25 Jul 2025
Week in review
Greetings,
We’re excited to announce the release of another episode of Share Today, Save Tomorrow – Episode 42: Jess Modini on Curiosity, Cyber Security, and Cross-Disciplinary Thinking, brought to you by AUSCERT.
And for the first time, you can now watch the full interview on our YouTube channel, giving you a front-row seat to this engaging and insightful discussion.
In this episode, Jess Modini shares perspectives drawn from her extensive background in cyber security, including five master’s specialisations and her current doctoral research in cyber epidemiology. She explores how concepts from computational biology and health sciences such as the spread of pathogens can mirror the behaviours of malware and cyber threats.
The conversation dives deep into the parallels between public health and cyber defence, emphasising the importance of cross-disciplinary thinking in improving threat modelling and incident response. Tune in now to discover how breaking down traditional silos can lead to smarter, more resilient cyber defence.
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
Date: 2025-07-22
Author: The Hacker News
[Please also see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.4160.2/]
Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation.
"In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild," the company said in an alert.
HPE warns of hardcoded passwords in Aruba access points
Date: 2025-07-20
Author: Bleeping Computer
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.
Aruba Instant On Access Points are compact, plug-and-play wireless (Wi-Fi) devices, designed primarily for small to medium-sized businesses, offering enterprise-grade features (guest networks, traffic segmentation) with cloud/mobile app management.
The security issue, tracked as CVE-2025-37103 and rated “critical” (CVSS v3.1 score: 9.8), impacts Instant On Access Points running firmware version 3.2.0.1 and below.
Microsoft Confirms Hackers Exploiting SharePoint Flaws, Patch Now
Date: 2025-07-21
Author: Hack Read
[AUSCERT has published security bulletins for these Microsoft updates: https://portal.auscert.org.au/bulletins/ASB-2025.0142/]
[AUSCERT has identified impacted members (where possible) and contacted them via email]
Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers are already exploiting them in active campaigns.
The vulnerabilities, identified as CVE-2025-53770 and CVE-2025-53771, are not present in SharePoint Online, but on-premises environments using SharePoint 2019 and the SharePoint Subscription Edition are directly at risk.
Sophos fixed two critical Sophos Firewall vulnerabilities
Date: 2025-07-23
Author: Security Affairs
Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) in Sophos Firewall that could allow an attacker to remotely execute arbitrary code.
“Sophos has resolved five independent security vulnerabilities in Sophos Firewall. Every Critical and High severity vulnerability was remediated through hotfixes.” reads the advisory. “No action is required for Sophos Firewall customers to receive these fixes with the “Allow automatic installation of hotfixes” feature enabled on remediated versions (see Remediation section below). Enabled is the default setting.”
Microsoft: Windows Server KB5062557 causes cluster, VM issues
Date: 2025-07-22
Author: Bleeping Computer
Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month's Windows Server 2019 security updates.
As the company explains in a private advisory seen by BleepingComputer, the Cluster service (a system component essential to cluster operation) might fail to function correctly after installing the KB5062557 update released on July 8th.
The same bug is also causing some nodes to fail when attempting to rejoin their cluster and triggering errors on systems where administrators have enabled the BitLocker Windows security feature on Cluster Shared Volumes (CSV) drives.
ESB-2025.4160.2 – Cisco Products: CVSS (Max): 10.0
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. Cisco has released software updates that address these vulnerabilities.
ESB-2025.5029 – firefox-esr: CVSS (Max): 9.8
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. It is recommended to upgrade firefox-esr packages.
ESB-2025.4953 – Schneider Electric EcoStruxture IT Data Center Expert: CVSS (Max): 10.0
Successful exploitation of discovered vulnerabilities could allow an attacker to disrupt operations and access system data. The problem is corrected by updating the system.
ESB-2025.4930 – Apache HTTP Server: CVSS (Max): 9.1
Several security issues were fixed in Apache HTTP Server. It was discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly
reachable by any URL, or cause a denial of service.
ASB-2025.0142 – Microsoft SharePoint Server: CVSS (Max): 9.8
Microsoft released the July Security Updates to address vulnerabilities in on-premises SharePoint Server, which allowed an authorized attacker to perform spoofing over a network. Deserialization of untrusted data in on-premises Microsoft SharePoint Server allowed an unauthorized attacker to execute code over a network.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
