24 Jan 2025
Week in review
Greetings,
This week, Oracle released patches addressing a staggering 320 security vulnerabilities. Among the most critical issues are those affecting Oracle Communications Applications and Fusion Middleware, both with a CVSS score of 9.8. These vulnerabilities allow attackers to exploit systems over a network without requiring authentication. Make sure you stay on top of updates and patches to protect your systems.
A final reminder the Call for Presentations for the AUSCERT2025 conference closes at midnight on 28 January! This is your last chance to submit a proposal. If you're a first-time speaker or would like support with your delivery or presentation, you can opt in to our Speaker Mentoring Program when submitting your proposal. This program provides personalised guidance to help refine your presentation, improve delivery, and build confidence. Our experienced mentors are here to assist you every step of the way.
We're also excited to announce that the Tutorials Program for AUSCERT2025 is now live on our website! This year’s program features some returning favourites with new content, as well as fresh perspectives on exciting subjects. Topics include Incident Response Handling, Network Security, Red Teaming, Information Security Innovation, Awareness and Culture, Cyberpsychology, and Governance, Risk and Compliance (GRC). Whether you’re looking to deepen your expertise or explore new areas, this year’s program has something for everyone.
Head to our website to explore the full list of tutorials, detailed descriptions, and instructor profiles. Registrations will be opening soon, so don’t miss your chance to secure a spot in these highly sought-after sessions! Stay tuned for updates, and we look forward to seeing you at AUSCERT2025!
CISA, FBI Update Software Security Recommendations
Date: 2025-01-20
Author: Security Week
The US cybersecurity agency CISA and the FBI have updated their guidance on risky software security bad practices to include the feedback received during a public comment period.
Called Product Security Bad Practices, the guidance provides an overview of the security practices considered exceptionally risky, provides recommendations on addressing them, and urges makers of software for the critical infrastructure to prioritize security.
Microsoft Configuration Manager Vulnerability Allows Remote Code Execution – PoC Released
Date: 2025-01-20
Author: Cyber Security News
[Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ASB-2024.0188.3/]
A critical vulnerability, CVE-2024-43468, has been identified in Microsoft Configuration Manager (ConfigMgr), posing a severe security risk to organizations relying on this widely used systems management software.
Rated with a CVSS score of 9.8, the vulnerability allows unauthenticated attackers to execute remote code on affected systems, potentially leading to complete system compromise.
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
Date: 2025-01-22
Author: CISA
[AUSCERT has shared IoCs via MISP]
According to CISA and trusted third-party incident response data, threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution, obtain credentials, and implant webshells on victim networks. The actors’ primary exploit paths were two vulnerability chains. One exploit chain leveraged CVE-2024-8963 in conjunction with CVE-2024-8190 and CVE-2024-9380 and the other exploited CVE-2024-8963 and CVE-2024-9379. In one confirmed compromise, the actors moved laterally to two servers.
Telegram captcha tricks you into running malicious PowerShell scripts
Date: 2025-01-22
Author: Bleeping Computer
Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into run PowerShell code that infects them with malware.
The attack, spotted by vx-underground, is a new variant of the "Click-Fix" tactic that has become very popular among threat actors to distribute malware over the past year.
However, instead of being fixes for common errors, this variant pretends to be a captcha or verification system that users must run to join the channel.
ESB-2025.0471 – ClamAV: CVSS (Max): 5.3
Cisco has released a patch for heap-based buffer overflow (CVE-2025-20128) affecting Cisco Secure Endpoint Connector. The buffer overflow flaw could disrupt ClamAV scanning on endpoints, and a proof-of-concept exploit is available but has not been observed in the wild.
ESB-2025.0463 – Google Chrome: CVSS (Max): None
Google has released a critical security update for Chrome, addressing three vulnerabilities, including two high severity issues in the V8 JavaScript engine. CVE-2025-0611 allows object corruption, potentially leading to arbitrary code execution, while CVE-2025-0612 involves out-of-bounds memory access that could crash the browser or enable code execution. Users are urged to update to version 132.0.6834.110/111 immediately.
ESB-2025.0467 – Cisco Meeting Management: CVSS (Max): 9.9
Cisco has released updates to address a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management system's REST API. With a CVSS score of 9.9, the flaw could allow authenticated attackers to gain administrator privileges on affected instances. Exploiting the vulnerability involves sending API requests to a specific endpoint, potentially giving attackers control over managed edge nodes.
ESB-2025.0470 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 8.7
GitLab has released security updates (versions 17.8.1, 17.7.3, and 17.6.4) to address multiple vulnerabilities, including a high-severity XSS flaw (CVE-2025-0314). The vulnerability allows attackers to inject malicious scripts into GitLab instances via improper file rendering, potentially leading to session hijacking or control over affected systems. Users are urged to update to the latest versions to mitigate the risks.
ASB-2025.0031 – Oracle Supply Chain: CVSS (Max): 9.9
Oracle’s January 2025 Critical Patch Update addressed several vulnerabilities across its products, including six new patches for Oracle Supply Chain. Notably, CVE-2025-21556 and CVE-2024-23807 are high-severity flaws, allowing unauthenticated attackers to exploit Oracle Agile PLM Framework and Oracle Agile Engineering Data Management remotely. Successful exploitation could result in unauthorised access to critical data or system takeovers.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
