9 May 2025

Week in review

Greetings,

Mother’s Day is coming up this weekend and while flowers and chocolates are always nice, a more meaningful gift might help your parents to stay safe online.

Older generations are increasingly targeted by scammers, often due to limited familiarity with digital technology. Cyber criminals exploit this lack of understanding through phishing emails, fake calls, and deceptive websites designed to steal personal or financial information.

Taking the time to show your parents how to spot scams, use strong passwords, and update their devices can go a long way to protect them. It’s a gift that offers peace of mind and empowers them to navigate the digital world more confidently.

We’re thrilled to announce that Jess Modini has joined our lineup of keynote speakers for AUCERT2025! Jess is a highly accomplished technology leader, academic, and security researcher. She brings a wealth of experience as a global keynote speaker, inventor, and advisory board member. Jess is currently the Head of Technology and Security at a stealth-mode startup set to launch in 2025.

Her impressive career includes senior roles at Amazon Web Services, the Australian Cyber Security Centre, and the Australian Department of Defence. Jess holds five masters degrees and is completing a Doctorate in Cyber Security at UNSW’s Australian Defence Force Academy, where she also teaches and conducts cutting-edge research. Her current work focuses on advanced persistent threat (APT) detection and cyber epidemiology in collaboration with global partners.

We’re honoured to have Jess share her insights and expertise at AUCERT 2025. With less than a couple of weeks to go, excitement is building as we prepare to reconnect with our community and hear from an outstanding lineup of speakers.


Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise
Date: 2025-05-06
Author: Security Week

Threat actors have been observed launching a second wave of attacks against SAP NetWeaver instances that were compromised via a recent zero-day vulnerability, enterprise application security firm Onapsis warns.
The zero-day, tracked as CVE-2025-31324 (CVSS score of 10/10), was disclosed on April 24, after SAP updated its April 2025 Security Patch Day bulletin to add a fresh note addressing it.

Microsoft Warns of Attackers Exploiting Misconfigured Apache Pinot Installations
Date: 2025-05-06
Author: Security Week

Research conducted by Microsoft into the security of Kubernetes installations revealed that threat actors have targeted misconfigured Apache Pinot instances.
Apache Pinot is an open source real-time analytics platform designed for querying large datasets with high speed and low latency. Pinot is used by some of the world’s biggest companies, including Walmart, Uber, Slack, LinkedIn, Wix and Stripe.
In the case of Kubernetes installations, the official Apache Pinot documentation does not inform users that the default configuration is highly insecure and can expose sensitive user data.

Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day
Date: 2025-05-07
Author: Security Week

[Please see AUSCERT bulletins: https://portal.auscert.org.au/bulletins/ASB-2025.0059/, https://portal.auscert.org.au/bulletins/ASB-2025.0053/]
Multiple ransomware groups appear to have exploited a recently patched Windows vulnerability as a zero-day, Symantec reported.
The vulnerability in question is tracked as CVE-2025-29824 and it was patched by Microsoft with its April 2025 Patch Tuesday updates. The flaw impacts the Windows Common Log File System (CLFS) and it can be exploited by an attacker to escalate privileges.

PoC Published for Exploited SonicWall Vulnerabilities
Date: 2025-05-05
Author: Security Week

The US cybersecurity agency CISA added two SonicWall flaws to the Known Exploited Vulnerabilities (KEV) catalog on the same day that proof-of-concept (PoC) exploit code targeting them was published.
The exploitation of the two security defects, tracked as CVE-2023-44221 and CVE-2024-38475, came to light last week, when SonicWall updated its advisories to flag them as targeted in attacks.

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025
Date: 2025-05-07
Author: GB Hackers

The healthcare sector has emerged as a prime target for cyber attackers, driven by the increasing reliance on cloud applications and the rapid integration of generative AI (genAI) tools into organizational workflows.
According to the Netskope Threat Labs Report for Healthcare 2025, cybercriminals are exploiting trusted platforms like GitHub, with 13% of healthcare organizations experiencing malware downloads from the developer hub each month.


ESB-2025.2740 – Google Android: CVSS (Max): 8.1*

Google's May 2025 Android update patches 47 vulnerabilities, including an actively exploited zero-day (CVE-2025-27363) in the FreeType library that could allow remote code execution.
The update applies to Android versions 13, 14, and 15, and users are urged to update immediately to stay protected. The zero-day, as confirmed by Google, may be under limited, targeted exploitation.

ESB-2025.2790 – Google Chrome: CVSS (Max): None

Google has released a critical Chrome update (version 136.0.7103.92/.93) to patch CVE-2025-4372, a Use-After-Free vulnerability in the WebAudio component. The flaw allows remote code execution via malicious HTML with minimal user interaction and no special privileges.Chrome's WebAudio component has been targeted before, with past vulnerabilities like CVE-2023-6345 and CVE-2024-0224 revealing ongoing security challenges tied to the complexity of audio processing in web browsers.

ESB-2025.2902 – Cisco IOS XE Wireless Controller Software: CVSS (Max): 10.0

Cisco has patched a critical vulnerability (CVE-2025-20188) in IOS XE for Wireless LAN Controllers, caused by a hard-coded JSON Web Token. This flaw allows unauthenticated remote attackers to fully compromise affected devices by impersonating authorised users. Rated CVSS 10.0, the issue affects the Out-of-Band AP Image Download feature and poses a severe security risk.

ESB-2025.2899 – GitLab Community and Enterprise Edition: CVSS (Max): 6.8

GitLab has released versions 17.11.2, 17.10.6, and 17.9.8 for CE and EE with critical bug and security fixes. These updates patch three medium-severity vulnerabilities: a Device OAuth bypass (CVE-2025-0549), a GitHub import DoS exploit (CVE-2024-8973), and a group IP restriction bypass (CVE-2025-1278).


Stay safe, stay patched and have a good weekend!

The AUSCERT team