21 Mar 2025
Week in review
Greetings,
The Australian Signals Directorate (ASD) has reported a rise in denial-of-service (DoS) attacks targeting critical online services such as banking, healthcare, and e-commerce. This increase is partly driven by insecure “Internet of Things” (IoT) devices, which cybercriminals exploit to overload websites with unsolicited and excessive packet traffic, resulting in subsequent outages.
While organisations cannot fully prevent DoS attacks, they can mitigate the impact by following ASD’s Preparing for and Responding to Denial-of-Service Attacks guidance. Individuals can also play a role by securing their internet-connected devices using ASD resources like Internet of Things Devices and Secure Your Wi-Fi and Router.
We are honoured to welcome Lieutenant General Michelle McGuinness as a keynote speaker for AUSCERT2025. Appointed as Australia’s National Cyber Security Coordinator in February 2024, LTGEN McGuinness leads national cyber policy, major incident response, and government-wide cyber preparedness.
With 30 years of service in the Australian Defence Force, she has held key tactical, operational, and strategic roles, including Deputy Director Commonwealth Integration at the U.S. Defence Intelligence Agency. We look forward to her insights on Australia’s evolving cyber security landscape. Check out the full AUSCERT2025 program now!
Ransomware hits record high, Australia among top targets
Date: 2025-03-17
Author: Insurance Business Australia
Australia was among the 10 most targeted nations in a record-setting month for ransomware attacks, according to a cybersecurity report from Bitdefender.
The company’s March 2025 Threat Debrief found that ransomware incidents increased by 126% year-over-year, making last month the highest on record for reported attacks.
New Windows zero-day exploited by 11 state hacking groups since 2017
Date: 2025-03-18
Author: Bleeping Computer
At least 11 state-backed hacking groups have been exploiting a new Windows vulnerability in data theft and cyber espionage 0-day attacks since 2017.
However, as security researchers Peter Girnus and Aliakbar Zahravi with Trend Micro's ZDI reported today, Microsoft tagged it as "not meeting the bar servicing" in late September and said it wouldn't release security updates to address it.
"We discovered nearly a thousand Shell Link (.lnk) samples that exploit ZDI-CAN-25373; probably the total number of exploitation attempts are much higher," they said. "Subsequently, we submitted a POC exploit to Microsoft, who declined to address this vulnerability with a security patch."
Should we ban DeepSeek AI from all Australian devices? Experts weigh in
Date: 2025-03-15
Author: ABC News
Cyber security experts say the federal government should consider banning a controversial AI chatbot with Chinese origins on all Australian devices, warning it poses a "unique risk" to national security.
DeepSeek AI was banned from all government devices last month, after a directive from Australian National Security and intelligence agencies found the chatbot put the federal "technology estate" at risk.
The tech was produced in Hangzhou city in China and runs at a fraction of the price of other AI products.
Ramadan Scams on the Rise: Fake Giveaways, Crypto Traps & Fraudulent Donations
Date: 2025-03-13
Author: CloudSEK
Ramadan is a time of reflection, generosity, and heightened charitable giving. However, cybercriminals are exploiting this sacred period to launch targeted crypto scams, preying on the goodwill of individuals and organizations. From fraudulent donation requests to spreading crypto token investment schemes, these scams leverage social engineering and trust to deceive victims into transferring their digital assets.
This report examines the rising trend of Ramadan-related crypto, e-commerce and donation scams, uncovering the techniques used by cybercriminals, their impact on victims, and best practices for staying secure and making awareness and vigilance more crucial than ever.
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
Date: 2025-03-17
Author: Security Week
Security researchers warn of fresh malicious campaigns that abuse Microsoft 365 for phishing attacks, or target the service’s users to take over accounts.
As part of one campaign, attackers are leveraging legitimate Microsoft domains and tenant misconfigurations in BEC attacks likely aimed at stealing credentials and performing account takeover (ATO), Guardz warns.
The attackers were seen controlling multiple Microsoft 365 organization tenants (either new or compromised), creating administrative accounts, creating misleading full-text messages mimicking Microsoft transaction notifications, initiating a purchase or trial subscription event to generate a billing email, and then sending phishing emails using Microsoft’s infrastructure.
ESB-2025.1767 – Google Chrome: CVSS (Max): None
CVE-2025-2476 is a critical use-after-free vulnerability in the Lens component of Chrome. It allows remote attackers to exploit heap corruption through specially crafted HTML, potentially leading to arbitrary code execution. The issue arises when memory is referenced or reused after being freed, and if malicious data is injected before chunk consolidation, it could be exploited to execute arbitrary code.
ESB-2025.1731 – Atlassian Products: CVSS (Max): 9.8
The March 2025 Atlassian Security Bulletin reports 13 high-severity vulnerabilities across several products, including Bamboo, Bitbucket, Crowd, Jira, and Jira Service Management. These issues, discovered via bug bounty programs and security scans, involve various vulnerabilities such as denial of service and SQL injection, with fixes available in the latest versions. Users are urged to update to the recommended fixed versions for each affected product.
ESB-2025.1719 – Rockwell Automation Lifecycle Services with VMware: CVSS (Max): 9.8
Rockwell Automation products using VMware are vulnerable to critical flaws, including TOCTOU race conditions and out-of-bounds reads. Exploiting these vulnerabilities could allow local attackers to execute code or leak memory. Users are advised to update to fixed versions or implement security best practices to mitigate risks.
ESB-2025.1753 – Drupal Core: CVSS (Max): None
Drupal core has a moderately critical Cross Site Scripting (XSS) vulnerability in Link field attributes, affecting versions between 8.0.0 and 11.1.4. Exploitation requires edit access via core web services or a custom module, and sites with the Link module disabled are not affected. Users are advised to update to the latest versions (10.3.14, 10.4.5, 11.0.13, or 11.1.5).
Stay safe, stay patched and have a good weekend!
The AUSCERT team
