17 Jan 2025
Week in review
Greetings,
This week served as a valuable reminder, as we begin the new year, of the critical importance of maintaining vigilance in cyber security practices. Keeping systems patched and updated is essential because software updates often address newly discovered vulnerabilities that attackers could exploit. Failing to apply these updates can leave systems vulnerable to threats such as malware, ransomware, and unauthorised access. Each patch typically resolves security gaps, enhances functionality, and improves software stability. Therefore, regularly checking for updates and applying patches promptly is crucial for maintaining robust defences in the ever-evolving cyber security landscape.
This week, Microsoft rolled out fixes for 160 security flaws across a range of Windows OS and applications, marking the highest number of CVEs addressed in a single month since 2017. This update included patches for three actively exploited zero-day vulnerabilities affecting Windows Hyper-V NT Kernel Integration VSP, remote code execution risks in Microsoft Digest Authentication, Remote Desktop Services, Windows OLE, Microsoft Excel, and Windows RMCAST.
Additionally, the Australian Signals Directorate (ASD) published an article on "Secure by Design" principles, highlighting common weaknesses in operational technology components. These weaknesses include weak authentication, known software vulnerabilities, limited logging, insecure default settings and passwords, and outdated protocols. Such flaws can be easily exploited by cyber threat actors to gain unauthorised access to systems.
Over 660,000 Rsync servers exposed to code execution attacks
Date: 2025-01-15
Author: Bleeping Computer
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers.
Rsync is an open-source file synchronization and data transferring tool valued for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage.
It supports local file systems transfers, remote transfers over secure protocols like SSH, and direct file syncing via its own daemon.
Ivanti Patches Critical Vulnerabilities in Endpoint Manager
Date: 2025-01-15
Author: Security Week
Ivanti on Tuesday announced patches for multiple critical- and high-severity vulnerabilities in Avalanche, Application Control Engine, and Endpoint Manager (EPM).
The most severe of the resolved flaws are four absolute path traversal issues in Ivanti EPM that could allow remote, unauthenticated attackers to leak sensitive information.
Tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159 (CVSS score of 9.8), the bugs impact EMP versions 2024 and 2022 SU6 that have the November 2024 security update installed.
Zyxel Urges Patch Application for Privilege Escalation Vulnerability (CVE-2024-12398)
Date: 2025-01-13
Author: Security Online
Zyxel has issued an advisory for a newly identified security vulnerability, CVE-2024-12398, that affects multiple access points (AP) and security routers. With a CVSS score of 8.8, this vulnerability underscores the urgency for users to apply patches immediately to protect their systems from potential exploitation.
The vulnerability is an improper privilege management flaw within the web management interface of certain Zyxel AP and router firmware versions.
CVE-2025-22777 (CVSS 9.8): Critical Security Alert for GiveWP Plugin with 100,000 Active Installations
Date: 2025-01-11
Author: Security Online
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
A severe vulnerability has been identified in the GiveWP plugin, one of WordPressโs most widely used tools for online donations and fundraising. Tracked as CVE-2025-22777, the flaw has a CVSS score of 9.8, signaling its criticality.
With over 100,000 active installations, the GiveWP plugin powers countless donation platforms worldwide.
New macOS Exploit Revealed: PoC for CVE-2024-54498 Breaks Sandbox Security
Date: 2025-01-12
Author: Security Online
Recently, security researcher @wh1te4ever has revealed a proof of concept (PoC) exploit for CVE-2024-54498, a vulnerability that allows applications to escape the confines of the macOS Sandbox. The PoC, published on GitHub, demonstrates how malicious actors could leverage this flaw to gain unauthorized access to sensitive user data.
The macOS Sandbox is a critical security feature that restricts applications from accessing or modifying files and resources outside their designated area. This safeguard protects users from malicious software that might attempt to steal personal information, corrupt system files, or install malware.
Fortinet warns of auth bypass zero-day exploited to hijack firewalls
Date: 2025-01-14
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
[Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.0250/]
Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.
This security flaw (tracked as CVE-2024-55591) impacts FortiOS 7.0.0 through 7.0.16, FortiProxy 7.0.0 through 7.0.19, and FortiProxy 7.2.0 through 7.2.12. Successful exploitation allows remote attackers to gain super-admin privileges by making malicious requests to the Node.js websocket module.
ESB-2025.0199 – Google Chrome: CVSS (Max): None
Google has issued an urgent warning about 13 security vulnerabilities in Chrome, affecting Windows, Mac, Linux, and Android. This follows a recent exploit discovered in the "Sign In With Google" feature, risking sensitive data theft. Users are advised to update Chrome immediately to address these critical issues.
ESB-2025.0224 – Adobe Photoshop: CVSS (Max): 7.8
Adobe has released critical security fixes for over a dozen vulnerabilities across its products, including Photoshop for Windows and macOS. The updates address two high-severity arbitrary code execution flaws in Photoshop, which could be exploited by hackers. Users are urged to apply the updates immediately to mitigate the risks of remote code execution attacks.
ASB-2025.0001 – Microsoft Windows: CVSS (Max): 9.8
Microsoft has warned of three exploited zero-day vulnerabilities in the Windows Hyper-V platform, affecting the NT Kernel Integration Virtualisation Service Provider. These flaws could allow attackers to escalate privileges and gain SYSTEM-level access. Microsoft has urged urgent attention but has not provided technical details or indicators of compromise.
ESB-2025.0225 – Hitachi Energy FOXMAN-UN: CVSS (Max): 10
ICS-CERT has released an advisory regarding multiple critical vulnerabilities in Hitachi Energy's FOXMAN-UN products, including authentication bypass, argument injection, buffer overflow, improper user management, and more. These flaws could allow remote attackers to exploit the systems, potentially gaining unauthorised access and executing arbitrary code.
ESB-2025.0244 – Zoom: CVSS (Max): 8.8
Zoom has issued six security bulletins addressing multiple vulnerabilities across its product ecosystem, impacting Linux, Windows, macOS, and Android. The most critical, CVE-2025-0147, is a high-severity type confusion vulnerability in the Zoom Workplace App for Linux, allowing privilege escalation via network. Users and administrators are urged to apply updates to mitigate potential risks such as data loss, privilege escalation, and DoS attacks.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
