11 Apr 2025
Week in review
Greetings
Register now for our upcoming webinar examining the evolving role of cyber security in shaping organisational value propositions, led by AUSCERT general manager Ivano Bongiovanni. Taking place on Tuesday, 6 May, from 12:00pm to 1:00pm AEST, this dynamic panel discussion will feature leading industry experts sharing insights, challenges, and strategies connecting cyber security and business value. Panellists include Charles McDermid (BOQ), Rob Nobilo (Google), Lukasz Gogolkiewicz (Accent Group Ltd), and Dr Jodie Siganto (Privacy108). Don’t miss this opportunity to gain valuable perspectives from some of the most influential voices in the field—register today to secure your spot.
The session will explore the evolution of Cyber Security-as-a-Service (CSaaS), with a spotlight on the rising influence of end-customers as a third market force. While still much smaller than the traditional B2B space, consumer demand is accelerating as individuals become more informed about cyber risks and increasingly value cyber security in their purchasing choices. This shift is evident in the widespread adoption of tools such as multi-factor authentication (MFA) and VPNs, as well as in marketing strategies that now frame cyber security as a core value-add.
For providers such as MSSPs, this trend presents both opportunities and responsibilities—the need to remain ethical, innovative, and trusted is more important than ever. On the other side, demand-side organisations must navigate vendor complexity and ensure their cyber security investments align with overarching business objectives. Looking ahead, emerging B2B2C models—offering cyber security support not only to employees but also to their families—are opening new market opportunities while encouraging safer digital behaviours across work and home environments.
As servitisation, trust, and adaptability continue to shape the future of CSaaS, this timely and thought-provoking discussion is one you won’t want to miss. Register now!
Australian pension funds hit by wave of credential stuffing attacks
Date: 2025-04-04
Author: Bleeping Computer
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts.
The Association of Superannuation Funds of Australia (ASFA), Australia's advocacy body for the superannuation industry, said today that "a number of members were affected" even though the "majority of the attempts were repelled."
Reuters has learned from a source familiar with the matter that over 20,000 accounts were breached in this massive wave of attacks targeting Australia's superannuation industry, with some members reportedly losing some of their savings.
China-backed espionage group hits Ivanti customers again
Date: 2025-04-03
Author: CyberScoop
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.
Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company’s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March.
CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
Date: 2025-04-08
Author: Infosecurity Magazine
[AUSCERT contacted the potentially vulnerable members via email on 26 March 2025]
The US top cybersecurity agency has confirmed that the critical vulnerability in file transfer solution provider CrushFTP’s product is being exploited in the wild. The authentication bypass vulnerability, CVE-2025-31161, was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog on April 7.
SAP April 2025 Update Fixes Critical Code Injection Vulnerabilities
Date: 2025-04-09
Author: gbhackers
SAP Security Patch Day has introduced a critical update to address vulnerabilities in SAP products, including high-severity code injection weaknesses.
A total of 18 new Security Notes, along with 2 updates to existing notes, were released to tackle serious risks such as unauthorized access, code injection, and directory traversal.
SAP recommends customers promptly apply these patches to safeguard their systems and ensure the robustness of their SAP landscapes.
Oracle says "obsolete servers" hacked, denies cloud breach
Date: 2025-04-09
Author: Bleeping Computer
Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers."
However, the company added that its Oracle Cloud servers were not compromised, and this incident did not impact customer data and cloud services.
"Oracle would like to state unequivocally that the Oracle Cloud—also known as Oracle Cloud Infrastructure or OCI—has NOT experienced a security breach," Oracle says in a customer notification shared with BleepingComputer.
ESB-2025.2224.2 – FortiSwitch: CVSS (Max): 9.3
A recently revealed critical vulnerability in Fortinet’s FortiSwitch product line is sparking serious security concerns. Identified as CVE-2024-48887, the flaw allows remote, unauthenticated attackers to reset administrator passwords without needing prior access—posing a significant risk to organizations that depend on FortiSwitch for their network infrastructure.
ESB-2025.2214 – Google Chrome: CVSS (Max): 8.8
Google has released an important security update for its Chrome browser, addressing a serious vulnerability that could potentially allow attackers to execute code remotely. The issue, tracked as CVE-2025-3066, affects Chrome's Site Isolation feature, highlighting the critical role regular browser updates play in defending against cyber threats. The update, rolled out on April 8, 2025, updates the Chrome Stable Channel to version 135.0.7049.84/.85 for Windows and Mac, and 135.0.7049.84 for Linux.
ASB-2025.0059 – Microsoft Windows: CVSS (Max): 8.8
Microsoft has released security fixes to address a massive set of 125 flaws affecting its software products, including an active exploitation of a zero-day vulnerability in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824.
ESB-2025.2191 – Android: CVSS (Max): 8.8*
The April 2025 Android Security Bulletin details multiple vulnerabilities affecting Android devices, all addressed by the 2025-04-05 security patch level. The most severe is a critical System vulnerability that allows remote privilege escalation without user interaction or extra permissions, especially dangerous if mitigations are bypassed or disabled.
ESB-2025.2242 – Juniper Junos OS: CVSS (Max): 10.0
Juniper Networks' April 2025 Security Bulletin addresses multiple vulnerabilities in Junos Space, Junos OS, and related products including CVE-2024-36971. The Junos Space 24.1R3 release resolves several critical and high-severity vulnerabilities, including remote code execution and denial-of-service issues. Users are advised to upgrade to Junos Space 24.1R3 and Junos OS versions 21.4R3-S10 or later to mitigate these risks.
ESB-2025.2317 – Adobe ColdFusion: CVSS (Max): 9.1
Adobe's April 2025 Patch Tuesday release addresses 54 security vulnerabilities, including critical flaws in products like ColdFusion, FrameMaker, Photoshop, and Adobe Commerce. The most urgent fix is for ColdFusion, with 15 vulnerabilities that could allow arbitrary code execution, file system access, and security feature bypasses. Eleven of these vulnerabilities are ranked as critical, with CVSS scores between 7.5 and 9.1.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
