AUSCERT Week in Review for 3rd October 2025

Greetings,

We are excited to release our latest episode of the Share Today, Save Tomorrow podcast, Episode 46: Jess Dodson on Security, Strategy & Sci-Fi.

Our General Manager, Ivano Bongiovanni, sits down with Jess Dodson, Cloud Solution Architect at Microsoft, and a long-time friend of AUSCERT. Jess shares her unconventional journey from sysadmin to cyber security leader, exploring the importance of mastering the basics, the role of communication, and challenges for SMBs and government. She also unpacks AI’s impact on data protection, the Essential Eight (with a sci-fi twist), and why cyber security should be seen as business transformation.

This episode is sure to educate and entertain, and it’s available now on Spotify, Apple Podcasts, and YouTube!

This October is Cyber Awareness Month 2025, with the theme, Building our cyber safe culture, reminding us to make cyber safe practices part of our everyday lives. This month encourages us to not only strengthen our own habits but also help friends and family build their confidence in cyber security. From spotting phishing attempts to using stronger passwords and enabling multi-factor authentication, small steps can go a long way in protecting the people around you. By sharing your knowledge, you can help extend a culture of cyber safety beyond the workplace and into the community.

The ASD has developed a wide range of resources to support Cyber Awareness Month, including practical guides, tips, and shareable tools to help you and your loved ones stay secure online.

CISA warns of critical Linux Sudo flaw exploited in attacks
Date: 2025-09-30
Author: Bleeping Computer

[AUSCERT has published bulletins for Sudo security updates]
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, describing it as “an inclusion of functionality from untrusted control sphere.”

50K Cisco firewalls remain vulnerable to advanced attacks
Date: 2025-09-30
Author: The Register

Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by "advanced" attackers remain exposed to the internet, according to Shadowserver data.
The internet monitoring outfit said that as of Monday, the internet-facing Cisco firewalls are potentially exploitable, with the vast majority of those – more than 19,000 – located in the US.

How to Use a Password Manager to Share Your Logins After You Die
Date: 2025-09-29
Author: WIRED

It’s not fun to talk about, but there’s only one thing certain in life. You need to have a plan for your digital legacy, just like you make a plan for your physical assets; otherwise, your accounts, services, and logins will rot away in a data center before they’re inevitably erased by a data retention policy.
Some services recognize how important digital legacy is. Apple and Facebook have legacy contacts that can gain access to your accounts, and the American Bar Association is still grappling with the legalities of accessing online accounts when someone passes away. Most online services don't.

Apple Patches Single Vulnerability CVE-2025-43400
Date: 2025-09-29
Author: SANS ISC

[See AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.6939, https://portal.auscert.org.au/bulletins/ESB-2025.6938, https://portal.auscert.org.au/bulletins/ESB-2025.6937, https://portal.auscert.org.au/bulletins/ESB-2025.6936, https://portal.auscert.org.au/bulletins/ESB-2025.6935, https://portal.auscert.org.au/bulletins/ESB-2025.6934]
It is typical for Apple to release a ".0.1" update soon after releasing a major new operating system. These updates typically fix various functional issues, but this time, they also fix a security vulnerability. The security vulnerability not only affects the "26" releases of iOS and macOS, but also older versions. Apple released fixes for iOS 18 and 26, as well as for macOS back to Sonoma (14). Apple also released updates for WatchOS and tvOS, but these updates do not address any security issues. For visionOS, updates were only released for visionOS 26.

Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability
Date: 2025-09-30
Author: Cyber Security News

Security researchers are observing a significant increase in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability (CVE-2024-3400).
Exploit attempts have surged as attackers seek to leverage an arbitrary file creation flaw to achieve OS command injection and ultimately full root code execution on vulnerable firewalls.
Since late September 2025, honeypots deployed globally have logged thousands of TCP connections probing PAN-OS SSL VPN portals.

ESB-2025.7032 – chromium

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

ESB-2025.7020 – Linux kernel (Oracle)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

ESB-2025.7007 – Splunk Enterprise

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 10.0.1, 9.4.4, 9.3.6, 9.2.8, and higher.

ESB-2025.6759.2 – Cisco IOS and IOS XE Software

An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks.

Stay safe, stay patched and have a good weekend!

The AUSCERT team