28 Feb 2025
Week in review
Greetings,
The AUSCERT2025 Program is now live! This year’s selection process was one of the most rigorous yet, with the program committee meticulously reviewing more than 200 high-quality submissions to curate a lineup of presentations, workshops, and keynotes that deliver maximum value to conference delegates. With so many outstanding proposals, the selection process was exceptionally challenging. Each submission underwent thorough evaluation and re-evaluation to ensure it met the highest standards of relevance, innovation, and impact. The result is a carefully crafted program that tackles critical security challenges, emerging threats, and industry best practices, making AUSCERT2025 an unmissable event for security professionals.
A recent example of the growing sophistication of cyber attacks is the No-Phish PayPal phishing scam, which cleverly exploits PayPal’s payment request feature to bypass traditional security measures. This stealthy tactic makes it significantly harder for users to identify fraudulent activity. In response, PayPal urges users to remain vigilant, avoid interacting with suspicious invoices or payment requests, and report any dubious activity directly to their security team to help mitigate the threat. In addition to this, another PayPal scam leverages the New Address feature to send phishing emails. These emails are designed to compromise users' devices and gain unauthorized access to sensitive information.
This week, Troy Hunt, frequent speaker at the AUSCERT conference, integrated the ALIEN TXTBASE dataset into Have I Been Pwned (HIBP), adding 1.5TB of stealer logs containing 23 billion rows and impacting 284 million email addresses. The dataset also includes 244 million new passwords and updates for 199 million existing ones.
With this update, HIBP now allows domain owners to check for stealer logs and helps website operators identify compromised users. These logs, often sourced from malware infections linked to pirated software, circulate on platforms like Telegram, fuelling cybercrime. By enhancing its search capabilities, HIBP aims to combat these threats, equipping individuals and organisations with actionable security insights.
Australia Has More to do Says National Cybersecurity Coordinator
Date: 2025-02-21
Author: Australian Cyber Security Magazine
In an address at a cybersecurity conference in Sydney, the National Cybersecurity Coordinator Michelle McGuinness outlined Australia’s ambitious plan to become a world leader in cyber security by 2030.
The strategy, embedded within the broader 2030 Australian national security framework, recognises that achieving this goal requires not only technical prowess but also a fundamental shift in the nation’s cyber security culture.
U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog
Date: 2025-02-25
Author: Security Affairs
[Please see AUSCERT bulletins: https://portal.auscert.org.au/bulletins/ESB-2017.1034/ and https://portal.auscert.org.au/bulletins/ASB-2024.0032/]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare
Date: 2025-02-26
Author: The Register
A tip-off from a government agency has resulted in 284 million unique email addresses and plenty of passwords snarfed by credential-stealing malware being added to privacy-breach-notification service Have I Been Pwned (HIBP).
HIBP founder Troy Hunt said an un-named agency alerted him to the existence of the trove after he published an analysis of a separate massive collection of info-stealer logs he encountered and incorporated into his site in mid-January.
"After loading the aforementioned corpus of data, someone in a government agency reached out and pointed me in the direction of more data by way of two files totaling just over 5GB," Hunt wrote this week.
Australia Bans Kaspersky Software Over National Security and Espionage Concerns
Date: 2025-02-24
Author: The Hacker News
Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns.
"After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data, arising from threats of foreign interference, espionage and sabotage," Stephanie Foster PSM, the Secretary of the Department of Home Affairs, said.
Only a Fifth of Ransomware Attacks Now Encrypt Data
Date: 2025-02-25
Author: Infosecurity Magazine
Ransomware actors are largely eschewing encryption, with at least 80% of attacks last year focusing solely on exfiltrating data, as it is quicker and easier, according to ReliaQuest.
The threat intelligence vendor claimed in its Annual Cyber-Threat Report that exfiltration-only ransomware attacks are 34% faster.
After initial access, “breakout time” typically takes just 48 minutes, although some groups manage to achieve lateral movement in as little as 27 minutes, giving network defenders little time to react.
ESB-2025.1373 – GitLab Community Edition and GitLab Enterprise Edition: CVSS (Max): 8.7
GitLab has released versions 17.9.1, 17.8.4, and 17.7.6 for CE and EE, which include critical bug and security fixes, addressing high-severity vulnerabilities like XSS and authorisation flaws. Users are urged to upgrade their self-managed instances immediately, as GitLab.com has already been patched. The update also resolves medium-severity issues that could expose sensitive data or disrupt functionality.
ESB-2025.1345 – Google Chrome: CVSS (Max): 8.8
Google issued a security advisory to address vulnerabilities in the Stable Channel Chrome for Desktop, specifically in versions prior to 133.0.6943.141/142 for Windows and Mac, and 133.0.6943.141 for Linux. Users and administrators are encouraged to review the provided web link and implement the necessary updates to ensure their systems remain secure.
ESB-2025.1239 – ABB FLXEON Controllers: CVSS (Max): 10.0
An advisory has been issued regarding critical vulnerabilities in FLXeon controllers, affecting firmware versions 9.3.4 and earlier. These flaws could allow remote code execution, unauthorised access, or information leakage. Affected products include FLXEON Controllers FBXi, FBVi, FBTi, and CBXi. ABB recommends upgrading to firmware version 9.3.5 and applying security measures, such as disconnecting exposed devices and ensuring secure remote access.
ESB-2025.1371 – Cisco Nexus 3000 and 9000 Series Switches: CVSS (Max): 7.4
Cisco has disclosed a high-severity vulnerability in Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode, allowing unauthenticated attackers to trigger denial of service conditions. The flaw, rated 7.4 on the CVSS v3.1 scale, affects critical infrastructure and can cause prolonged service disruptions through malicious Ethernet frames. Cisco recommends upgrading to patched software or using ACL-based workarounds to mitigate the risk.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
