31 Jan 2025
Week in review
Greetings,
This week, we released a new episode of our podcast, "Share Today, Save Tomorrow." In Episode 39 – AI, Evolving Threats & the End of Attribution?, Anthony sits down with Michael Hamm from CIRCL (the CERT of Luxembourg and core maintainers of MISP) to explore AI’s impact on cybersecurity, the shifting threat landscape, and whether attribution is becoming impossible. In the second half, Bek speaks with AUSCERT’s General Manager, Ivano Bongiovanni, about what’s ahead for 2025.
The recent news of the surge in popularity of the AI application DeepSeek highlights how highly publicised products can create cyber security and privacy risks.
1.Phishing Lures & Malicious Software: The hype surrounding ‘the next big thing’ creates opportunities for threat actors to craft phishing lures and fake, malicious software (mobile apps, browser plugins, etc.) that mimic the original.
2.Unauthorised Adoption: Staff members may rapidly adopt new products and services without seeking advice from cyber security professionals and accidentally disclose confidential information. Without proper oversight, staff may unknowingly enter sensitive company data into AI-powered tools, unaware that the platform may store, process, or even share the information externally.
3.Data Privacy & Compliance Risks: AI applications often require access to large volumes of personal or proprietary data, raising significant privacy and compliance concerns. If organisations fail to verify how an AI tool stores and processes data, they risk violating compliance obligations.
To embrace AI while minimising cyber security risks, organisations should:
•Educate staff on the risks of AI adoption and ‘free’ software in general.
•Implement security policies that provide practical guidance on AI usage within the organisation.
•Monitor emerging threats, such as phishing campaigns targeting trending AI applications.
•Conduct security assessments as part of third party risk management practices before integrating AI tools into business workflows.
By staying proactive and security-conscious, organisations can harness AI’s potential without compromising cyber security or privacy.
VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer
Date: 2025-01-28
Author: Security Week
[Please also see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.0601/]
Virtualization technology giant VMware on Tuesday issued an urgent alert for a blind SQL injection flaw in its Avi Load Balancer, warning that attackers would exploit the issue to gain broader database access.
The vulnerability, tracked as CVE-2025-22217, carries a CVSS severity score of 8.6/10.
The company described the security defect as an unauthenticated blind SQL Injection vulnerability and urged enterprise admins to apply available patches urgently as there are no pre-patch workarounds.
CVE-2025-0065: TeamViewer Patches Privilege Escalation Vulnerability in Windows Clients
Date: 2025-01-29
Author: Security Online
TeamViewer, a popular remote access and support software, has issued a critical security advisory addressing a vulnerability that could allow attackers to gain elevated privileges on Windows systems. The vulnerability, tracked as CVE-2025-0065 and assigned a CVSS score of 7.8 (High), affects TeamViewer Clients for Windows prior to version 15.62.
According to the advisory, the flaw stems from “Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component.”
New Zyxel Zero-Day Under Attack, No Patch Available
Date: 2025-01-29
Author: Security Week
Malware hunters at GreyNoise are reporting active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices alongside warnings that there are no patches available from the vendor.
GreyNoise, which monitors the internet for malicious activity, described the flaw as a critical command injection issue that opens the door for attackers to gain full system compromise.
Content Credentials: Strengthening Multimedia Integrity in the Generative AI Era
Date: 2025-01-30
Author: ACSC
With the rise of advanced tools that enable the rapid creation, alteration, and distribution of images, videos, and other digital content, there are many ways to manipulate what people see and believe. The ability to manipulate media is not new, but the accessibility, speed, and quality of these modifications today, powered by artificial intelligence (AI) and machine learning tools, have reached unprecedented levels and may not be caught by traditional verification methods.
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Date: 2025-01-27
Author: The Hacker News
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials.
"Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws, said in an analysis published Sunday. "Because of improper handling of messages, many projects were vulnerable to credential leakage in various ways."
ESB-2025.0595 – Rockwell Automation FactoryTalk: CVSS (Max): 9.8
Rockwell Automation released six security advisories addressing critical vulnerabilities. Notable issues include CVE-2025-24479, a local code execution vulnerability, and CVE-2025-24480, a remote code execution vulnerability. Both flaws pose significant security risks and require prompt action.
ESB-2025.0576 – Google Chrome: EPSS (Max): None
Google has released a patch for CVE-2025-0762, a medium-severity use-after-free memory issue in Chrome’s DevTools function. This vulnerability impacts users on Linux, Mac, and Windows, though Android appears unaffected for now. Users are urged to update to address the security risk.
ESB-2025.0560 – Juniper Networks Juniper Secure Analytics: CVSS (Max): 9.8
Multiple critical vulnerabilities were discovered in Juniper Secure Analytics versions prior to 7.5.0 UP10 IF02, identified by various CVEs. Exploiting these flaws could lead to remote code execution, denial of service, data confidentiality breaches, and security policy bypass. Juniper has released security updates as of January 2025, to address these issues.
ESB-2025.0549 – Apple iOS and Apple iPadOS: CVSS (Max): 7.8*
iOS 18.3 and iPadOS 18.3 address multiple security vulnerabilities across various components, including AirPlay, CoreMedia, and WebKit. These updates fix issues such as privilege escalation, denial-of-service, and unauthorised access, impacting devices like iPhone XS and later, and several iPad models. The update includes fixes for issues and is available via iTunes or Software Update.
Stay safe, stay patched and have a good weekend!
The AUSCERT team