24 Apr 2025
Week in review
Greetings,
As we approach the ANZAC Day long weekend, it’s a time to reflect, remember, and honour those who served. Whether you're attending a dawn service, spending time with loved ones, or taking a well-earned break, please remember to prioritise your safety—including your cyber safety. Public holidays often see a spike in online activity, making them a prime time for cyber threat actors to strike. If you're shopping, scrolling, or streaming over the break, stay vigilant online. Be cautious of suspicious links, scams, and unexpected messages. Enable multi-factor authentication wherever possible and keep your devices and software up to date.
Only 4 Weeks to go until AUSCERT2025! Don’t miss your chance to grab the exclusive AUSCERT2025 hoodie — available for just $60 until midnight on Sunday, 27 April! Whether you're after a cosy conference keepsake or a stylish nod to the cyber security community, now’s the perfect time to order. Stock is limited, so secure yours before they’re gone! Simply add your hoodie to your event registration, and you can collect it onsite at the event.
Also a reminder of our webinar coming up —The New Competitive Edge? Cyber Security in Value Propositions on Tuesday, 6 May from 12:00–1:00pm. Join AUSCERT General Manager Ivano Bongiovanni and a panel of leading experts as they explore how cyber security is emerging as a powerful strategic differentiator. Discover how it’s reshaping trust, purchasing behaviour, and value creation — and what organisations need to do to stay ahead in a trust-driven economy. Register now to secure your spot.
Australians Brace For Potential Cyberattacks Targeting Voter Engagement
Date: 2025-04-21
Author: Tech Business News
As political campaigns ramp up and voter engagement spikes, scammers are expected to seize the opportunity — often disguising malicious messages as official communications or leveraging political content to lure unsuspecting victims.
The message from cybersecurity professionals is clear: vigilance is key. Australians are urged to scrutinise unsolicited messages, avoid clicking on suspicious links, and stay informed about the latest scam tactics as the election season heats up.
Mark Gorrie, Managing Director APAC for Norton, warns that Australian voters are now prime targets.
They’re coming for your data: What are infostealers and how do I stay safe?
Date: 2025-04-16
Author: We Live Security
In the world of cybercrime, information is a means to an end. And that end, more often than not, is to make money. That’s why information-stealing (infostealer) malware has risen to become a major driver of identity fraud, account takeover and digital currency theft. But there are also plenty of people that live much of their daily lives online and manage to stay safe. The key is to understand how to manage digital risk effectively.
Here’s what you need to know to keep your personal and financial information out of harm’s way.
Zscaler Identifies New Mustang Panda Cyber Activity
Date: 2025-04-22
Author: Australian Cyber Security Magazine
Following a recent US-led court-authorised operation that removed malware from over 4,200 infected networks, new activity has emerged from the same Chinese state-sponsored threat group called Mustang Panda (also known as Twill Typhoon).
The Zscaler ThreatLabz team has discovered new activity associated with Mustang Panda, originating from two machines from a targeted organisation in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools.
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Date: 2025-04-22
Author: The Hacker News
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials.
"The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com," Nick Johnson, the lead developer of the Ethereum Name Service (ENS), said in a series of posts on X.
"It passes the DKIM signature check, and Gmail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts."
Clearer cyber risk benchmarks for Australian SMEs pushed
Date: 2025-04-24
Author: Insurance Asia
Australia should tighten cybersecurity rules to ease the blowback from attacks especially on small and medium enterprises (SME), many of which are not insured, analysts said.
“The financial fallout from a single cyber event can be devastating,” Susie Amos, principal and head of commercial lines at Finity Consulting Pty Ltd., told Insurance Asia. “For an SME, in some cases, even a fraction of this cost could lead to insolvency.”
ESB-2025.2558 – GitLab Community and Enterprise Editions: CVSS (Max): 8.7
GitLab has released versions 17.11.1, 17.10.5, and 17.9.7 for CE and EE, addressing several critical security and bug issues. Immediate upgrades are strongly recommended for all self-managed instances. These patches fix high-severity vulnerabilities including XSS in Maven Dependency Proxy, NEL header injection, and a DoS issue via issue preview.
ESB-2025.2525 – Erlang/OTP SSH server: CVSS (Max): 10.0
Cisco has issued an advisory regarding a critical unauthenticated remote code execution vulnerability (CVE-2025-32433) in the Erlang/OTP SSH server, affecting multiple Cisco products. This flaw arises from improper handling of SSH messages during the authentication phase. Cisco recommends upgrading to fixed software versions to mitigate potential risks.
ESB-2025.2524 – Google Chrome: CVSS (Max): None
Google Chrome has released version 135.0.7049.114/.115 for Windows and Mac, and 135.0.7049.114 for Linux. This update includes one key security fix alongside various improvements from internal audits and fuzzing tools. Bug details remain restricted until most users are updated to ensure security.
ESB-2025.2482 – Tenable Nessus: CVSS (Max): 9.1*
Nessus 10.8.4 addresses vulnerabilities in third-party libraries (libxml2, expat) by upgrading them to secure versions. It also fixes two major flaws: insecure directory permissions on Windows (CVE-2025-24914) and log manipulation via HTTP requests (CVE-2025-36625). Users are urged to upgrade to the latest version, available on the Tenable Downloads Portal.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
