22 Aug 2025
Week in review
Greetings,
We are excited to announce the release of a new episode of Share Today, Save Tomorrow – Episode 43: Behind the Code: Josh Hopkins on Building, Leading, and Leveling Up AUSCERT.
In this episode, host Bek Cheb sits down with Josh, our Team Leader of Development, for an open and insightful chat about life behind the screens in cyber defence.
From his unexpected journey into cyber security to leading a dynamic development team, Josh reflects on the twists and turns of his career, describes the sometimes-unpredictable nature of a typical working day, and how experimentation, collaboration, and a passion for building innovation within the team makes working at AUSCERT so unique.
This episode is available on Spotify and Apple Podcasts.
This week, iiNet, owned by TPG Telecom, has confirmed that an unknown third party gained unauthorised access to iiNet’s order management system on Saturday, August 16, 2025. The breach led to the extraction of approximately 280,000 email addresses, along with 10,000 usernames, phone numbers, and nearly 1,700 modem setup passwords, though no financial or identity documents were compromised.
TPG responded swiftly by isolating the breach, engaging external cyber security experts, and initiating its incident response plan immediately upon discovery. Customers are being contacted directly and urged to remain vigilant against phishing attempts.
Apple fixes new zero-day flaw exploited in targeted attacks
Date: 2025-08-20
Author: Bleeping Computer
[AUSCERT has published security bulletins for these Apple updates]
Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack."
Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats.
Cisco Patches Critical Vulnerability in Firewall Management Platform
Date: 2025-08-15
Author: Security Week
[AUSCERT has published security bulletins for these Cisco updates]
Cisco has published more than 20 security advisories as part of its August 2025 bundled publication for Secure Firewall Management Center (FMC), Secure Firewall Threat Defense (FTD), and Secure Firewall Adaptive Security Appliance (ASA) products.
The most serious vulnerability — based on its severity rating — is CVE-2025-20265, a critical flaw affecting the Secure FMC platform designed for managing and monitoring Cisco FTD appliances and other security solutions.
TPG Telecom reveals iiNet order management system breached
Date: 2025-08-19
Author: iTnews
TPG Telecom has revealed that iiNet’s order management system was breached by an unknown attacker who abused legitimate credentials to gain access.
The telco said that it “appears” that a list of email addresses and phone numbers was extracted from the system.
The order management system is used to create and track orders for iiNet services.
Microsoft: Recent Windows updates may fail to install via WUSA
Date: 2025-08-18
Author: Bleeping Computer
Microsoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalone Installer (WUSA).
WUSA is a built-in command-line tool that helps IT admins install and uninstall Microsoft Standalone Update (.msu) files through the Windows Update Agent API to deploy and remove patches, hotfixes, and updates.
This known issue affects Windows 11 24H2 and Windows Server 2025 systems on enterprise networks, as WUSA isn't a common method for installing Windows updates on home devices.
HR giant Workday discloses data breach after Salesforce attack
Date: 2025-08-18
Author: Bleeping Computer
Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.
As the company revealed in a Friday blog, the attackers gained access to some of the information stored on the compromised CRM systems, adding that no customer tenants were impacted.
ESB-2025.5731 – Cisco Secure Firewall Management Center Software: CVSS (Max): 10.0
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. Cisco has released software updates that address this vulnerability.
ESB-2025.5888 – firefox-esr: CVSS (Max): 9.8
Multiple security issues have been found and patched in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy.
ESB-2025.5881 – Linux kernel (IoT): CVSS (Max): 9.8*
Several security issues were discovered and patched in the Linux kernel. An attacker could possibly use these to compromise the system.
ESB-2025.5710 – IBM Security QRadar SIEM: CVSS (Max): 9.4
Vulnerable components in IBM Security QRadar SIEM (e.g., framework libraries) have been identified that may be exploited with automated tools. IBM QRadar Data
Synchronization app for IBM QRadar SIEM has addressed the applicable CVEs.
ESB-2025.5788 – Apache HTTP Server: CVSS (Max): 9.1
Several security issues were fixed in Apache HTTP Server that potentially allowed remote attackers to perform HTTP response splitting attacks, send outbound proxy requests to an arbitrary url, insert escape characters into log files, bypass access control, denial of service, or perform configuration changes in certain environments.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
