7 Feb 2025
Week in review
Greetings,
Member Tokens for the AUSCERT2025 conference are now available! This is your exclusive chance to register early and secure your spot at the conference. Be sure to sign up for our expert-led tutorials to deepen your cybersecurity knowledge. Public registrations open next week so take advantage of this early access while you can!
This week, the Australian Signals Directorate (ASD) issued an important reminder about securing edge devices—the gateways where data flows in and out of networks. Leaving these network perimeters unprotected is like leaving doors wide open, making it easier for malicious actors to access sensitive data, disrupt operations, and launch further attacks. While many of you have likely addressed this, it’s a timely reminder for those who haven’t. Common edge devices in enterprise networks include routers, firewalls, and VPN concentrators. The ASD provides best practices to ensure these devices don’t become security weak points.
Amid ongoing speculation surrounding DeepSeek, the Australian government has officially banned the AI chatbot on government devices due to national security concerns. Acting on intelligence agency advice, the Home Affairs Department Secretary issued a directive on Tuesday prohibiting its use across all federal government systems and devices, citing it as an unacceptable security risk. Officials emphasised that the decision was based on security assessments rather than the program’s Chinese origin.
PoC Exploit Released for macOS Kernel Vulnerability CVE-2025-24118 (CVSS 9.8)
Date: 2025-02-02
Author: Security Online
[AUSCERT has published security bulletins for these Apple updates]
A newly discovered race condition in Apple’s macOS kernel (XNU) could allow attackers to escalate privileges, corrupt memory, and potentially achieve kernel-level code execution, according to security researcher Joseph Ravichandran (@0xjprx) of MIT CSAIL. Tracked as CVE-2025-24118 and assigned a CVSS score of 9.8 (Critical), this vulnerability was patched in macOS Sonoma 14.7.3, macOS Sequoia 15.3, and iPadOS 17.7.4.
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
Date: 2025-02-04
Author: The Hacker News
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware.
The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09.
"The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files," Trend Micro security researcher Peter Girnus said.
CISA orders agencies to patch Linux kernel bug exploited in attacks
Date: 2025-02-05
Author: Bleeping Computer
CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks.
Tracked as CVE-2024-53104, the security bug was first introduced in kernel version 2.6.26 and was patched by Google for Android users on Monday.
"There are indications that CVE-2024-53104 may be under limited, targeted exploitation," the Android February 2025 Android security updates warn.
Backdoor found in two healthcare patient monitors, linked to IP in China
Date: 2025-01-30
Author: Bleeping Computer
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device.
Contec is a China-based company that specializes in healthcare technology, offering a range of medical devices including patient monitoring systems, diagnostic equipment, and laboratory instruments.
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
Date: 2025-01-30
Author: The Hacker News
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.
The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal Nagli said.
The exposure also includes more than a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information, such as API Secrets and operational metadata.
Hackers spoof Microsoft ADFS login pages to steal credentials
Date: 2025-02-05
Author: Bleeping Computer
A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections.
The targets of this campaign, according to Abnormal Security that discovered it, are primarily education, healthcare, and government organizations, with the attack targeting at least 150 targets.
ESB-2025.0755 – Google Chrome: CVSS (Max): None
The Chrome team has released version 133 for Windows, Mac, and Linux, which includes important updates, particularly a set of twelve security fixes. While new features are part of the update, the main focus is on addressing vulnerabilities to ensure a safer browsing experience. The update is being rolled out gradually, with version 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac.
ESB-2025.0732 – Mozilla Thunderbird: CVSS (Max): 9.8*
Multiple vulnerabilities were found in Mozilla products, exposing systems to remote code execution, denial of service, spoofing, and data manipulation. Affected versions include Firefox 135, Firefox ESR 115.20, Thunderbird 135, and others. Users are advised to apply the latest updates to mitigate these security risks.
ESB-2025.0709 – Android: CVSS (Max): 9.8*
The Android Security Bulletin February 2025 provides information on security vulnerabilities impacting Android devices. The most critical issue is a high-severity vulnerability in the Framework component, which could allow local privilege escalation without requiring additional execution privileges. These issues are resolved by security patch levels of 2025-02-05 or higher.
ESB-2025.0799 – Cisco Identity Services Engine (ISE): CVSS (Max): 9.9
Cisco released patches for critical vulnerabilities in its Identity Services Engine (ISE), tracked as CVE-2025-20124 and CVE-2025-20125. The flaws, affecting ISE APIs, could allow authenticated remote attackers to execute arbitrary commands, escalate privileges, or tamper with device configurations. Users are urged to update to ISE versions 3.1P10, 3.2P7, or 3.3P4 immediately, as no workarounds are available.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
