10 Jan 2025
Week in review
Greetings,
As we return to work, holiday scams continue to affect Australians. NAB’s fraud and cyber security experts have outlined emerging scams to watch for in 2025:
-
AI-Driven Scams
Criminals use deepfakes—AI-generated impersonations of people—to create realistic voicemails, videos, or social media posts. Be cautious of investment opportunities promoted by high-profile figures and always do your own research. -
Cryptocurrency Investment Scams
Scammers lure victims into fake crypto-trading apps with promises of high returns. While small withdrawals may seem legitimate, larger ones will encounter hidden fees or lockouts. Always verify credentials and research the investment. -
Bucket List Scams
Scammers target people dreaming of international travel or events, using social media to offer false opportunities. Research the seller's profile, activity, and reviews before proceeding. -
Remote Access Scams Targeting Businesses
Scammers impersonate trusted organisations, like banks, convincing businesses to grant remote access to sensitive information. Never give remote access to unexpected callers or emails, and investigate suspicious requests. -
Phishing Scams
Phishing remains common, with criminals impersonating banks, government agencies, or even friends. A new trend targets people with messages about expiring rewards points. Be sceptical of unsolicited contact—delete or hang up if in doubt.
Stay safe and vigilant!
SonicWall urges admins to patch exploitable SSLVPN bug immediately
Date: 2025-01-08
Author: Bleeping Computer
SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation."
In an email sent to SonicWall customers and shared on Reddit, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them immediately to prevent exploitation.
Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability
Date: 2025-01-03
Author: Security Week
SafeBreach has published proof-of-concept (PoC) exploit code targeting a recently resolved denial-of-service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP).
The issue, tracked as CVE-2024-49113 (CVSS score of 7.5), was patched on December 10 along with a critical remote code execution (RCE) flaw in LDAP (CVE-2024-49112, CVSS score of 9.8).
Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions
Date: 2025-01-03
Author: Security Online
The popular React framework, Next.js, has addressed a security vulnerability that could have allowed attackers to launch denial-of-service (DoS) attacks against applications using Server Actions. The vulnerability, tracked as CVE-2024-56332, was responsibly disclosed by the PackDraw team.
Next.js, known for its performance and developer-friendly features, is used by many high-traffic websites and applications. Server Actions, a relatively new feature, enable server-side data fetching and mutations, enhancing application performance and security.
Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product
Date: 2025-01-08
Author: Security Week
[AUSCERT identified the impacted members (where possible) and contacted them via email]
Embattled IT software vendor Ivanti on Wednesday raised an alarm for a pair of remotely exploitable vulnerabilities in its enterprise-facing products and warned that one of the bugs has already been exploited in the wild.
The high-severity vulnerabilities, tagged as CVE-2025-0282 and CVE-2025-0283, allow unauthenticated remote attackers to launch code execution and privilege escalation attacks.
“We are aware of a limited number of customers’ Ivanti Connect Secure appliances being exploited by CVE-2025-0282 at the time of disclosure.
Bad Tenable plugin updates take down Nessus agents worldwide
Date: 2025-01-03
Author: Bleeping Computer
Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates.
As the cybersecurity company acknowledged in an incident report issued after pausing plugin updates to prevent the issue from impacting even more systems, the agents went offline "for certain users on all sites."
This ongoing incident affects systems updated to Nessus Agent versions 10.8.0 and 10.8.1 across the Americas, Europe, and Asia. Tenable has since pulled the bad versions and released Nessus Agent version 10.8.2 to fix the issue causing agents to shut down.
ESB-2025.0099 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 9.9*
GitLab has released patch updates (versions 17.7.1, 17.6.3, 17.5.5) to fix security vulnerabilities in its import functionality and core features. The vulnerabilities (CVE-2024-5655, CVE-2024-6385, CVE-2024-6678, CVE-2024-8970) could allow system exploitation. The user contribution mapping functionality has been redesigned to resolve these issues.
ESB-2025.0103 – Expedition Migration Tool: CVSS (Max): 7.8
Palo Alto Networks released a security advisory for vulnerabilities in its Expedition migration tool, which could expose sensitive data and allow unauthorised actions. The tool helps organisations transition to Palo Alto's next-gen firewall platform. Identified vulnerabilities could lead to unauthorised access to usernames, passwords, and device configurations.
ESB-2025.0039 – Android: CVSS (Max): 9.8*
Android's first security update of the year addresses several critical and high-severity vulnerabilities affecting many devices. The update highlights five critical remote code execution (RCE) flaws in Android's core system components, potentially allowing attackers to execute code without extra privileges. These vulnerabilities pose significant security risks to affected devices.
ESB-2025.0057 – ABB ASPECT-Enterprise, NEXUS, and MATRIX series: CVSS (Max): 10
Multiple vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX series products have been reported, which could enable an attacker to disrupt operations or execute remote code. The vendor has identified the specific workarounds and mitigations users can apply to reduce risks.
ESB-2025.0056 – Mozilla Foundation Products: CVSS (Max): None
Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, security restriction bypass, denial of service condition, remote code execution and spoofing on the targeted system.
ESB-2025.0048 – Google Chrome: CVSS (Max): None
Google released a critical security update for Chrome to fix a high-severity "Type Confusion" vulnerability in its V8 JavaScript engine. The flaw, tracked as CVE-2025-0291, could allow attackers to execute malicious code and compromise user systems. The update is being rolled out for Windows, Mac, and Linux users.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
