7 Mar 2025
Week in review
Greetings,
It’s been a stormy week with Cyclone Alfred brewing off the coast of Brisbane! A timely reminder that scammers love to stir up trouble, preying on those seeking disaster relief, insurance claims, or opportunities to assist others. Stay alert, verify sources, and batten down the hatches against fraud. Read our blog for tips on spotting and avoiding scams before they make landfall!
In the latest episode of the ‘Share Today, Save Tomorrow’ podcast, Episode 40: Securing from Insider Threats, host Anthony sits down with Sal Bowman from UQSchoolsNet to discuss one of the most pressing cyber security challenges faced by schools today—insider threats.
In the second half of the episode, Bek chats with Mark Carey-Smith from AUSCERT about the exciting yet challenging process of selecting 30 standout conference sessions from nearly 200 submissions. They also dive into the challenges of gaining better representation of women in cyber. Progress is happening, but there’s still a pressing need for greater diversity to drive innovation and inclusivity in the field.
With International Women’s Day just around the corner, we’re taking this opportunity to spotlight and celebrate the incredible women shaping the future of cyber security. AUSCERT has always been a strong advocate for diversity and inclusion, and we remain committed to fostering a more equitable cyber security landscape.
Let’s keep breaking down barriers and driving meaningful change together.
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature
Date: 2025-02-28
Author: The Register
Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware attacks.
GreyNoise's annual Mass Internet Exploitation Report revealed this week that 28 percent of the bugs logged in CISA's Known Exploited Vulnerability (KEV) catalog were also used by ransomware criminals in 2024.
It's a logical assumption to make that attackers would see the KEV list as a useful tool to help them plan their attacks.
Android security update contains 2 actively exploited vulnerabilities
Date: 2025-03-03
Author: Cyberscoop
[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ESB-2025.1463]
Google addressed 43 vulnerabilities affecting Android devices in its March security update, including a pair of software defects reportedly under active exploitation. Google said the two vulnerabilities — CVE-2024-43093 and CVE-2024-50302 — “may be under limited, targeted exploitation.”
The most severe of the flaws under active exploitation, CVE-2024-43093, carries a CVSS score of 7.8 and was added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog in November.
CISA tags Windows, Cisco vulnerabilities as actively exploited
Date: 2025-03-03
Author: Bleeping Computer
[See AUSCERT Bulletins https://portal.auscert.org.au/bulletins/ESB-2023.0171.3 and https://portal.auscert.org.au/bulletins/ASB-2018.0303.2]
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it.
VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches
Date: 2025-03-04
Author: The Hacker News
Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure.
The list of vulnerabilities is as follows –
CVE-2025-22224 (CVSS score: 9.3) – A Time-of-Check Time-of-Use vulnerability
CVE-2025-22225 (CVSS score: 8.2) – An arbitrary write vulnerability
CVE-2025-22226 (CVSS score: 7.1) – An information disclosure vulnerability
YouTube warns of AI-generated video of its CEO used in phishing attacks
Date: 2025-03-05
Author: Bleeping Computer
The attackers are sharing it as a private video with targeted users via emails claiming YouTube is changing its monetization policy.
"We're aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization," the online video sharing platform warned in a pinned post on its official community website.
Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
Date: 2025-03-04
Author: The Hacker News
Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts.
The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well as offer ways to establish persistence on the systems.
ASB-2025.0044 – AUSCERT Bulletin Service – Cyclone Alfred
AUSCERT has issued an advisory to its members about the potential cybersecurity impact of the Alfred Cyclone, highlighting risks and offering mitigation strategies to help prevent falling victim to scammers.
ESB-2025.1463 – Android devices: CVSS (Max): 8.2
The Android Security Bulletin for March 2025 addresses critical security vulnerabilities in various components, including the Android Framework, system, and mediaTek components. It includes patches to resolve issues such as privilege escalation and remote code execution risks. The bulletin confirms that CVE-2024-43093 has been under limited, targeted exploitation. Users are encouraged to update their devices to mitigate potential security threats.
ESB-2025.1469 – Google Chrome: CVSS (Max): None
Google Chrome has released Chrome 134 to the stable channel for Windows , Mac and Linux, bringing with it a critical set of security patches. This update, which will gradually roll out to users over the coming days and weeks, addresses 14 security vulnerabilities, including a high-severity flaw in the V8 JavaScript engine.
ESB-2025.1486 – Mozilla Thunderbird: CVSS (Max): 9.8*
Mozilla's advisory for Thunderbird 136 addresses multiple security vulnerabilities, including high-impact use-after-free flaws and memory safety issues that could potentially allow arbitrary code execution or sandbox escapes. Key vulnerabilities include issues with AudioIPC, WebTransportChild, and WASM i32 return values on 64-bit CPUs. These flaws were fixed with the release of Thunderbird 136. Mozilla advises that in general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
ESB-2025.1479 – Cisco Webex for BroadWorks: CVSS (Max): None
A flaw in Cisco Webex for BroadWorks Release 45.2 allows unauthenticated attackers to access data and credentials due to unsecure transport in SIP communication. Additionally, authenticated users could access credentials in plain text through client and server logs. Cisco has released a configuration update to address the issue and recommends restarting the Webex application to apply the fix.
ESB-2025.1484 – Edimax IC-7100 IP Camera: CVSS (Max): 9.8
A vulnerability in Edimax IC-7100 IP Cameras allows remote code execution due to improper neutralization of special elements in OS commands. The flaw, identified as CVE-2025-1316, has a high CVSS score of 9.8, making it critical. Users are advised to take defensive measures to mitigate the risk.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
