21 Feb 2025
Week in review
Greetings,
Join Our Upcoming Webinar: Strengthen Your Security with Maturity Assessments! Don’t miss our upcoming webinar, where we’ll introduce our new Maturity Assessment service—an essential tool for evaluating your organisation’s security posture against critical NIST controls. Learn how to identify gaps and risks across people, processes, and technology, helping you build more resilient cybersecurity practices. Register Now and take the next step in enhancing your organisation’s security!
Cyber threats continue to pose significant risks to businesses across all industries, and the healthcare sector is no exception. Genea, a nationwide IVF provider with 21 locations, recently fell victim to a cyber attack, leading to unauthorised data access and system disruptions. While the full extent of the breach is still unfolding, the attack has already caused a phone outage and disrupted the My Genea App, impacting both patients and staff. Many patients remain uninformed, with some yet to receive official communication about the breach. Others, frustrated and anxious, have spent days attempting to contact Genea with urgent clinical inquiries, further highlighting the severe operational and patient care implications of the attack.
This incident serves as a stark reminder that no organisation is immune to cyber threats, and the ability to respond quickly and effectively is crucial to minimising damage. A well-structured Cyber Incident Response Plan (CIRP) is the backbone of any organisation’s cyber security strategy. No matter how strong an organisation’s security measures are, breaches can still occur. When they do, a well-written CIRP helps teams to respond swiftly, contain the damage, and recover operations with minimal disruption. Without a clear response strategy, businesses risk prolonged downtime, data loss, regulatory penalties, and reputational damage—all of which can have long-term consequences.
At AUSCERT, we provide tailored incident response plans designed to meet your operational needs and regulatory requirements. A strong CIRP not only helps mitigate risks but also enhances resilience against future attacks. Don’t wait for a breach to expose gaps — be prepared. Enquire today about our bespoke Cyber Incident Response Plans and safeguard your organisation. AUSCERT members receive 15% off this essential service!
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
Date: 2025-02-14
Author: CyberScoop
Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens.
Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday.
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Date: 2025-02-18
Author: The Hacker News
[Please also see AUSCERT bulletins: https://portal.auscert.org.au/bulletins/ESB-2025.1166/
https://portal.auscert.org.au/bulletins/ESB-2025.1165/
https://portal.auscert.org.au/bulletins/ESB-2025.1142]
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
Palo Alto Networks tags new firewall bug as exploited in attacks
Date: 2025-02-19
Author: Bleeping Computer
[Please also see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.1026.3/]
Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks.
The vendor first disclosed the authentication bypass vulnerability tracked as CVE-2025-0108 on February 12, 2025, releasing patches to fix the vulnerability. That same day, Assetnote researchers published a proof-of-concept exploit demonstrating how CVE-2025-0108 and CVE-2024-9474 could be chained together to gain root privileges on unpatched PAN-OS firewalls.
Australia Imposes Sanctions On Medibank Private Cyberattack
Date: 2025-02-14
Author: The Cyber Express
The government of Prime Minister Anthony Albanese has imposed additional cyber sanctions in response to a major 2022 cyberattack that hit Medibank Private.
The breach, which compromised millions of customers’ sensitive medical data, marked a turning point in Australia’s approach to cyber security. The Medibank Private cyberattack not only targeted the personal information of Medibank’s customers but also saw portions of the stolen data published on the dark web.
Ransomware-as-a-service actors drive four-times increase in ransomware attacks
Date: 2025-02-17
Author: Cyber Daily
Every year, Barracuda Networks releases a detailed cyber security report based on its managed extended detection and response business, and while the previous 12 months saw relatively consistent activity across the year, ransomware activity increased dramatically.
The numbers that Barracuda can draw on for its analysis are impressive. The company tracked 11 trillion IT events in total and found that more than 1 million of them were potential risks requiring assessment.
Microsoft Patches Actively Exploited CVE-2025-21355 RCE Vulnerability in Bing
Date: 2025-02-20
Author: The Hacker News
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below –
CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability
"Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network," the tech giant said in an advisory for CVE-2025-21355. No customer action is required.
ESB-2025.1214 – Linux kernel: CVSS (Max): 9.1*
Several security issues were fixed in the Linux kernel. An attacker could possibly exploit these vulnerabilities to compromise the system. This major update corrects these flaws.
ESB-2025.1171 – Atlassian Products: CVSS (Max): 9.8
The vulnerabilities reported in this Security Bulletin include 7 high-severity vulnerabilities and 5 critical-severity vulnerabilities which have been fixed. Atlassian recommends patching your instances to the latest version or one of the Fixed Versions as advised in this Security Bulletin.
ESB-2025.1155 – IBM Security QRadar SIEM: CVSS (Max): 9.8
IBM QRadar SIEM includes vulnerable components (e.g. framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update.
ESB-2025.1144 – Docker: CVSS (Max): 9.9
Several security issues were fixed in Docker. Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed in Ubuntu 24.04 LTS.
ESB-2025.1168 – Citrix NetScaler Console and NetScaler Agent: CVSS (Max): 8.8
A vulnerability has been discovered in NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. Cloud Software Group strongly urges customers of NetScaler Console and NetScaler Agent to install the relevant updated versions as soon as possible.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
