the latest AI-driven scams is one of your strongest defences, as awareness helps you spot red flags before falling victim.
Enabling Multi-Factor Authentication (MFA) adds an essential layer of security, making it significantly harder for scammers to access your accounts—even if they attempt to deceive you with AI-generated phishing tactics. Whenever possible, opt for phishing-resistant MFA for maximum protection.
While generative AI has allowed cybercriminals to craft more convincing scams, their capabilities are often exaggerated. By staying informed, cautious, and proactive, you can recognise warning signs and stay ahead of evolving threats.
Critical PHP Vulnerability Under Mass Exploitation
Date: 2025-03-10
Author: Security Week
Threat actors have started exploiting en masse a critical vulnerability in PHP that could allow remote code execution on vulnerable servers, threat intelligence firm GreyNoise warns.
The flaw, tracked as CVE-2024-4577 (CVSS score of 9.8), can be exploited on Windows servers that are using Apache and PHP-CGI, if they are set to use certain code pages, to inject arguments remotely and execute arbitrary code.
Microsoft patches 57 vulnerabilities, including 6 zero-days | CyberScoop
Date: 2025-03-11
Author: Cyber Scoop
[See AUSCERT Bulletins: https://portal.auscert.org.au/bulletins/ASB-2025.0049/,
https://portal.auscert.org.au/bulletins/ASB-2025.0048/,
https://portal.auscert.org.au/bulletins/ASB-2025.0047/,
https://portal.auscert.org.au/bulletins/ASB-2025.0046/,
https://portal.auscert.org.au/bulletins/ASB-2025.0045/]
Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale.
Apple fixed the third actively exploited zero-day of 2025
Date: 2025-03-11
Author: Security Affairs
[See AUSCERT Bulletins: https://portal.auscert.org.au/bulletins/ESB-2025.1571/, https://portal.auscert.org.au/bulletins/ESB-2025.1570/,
https://portal.auscert.org.au/bulletins/ESB-2025.1569/]
Apple has released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24201, in the WebKit cross-platform web browser engine.
The vulnerability is an out-of-bounds write issue that was exploited in “extremely sophisticated” attacks.
Mozilla warns users to update Firefox before certificate expires
Date: 2025-03-12
Author: Bleeping Computer
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates.
The Mozilla certificate is set to expire this Friday, March 14, 2025, and was used to sign content, including add-ons for various Mozilla projects and Firefox itself.
Users need to update their browsers to Firefox 128 (released in July 2024) or later and ESR 115.13 or later for 'Extended Support Release' (ESR) users.
The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence
Date: 2025-03-07
Author: Security Affairs
Differential privacy (DP) protects data by adding noise to queries, preventing re-identification while maintaining utility, addressing Artificial Intelligence -era privacy challenges.
In the era of Artificial Intelligence, confidentiality and security are becoming significant challenges. Traditional anonymization techniques, such as pseudonymization and k-anonymity, have proven inadequate against sophisticated re-identification attacks.
Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
Date: 2025-03-12
Author: The Hacker News
Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms.
"At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts," the company said, adding it observed the activity on March 9, 2025.
The countries which have emerged as the target of SSRF exploitation attempts include the United States, Germany, Singapore, India, Lithuania, and Japan. Another notable country is Israel, which has witnessed a surge on March 11, 2025.
ESB-2025.1570 – Apple iOS & iPadOS: CVSS (Max): None
Apple released a security update on Tuesday to address a zero-day flaw, CVE-2025-24201, in the WebKit browser engine. The vulnerability, an out-of-bounds write issue, could allow malicious web content to escape the Web Content sandbox. The update improves checks to prevent unauthorized actions.
ASB-2025.0049 – Microsoft Windows: CVSS (Max): 8.8*
Microsoft latest patch release fixes multiple flaws in Windows products. Several vulnerabilities are under active exploitation, including CVE-2025-26633, a security bypass in Microsoft Management Console allowing code execution through MSC files. CVE-2025-24993 and CVE-2025-24985, remote code execution flaws in NTFS and Fast FAT, are triggered by mounting a crafted VHD. Additionally, CVE-2025-24983 enables privilege escalation, while CVE-2025-24984 and CVE-2025-24991 expose sensitive information, requiring urgent patching.
ESB-2025.1552 – VMware Products: CVSS (Max): 9.3
Broadcom released an advisory for three zero-day vulnerabilities in VMware products, including CVE-2025-22224 (heap overflow), CVE-2025-22225 (arbitrary write), and CVE-2025-22226 (information disclosure). These vulnerabilities, impacting ESXi, Workstation, and Fusion, were discovered by Microsoft's MSTIC and are being actively exploited.
ESB-2025.1533 – Google Chrome: CVSS (Max): None
Google has released a critical update for Chrome, advancing the stable channel to version 134.0.6998.88 for Windows, Mac, and Linux, and 134.0.6998.89 for the Extended Stable channel. The update includes high-priority security fixes to protect users from potential threats.
ESB-2025.1628 – Adobe Acrobat Reader: CVSS (Max): 7.8
As part of its regular Patch Tuesday update, Adobe issued a bulletin highlighting a number of security vulnerabilities in Adobe Acrobat and Reader for both Windows and macOS. The company warned that successful exploitation could lead to arbitrary code execution and memory leaks.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
Learn more
