16 May 2025
Week in review
Greetings,
Just a few more sleeps until AUSCERT2025 kicks off! Registrations are closing soon, so if you havenโt secured your spot yet, nowโs the timeโdonโt miss out! This year promises to impress with a fantastic line-up of empowering tutorials, thought-provoking speakers, and plenty of fun activities. Check out the full program here!
This week we saw further examples of vulnerabilities in information security devices being actively exploited in the wild, namely Ivanti and Fortinet. Such devices are commonly deployed at the network edge of organisations, making them visible to anyone on the Internet and always on. Threat actors have been consistently observed specifically targeting these kinds of vulnerabilities and exploiting them. The ACSC released a critical alert for Ivanti products, highlighting how multiple moderate severity vulnerabilities can be chained together to produce potentially significant impacts. Multiple vulnerabilities in Fortinet products have also been observed being exploited, some of which have a CVSS rating of 9.8 (Critical).
The Australian Taxation Office (ATO) has issued a warning about fraudulent websites disseminating false information regarding changes to superannuation preservation and withdrawal rules, purportedly effective from 1 June 2025. Deputy Commissioner Emma Rosenzweig confirms that the preservation age remains at 60 for individuals born on or after 1 July 1964. The ATO advises relying on official sources for accurate information and cautions against unofficial websites and unsolicited advice that may attempt to collect personal information. Verifying the credentials of tax professionals through the Tax Practitioners Board is also recommended.
SAP patches second zero-day flaw exploited in recent attacks
Date: 2025-05-13
Author: Bleeping computer
SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day.
The company issued security updates for this security flaw (CVE-2025-42999) on Monday, May 12, saying it was discovered while investigating zero-day attacks involving another unauthenticated file upload flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer that was fixed in April.
ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
Date: 2025-05-12
Author: The Hacker News
ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution.
DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a dedicated site hosted at "driverhub.asus[.]com."
FortiOS Authentication Bypass Vulnerability Lets Attackers Take Full Control of Device
Date: 2025-05-13
Author: Cyber Security News
[AusCERT has identified the impacted members (where possible) and contacted them via email]
Fortinet has disclosed a significant security vulnerability affecting multiple Fortinet products, allowing attackers to bypass authentication and gain administrative access to affected systems.
The vulnerability, CVE-2025-22252 (Missing Authentication for Critical Function), affects FortiOS, FortiProxy, and FortiSwitchManager products configured to use TACACS+ with ASCII authentication.
Hackers now testing ClickFix attacks against Linux targets
Date: 2025-05-12
Author: Bleeping Computer
A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible.
ClickFix is a social engineering tactic where fake verification systems or application errors are used to trick website visitors into running console commands that install malware.
These attacks have traditionally targeted Windows systems, prompting targets to execute PowerShell scripts from the Windows Run command, resulting in info-stealer malware infections and even ransomware.
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
Date: 2025-05-14
Author: The Hacker News
[AUSCERT has identified and contacted potentially impacted members where possible]
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution.
The vulnerabilities in question are listed below –
CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials
CVE-2025-4428 (CVSS score: 7.2) – A remote code execution vulnerability in Ivanti Endpoint Manager Mobile allowing attackers to execute arbitrary code on the target system
ASB-2025.0098 – Microsoft Windows: CVSS (Max): 8.8
Microsoft's May 2025 Patch Tuesday addressed 72 vulnerabilities, including five zero-day flaws currently under active exploitation. Among these, two critical elevation-of-privilege bugs in the Windows Common Log File System (CLFS) driver (CVE-2025-32701 and CVE-2025-32706) allow attackers to gain SYSTEM-level access, calling for immediate patching.
ESB-2025.2958 – Apple iOS 18.5 and iPadOS 18.5: CVSS (Max): 7.8*
Apple has released iOS 18.5 and macOS updates to address critical vulnerabilities that could allow attackers to execute arbitrary code simply by opening malicious images, videos, or websites.
ESB-2025.3015 – Juniper Secure Analytics: CVSS (Max): 9.8
Juniper Networks has patched nearly 90 vulnerabilities in its Secure Analytics virtual appliance, which collects security events from network devices, endpoints, and applications. These vulnerabilities have been resolved in 7.5.0 UP11 IF03.
ESB-2025.3070 – Intel Processors: CVSS (Max): 5.6
Intel has addressed multiple CPU vulnerabilities, including CVE-2024-45332, and is releasing microcode updates to mitigate these threats and protect against potential information leaks.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
