30 May 2025

Week in review

Greetings,

As the team begins to recover from an incredible week at AUSCERT2025, we're also taking a moment to reflect on some of our favourite highlights and memorable moments.
One standout was the Gala Dinner, where we celebrated excellence in our community and recognised the remarkable individuals and organisations making a real difference. A heartfelt congratulations to our 2025 award winners!

• Craig Ford – AUSCERT Award for Individual Excellence in Information Security Honoured for his outstanding contributions to the field, not only through technical expertise but also through his leadership and community engagement.

• Paula Sillars – Diversity and Inclusion Champion
Recognised for her tireless dedication and innovative efforts to advance diversity and inclusion in the cybersecurity industry.

• Mark Laffan – AUSCERT Member Individual of the Year
Celebrated for his long-standing commitment and invaluable impact on the broader cybersecurity community.

• Cenitex – AUSCERT Member Organisation of the Year
Awarded for exemplifying innovation, collaboration, and excellence in cybersecurity practices.

This week, The Australian Cyber Security Centre (ACSC) has released new guidance to support organisations in implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.

SIEM solutions collect, centralise, and analyse log data from across an organisation’s network—helping security teams detect, investigate, and respond to threats more efficiently. Meanwhile, SOAR platforms automate cyber security functions through integration of SIEM systems and other technical security controls.

Together, SIEM and SOAR enhance visibility, reduce response times, and streamline security operations—making them critical components of a modern and resilient cyber security strategy. Read the ACSC article for more information


AI Data Security
Date: 2025-05-23
Author: ASD’s ACSC

This Cybersecurity Information Sheet (CSI) provides essential guidance on securing data used in artificial intelligence (AI) and machine learning (ML) systems. It also highlights the importance of data security in ensuring the accuracy and integrity of AI outcomes and outlines potential risks arising from data integrity issues in various stages of AI development and deployment.
This CSI provides a brief overview of the AI system lifecycle and general best practices to secure data used during the development, testing, and operation of AI-based systems.

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Date: 2025-05-28
Author: The Hacker News

Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct "exposure points" earlier this month.
The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon.
"These IPs triggered 75 distinct behaviors, including CVE exploits, misconfiguration probes, and recon activity," the threat intelligence firm said. "All IPs were silent before and after the surge, indicating temporary infrastructure rental for a single operation."

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Date: 2025-05-23
Author: The Hacker News

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites.
GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write, review, and edit code. Built using Anthropic's Claude models, the service was first launched in June 2023.

Zimbra CVE-2024-27443 XSS Flaw Hits 129K Servers, Sednit Suspected
Date: 2025-05-24
Author: Hack Read

A critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite’s CalendarInvite feature is actively being exploited, potentially by the Sednit hacking group. Learn how this flaw allows attackers to compromise user sessions and why immediate patching is crucial.
A new security weakness has been discovered in the Zimbra Collaboration Suite (ZCS), a popular email and collaboration platform. This issue, classified as CVE-2024-27443, is a type of cross-site scripting (XSS) flaw that could allow attackers to steal information or take control of user accounts.

Russian Government Hackers Caught Buying Passwords from Cybercriminals
Date: 2025-05-27
Author: Security Week

Microsoft on Tuesday published technical documentation on a new Russia-linked espionage outfit it calls “Void Blizzard,” warning that the group has spent the past year quietly looting e-mail, files and even Teams chats from government and defense contractors across Europe and North America.
In a new report published in tandem with Dutch intelligence agencies, Redmond’s threat hunting team said the Kremlin hacking team is leaning heavily on the low-cost end of the cybercrime economy: buying stolen usernames and passwords from infostealer markets for use in password-spraying attacks.


ESB-2025.3340 – Tomcat: CVSS (Max): 9.8

A vulnerability in Apache Tomcat (CVE-2025-24813) could allow attackers to access sensitive files or execute code via specially crafted requests.
This update extends the fix to Ubuntu 24.04 LTS, 24.10, and 25.04 for the Tomcat library package.

ESB-2025.3355 – Google Chrome: CVSS (Max): None

Chrome 137 has been released to the stable channel for Windows, Mac, and Linux, featuring multiple fixes and enhancements.
This update includes 11 security fixes.

ESB-2025.3356 – Mozilla Thunderbird: CVSS (Max): 7.5*

Thunderbird 139 addresses multiple critical and moderate vulnerabilities.

ESB-2025.3382 – Linux kernel (Raspberry Pi): CVSS (Max): 9.1*

Multiple vulnerabilities in the Linux kernel for Raspberry Pi could lead to system crashes or arbitrary code execution.
The update addresses issues across numerous kernel subsystems and requires recompiling third-party modules due to ABI changes.


Stay safe, stay patched and have a good weekend!

The AUSCERT team