3 Jan 2025
Week in review
Greetings,
As we step into 2025, we are presented with both challenges and opportunities. Now is the perfect time to set clear objectives for ourselves and our organisations, laying the groundwork for the year ahead. Itโs also an ideal opportunity to strengthen cyber hygiene and invest in training to further develop our individual and collective expertise.
The start of this new year marks a chapter filled with potential for growth, progress, and innovation. We are ready to embrace the challenges ahead, learn from past experiences, and move forward into a period of development and success.
As cyber attacks continue to rise, it is no longer a question of if, but when. To ensure organisations are properly prepared, itโs crucial to test the readiness of teams, policies, and strategies. Subsequently, tabletop exercises and maturity assessments should be prioritised as vital components of a robust cyber security strategy.
Tabletop exercises simulate realistic cyber attack scenarios, enabling teams to evaluate their response plans, improve coordination, and identify vulnerabilities in their incident response processes. These exercises foster collaboration across departments, helping ensure that all stakeholders are ready to respond quickly and effectively to emerging threats.
In addition, maturity assessments provide organisations with a comprehensive evaluation of the effectiveness of their cyber security frameworks. These assessments help identify gaps in policies, processes, and technologies while benchmarking progress against industry standards. By regularly conducting both tabletop exercises and maturity assessments, organisations can maintain a resilient, adaptive cyber security posture, prepared to defend against increasingly sophisticated threats.
Interested in tabletop exercises or maturity assessments? Reach out to us for a quote today!
New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites
Date: 2025-01-01
Author: The Hacker News
Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.
The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo.
New details reveal how hackers hijacked 35 Google Chrome extensions
Date: 2024-12-31
Author: Bleeping Computer
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
Although initial reports focused on Cyberhaven's security-focused extension, subsequent investigations revealed that the same code had been injected into at least 35 extensions collectively used by roughly 2,600,000 people.
DrayTek Devices Vulnerability Let Attackers Arbitrary Commands Remotely
Date: 2025-01-01
Author: GB Hackers
The DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a critical command injection vulnerability.
Exploitable via the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint, attackers can inject arbitrary commands into the system by manipulating the session parameter within a crafted HTTP request.
FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits
Date: 2025-01-01
Author: Hack Read
According to the latest research from Fortinetโs FortiGuard Labs Threat Research team, this group is characterized by its consistent use of AWS tools and a unique security group naming convention in its attacks. Researchers tracked this actor in several dozen customer environments due to similar user agents and security group naming conventions.
OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to execute
arbitrary code with root privileges on glibc-based Linux systems.
It was discovered that there was a potential Denial of Service (DoS) vulnerability, in Django, a popular Python-based web development framework.
ESB-2025.0010 – gst-plugins-good1.0
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially executing arbitrary code if a malformed media file is opened.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
