AUSCERT Week in Review for 17th April 2025

Greetings,

Easter is one of Australia’s most popular times for a getaway—whether it’s a beachside escape, a cosy countryside retreat, or an overseas adventure. But while you’re planning a well-earned break, scammers are planning how to steal your holiday and money.

As travel bookings surge over the Easter period, so too do reports of travel-related scams. Cyber criminals know many people are on the hunt for last-minute deals and accommodation—and they’re ready to take advantage.

Here are some common travel scams to watch out for this holiday season.

1. Fraudulent Listings & Accounts

Scammers often create fake accounts and listings on trusted booking platforms like Airbnb and Booking.com, using stunning photos and prices that seem too good to be true. Some go further by hacking legitimate host accounts, changing payment details, or moving communication off-platform to make easier to steal money and harder to trace them.

2. Phishing Scams

Phishing is a common tactic where scammers send malicious emails or text messages that appear to be from legitimate sources. These messages often include fake booking confirmations, flight cancellations, or requests to "verify" your information. Travel prize scams are also on the rise—offering fake giveaways or competitions to lure victims in.

3. Fake Passport Schemes

A more targeted scam aimed at Australians involves emails impersonating the Australian Passport Office. The Department of Foreign Affairs and Trade (DFAT) warned last year that these emails may contain malicious links or QR codes designed to steal personal information. DFAT stresses it will never send unsolicited emails or texts asking you to click a link—though it may send one if you request a password reset or other action.

4. Public Wi-Fi Risks

Public Wi-Fi in airports, cafes, or hotels might be convenient—but it's often unsecured and can be malicious. Hackers can exploit these networks to steal sensitive data like passwords, credit card numbers, and travel documents. If you need to connect while travelling, use a VPN and avoid accessing personal or financial accounts over public networks.

Concerns were raised this week about the future of the Common Vulnerabilities and Exposures (CVE) program due to a lack of certainty of the US government’s funding of the MITRE contract to deliver the service. A last minute reprieve was subsequently announced to extend funding for a further 11 months but doubts remains of the long term future of this critically important program.

SonicWall Patches Multiple Vulnerabilities in NetExtender VPN Client For Windows
Date: 2025-04-10
Author: Cybersecurity News

SonicWall has released security updates addressing three critical vulnerabilities in its NetExtender VPN client for Windows. The flaws, which could potentially allow attackers to escalate privileges and manipulate system files, affect both 32-bit and 64-bit versions of the software prior to version 10.3.2.

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Date: 2025-04-11
Author: The Hacker News

[Please see AUSCERT's bulletins issued for the 3 CVEs in question- https://portal.auscert.org.au/bulletins/ESB-2024.0849/, https://portal.auscert.org.au/bulletins/ESB-2023.3340/, https://portal.auscert.org.au/bulletins/ESB-2022.6458.2/]
[AUSCERT urges its members to consider the mitigation measures listed by the vendor – https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity]
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
Date: 2025-04-11
Author: The Hacker News

Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a surge in suspicious login scanning activity targeting its appliances.
"Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a vulnerability," a spokesperson for the company told The Hacker News. "We continue to actively monitor this situation and analyze the reported activity to determine its potential impact and identify if mitigations are necessary."

Australian Cyber Network releases inaugural State of the Industry 2024 report
Date: 2025-04-16
Author: Cyber Daily

The Australian Cyber Network (ACN) has released a first-of-its-kind, benchmark report into the state of the nation’s cyber security industry, and while some of the figures paint a picture of a growing and vital sector of the economy, others reveal a far darker truth – Australia needs to do a lot more to keep pace with rising threats. The inaugural State of the Industry 2024 report reveals an industry that contributes $9.99 billion to Australia’s gross value added (GVA) and attracted $348 million in investment in 2024 alone. It’s also home to more than 137,000 cyber security workers and professionals.

MITRE's CVE program given last-minute reprieve
Date: 2025-04-17
Author: iTNews

A last-minute change of plan has lead to US officials extending support for MITRE's Common Vulnerabilities and Exposures (CVE) database for an additional 11months. The database acts as a catalogue for cyber weaknesses and allows IT administrators to quickly flag and triage the different bugs and hacks discovered daily.

ESB-2025.2434 – Apple iOS 18.4.1 and iPadOS 18.4.1: CVSS (Max): 7.5

Apple released urgent updates to address two security vulnerabilities (CVE-2025-31200 and CVE-2025-31201) that had been exploited in sophisticated attacks against specific iOS targets. The flaws included a code execution issue related to CoreAudio and a mitigation bypass in the RPAC feature. Although the vulnerabilities affect iOS, iPadOS, and macOS, Apple reported limited exploitation on iPhones and did not disclose further details on the attacks.

ESB-2025.2399 – Mozilla Firefox: CVSS (Max): None

Mozilla has released Firefox 137.0.2 to address a high-severity security vulnerability (CVE-2025-3608) in the nsHttpTransaction component that could lead to memory corruption and potential code execution by attackers. Discovered by the Mozilla Fuzzing Team, the flaw involves a race condition that may cause browser instability under specific network conditions. Users are urged to update to the latest version to mitigate risks associated with this vulnerability.

ESB-2025.2389 – Google Chrome: CVSS (Max): None

Google confirmed two serious Chrome vulnerabilities: CVE-2025-3619, a heap buffer overflow in Codecs, and CVE-2025-3620, a critical use-after-free issue in USB functionality. CVE-2025-3620 poses the greatest risk, as it could allow attackers to execute arbitrary code. Users are urged to update their Chrome browsers to the latest version for protection.

ASB-2025.0067 – Oracle Commerce: CVSS (Max): 9.8

Multiple high-risk vulnerabilities have been reported for Oracle Commerce, with a CVSS of 9.8, indicating significant potential for exploitation. These vulnerabilities could be exploited remotely by attackers to compromise the system's confidentiality, integrity, and availability. Affected systems include various versions of Oracle Commerce running on Linux, UNIX, and Windows operating systems.

Stay safe, stay patched and have a good weekend!

The AUSCERT team