4 Jul 2025
Week in review
Greetings,
This week, Qantas experienced a major cyber attack compromising the personal data of up to six million customers. The breach, caused by a social engineering technique known as "vishing," exploited a third-party call centre system and exposed names, email addresses, phone numbers, birth dates, and frequent flyer numbers. Crucially, no passwords, PINs, credit card details, or passport information were accessed, and multi-factor authentication continues to protect frequent flyer accounts. Qantas is actively investigating the incident and will contact affected customers directly. Meanwhile, cyber security experts urge individuals to stay vigilant against phishing attempts, use strong and unique passwords, enable two-factor authentication, and monitor their accounts for unusual activity. Support lines have been set up to assist those impacted.
This incident highlights the importance of securing supply chains. The UK’s National Cyber Security Centre (NCSC), offers a 12-principle framework to guide organisations through risk assessment, control, verification, and continuous improvement. The framework helps stakeholders set clear security requirements, embed them into contracts, and build long-term resilience.
AUSCERT also offers a dedicated course on ‘Managing Third-Party Cyber Security Risk’, equipping participants with a deep understanding of third-party threats and the skills to identify, assess, and mitigate them. The course explores the business and data impacts of supplier vulnerabilities, outlines best-practice controls, and highlights the importance of ongoing monitoring and vendor assessments to ensure robust cyber security.
Cisco scores a perfect 10 for a critical comms flaw
Date: 2025-07-02
Author: The Register
[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ESB-2025.4373]
If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch after someone at Switchzilla made a big mistake.
There is an ostensible purpose behind the mistake, dubbed CVE-2025-20309, with a critical rating of 10.0. The credentials have been left in there to make development work easier, Cisco said in its advisory.
Qantas discloses cyberattack amid Scattered Spider aviation breaches
Date: 2025-07-01
Author: Bleeping Computer
Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data.
This attack comes as cybersecurity firms warn that hackers known as "Scattered Spider" have begun targeting the aviation and transportation industries.
While it is unclear if this group is behind the Qantas attack, BleepingComputer has learned the incident shares similarities with other recent attacks by the threat actors.
Microsoft security updates address CrowdStrike crash, kill ‘Blue Screen of Death’
Date: 2025-06-27
Author: CyberScoop
Third-party antivirus software will no longer have access to the Windows kernel as Microsoft rolls out changes to reduce IT downtime from unexpected crashes or disruptions.
When a faulty software update from cybersecurity firm CrowdStrike last year caused possibly the largest IT outage in history, Microsoft ended up taking much of the blame.
Hacker Conversations: Rachel Tobac and the Art of Social Engineering
Date: 2025-06-30
Author: Security Week
Social engineering is the art of persuasion. Mostly, this is a good thing. Misused, it can have disastrous effects.
Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do. Does this make her a hacker? “Yes. I am a hacker. I hack people. I hack people over the phone, via email, by text message, across social media – and occasionally in person.” Social engineers hack people rather than computers.
Initial Access Broker Self-Patches Zero Days as Turf Control
Date: 2025-07-03
Author: Dark Reading
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network.
ESB-2025.4269 – Sudo: CVSS (Max): 9.3
Sudo vulnerabilities in Ubuntu allow local attackers to bypass host restrictions or execute arbitrary commands as root, impacting several versions. Users are advised to update to the latest sudo package versions to resolve these issues.
ESB-2025.4333 – FESTO Didactic CP, MPS 200, and MPS 400 Firmware: CVSS (Max): 9.8
A memory protection bypass vulnerability in FESTO Didactic CP, MPS 200, and MPS 400 firmware can allow remote attackers to write arbitrary code or read sensitive data. Users are advised to update to Siemens Simatic S7-1500/ET200SP firmware version 2.9.2 or higher to mitigate risks.
ESB-2025.4337 – Voltronic Power and PowerShield UPS Monitoring Software: CVSS (Max): 10.0
Voltronic Power and PowerShield UPS monitoring software contain critical vulnerabilities that allow unauthenticated remote attackers to execute arbitrary code or shut down UPS-connected devices. CISA advises minimizing network exposure and isolate from business networks to mitigate these risks.
ESB-2025.4411 – Mitsubishi Electric MELSOFT Update Manager: CVSS (Max): 8.1
Mitsubishi Electric MELSOFT Update Manager versions 1.000A to 1.012N contain vulnerabilities that are actively being exploited. Users are advised to update to version 1.013P or later to mitigate these risks.
Stay safe, stay patched and have a good weekend!
The AUSCERT team