23 May 2025
Week in review
Greetings,
What a week it’s been! AUSCERT2025 kicked off with a bang, delivering a truly unforgettable experience filled with groundbreaking tutorials, exploratory presentations, and engaging initiatives that brought the cyber security community together like never before.
The week launched with a diverse lineup of hands-on tutorials covering a wide spectrum of subjects — from network security, security culture and awareness, to many other topical and emerging challenges facing the infosec world today. Each session was led by passionate experts, creating an environment that encouraged learning, sharing, and thought-provoking discussion.
This year’s keynote lineup truly raised the bar, featuring three standout leaders who brought bold insights and energy to the AUSCERT2025 stage. Jess Modini, Head of Technology and Security at a stealth startup, impressed with her depth of experience across AWS, ACSC, and Defence, and her ongoing cyber research at UNSW ADFA. Professor Marek Kowalkiewicz from QUT challenged us to rethink AI’s role in society, drawing from his award-winning book The Economy of Algorithms. And finally LTGEN Michelle McGuinness, Australia’s National Cyber Security Coordinator, delivered a standout keynote on national cyber strategy, shaped by decades of high-level intelligence and defence leadership.
AUSCERT2025 has once again proven to be more than just a conference – it's a dynamic gathering of minds driving the future of cybersecurity. With cutting-edge tutorials, thought-provoking keynotes, and a strong sense of community, this week has sparked important conversations and inspired new ideas. As we look ahead, the connections made and knowledge shared will continue to shape and strengthen the security landscape across Australia and beyond. Here's to another year of innovation, collaboration, and resilience.
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
Date: 2025-05-19
Author: The Hacker News
[AUSCERT has published security bulletins for these Firefox updates]
Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution.
The two exploited zero-day vulnerabilities are CVE-2025-4918 – An out-of-bounds access vulnerability when resolving Promise objects that could allow an attacker to perform read or write on a JavaScript Promise object, and CVE-2025-4919 – An out-of-bounds access vulnerability when optimizing linear sums that could allow an attacker to perform read or write on a JavaScript object by confusing array index sizes.
Australia Post issues warning regarding invalid postcode scam
Date: 2025-05-16
Author: news.com.au
Australia Post has issued an urgent warning to customers as a fresh wave of scam messages and emails sweeps across the country.
Fraudulent messages impersonating Australia Post claim a parcel delivery was unsuccessful due to an invalid postcode, and requests the recipient to click a link to remedy the issue.
The link leads vulnerable customers to a page that appears similar to Australia Post’s website, and prompts them to provide personal details and information.
CISA tags recently patched Chrome bug as actively exploited
Date: 2025-05-16
Author: Bleeping Computer
[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ESB-2025.3057]
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser.
Solidlab security researcher Vsevolod Kokorin discovered the flaw (CVE-2025-4664) and shared technical details online on May 5th. Google released security updates to patch it on Wednesday.
As Kokorin explained, the vulnerability is due to insufficient policy enforcement in Google Chrome's Loader component, and successful exploitation can allow remote attackers to leak cross-origin data via maliciously crafted HTML pages.
Vic gov to spend $100m on cyber security
Date: 2025-05-21
Author: iTnews
The Victorian government will spend $100 million strengthening cyber security across government agencies as one of the topline technology-related measures in the state budget. The funding will cover work to “identify threats, protect against attacks, and respond to incidents”, the government said in budget papers.
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Date: 2025-05-20
Author: The Hacker News
Since February 2024, an unknown threat actor has been creating malicious Chrome Browser extensions which masquerade as legitimate extensions. They provide the advertised features while running malicious code in the background. This enables the threat actor to steal cookies and credentials, session hijack, inject ads, and create phishing pages using DOM manipulation. Google has since taken down the identified extensions and recommends that users only install extensions from verified developers, review the requested permissions, and scrutinize reviews.
ESB-2025.3190 – Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL – CVSS (Max): 10.0
Successful exploitation of this vulnerability could allow an attacker to perform unauthenticated remote code execution. All versions are affected. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
ESB-2025.3212 – Linux kernel (Raspberry Pi Real-time) – CVSS (Max) 8.1*
A large number of security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. The problem can be corrected by updating your system to the package versions stipulated in the bulletin.
ESB-2025.3244 – Tomcat – CVSS (Max) 9.8
Tomcat could expose sensitive files or run programs if it received specially crafted network traffic. A remote attacker could possibly use this issue to access sensitive files, inject malicious content, or execute remote code. The problem can be corrected by updating your system.
ESB-2025.3253 – Cisco Identity Services Engine (ISE) – CVSS (Max) 8.6
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
ESB-2025.3131 – xrdp – CVSS (Max) 9.8
Several vulnerabilities were discovered in xrdp, a Remote Desktop Protocol (RDP) server. For Debian 11 bullseye, these problems have been fixed in version 0.9.21.1-1~deb11u2. It is recommended to upgrade xrdp packages.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
