Latest scams, fraud and security alerts

 Posted on 16 July 2025

Digital wallet scams

Type:     

We would like to remind our customers to be wary of scams involving digital wallets.

Digital wallets allow you to make transactions with your mobile or wearable device instead of a physical card.

While digital wallets are safe, if scammers have access to your card details and one-time passcodes (OTP), they can add your card to their own device (or third party) and spend or withdraw your money without your permission.

 Posted on 10 July 2025

Bank Impersonation scam alert

Type:     

We have been made aware of an increase in bank impersonation scams. Be cautious of SMS messages or phone calls, claiming to be from ANZ. They may ask you to transfer money, open another account, provide your sensitive banking details or click on a link.

Remember, we will never ask you to:

• Share sensitive information like your One Time Passcode (OTP), verification code, PIN or card details.
• Click in a link to install software for live chat, remote access purposes, or access our official website.
• Transfer money to another account.
• Open a new account.
• Share sensitive banking details like your access PIN or card details.

 Posted on 29 September 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding vulnerabilities within Australia impacting Cisco ASA 5500-X Series models, that are running Cisco ASA Software or FTD software:

• CVE-2025-20333 (Critical) – A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
• CVE-2025-20363 (Critical) – A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device.
• CVE-2025-20362 (Medium) – A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that should otherwise be inaccessible without authentication.

A number of versions of Cisco software releases are affected, including those within the following ranges:

• Cisco ASA Software releases 9.12 to 9.23x and;
• Cisco FTD Software releases 7.0 to 7.7x.

 Posted on 22 September 2025

High alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a high alert regarding increased targeting of online code repositories.

Threat actors have been observed gaining access to online code repositories and have been noted to do the following after gaining access to privileged systems and accounts:

• Running open-source tools to scan for cryptographic secrets, passwords and sensitive keys stored in online code repositories.
• Extracting and leaking identified credentials publicly.
• Migrating private repositories to public repositories.
• Modifying public packages to initiate supply-chain compromises.

This access provides threat actors a better understanding of internal processes and systems, increasing an organisation’s attack surface and enabling future, novel attacks.

 Posted on 12 September 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting SonicWall SSL VPNs in Australia (CVE-2024-40766)

According to the ASD’s ACSC, the vulnerability can result in Akira ransomware targeting vulnerable Australian organisations through SonicWall SSL VPNs.

The vulnerability enables an attacker to achieve unauthorised access and in specific conditions causes the firewall to crash. The vulnerability affects the following SonicWall devices:

• Gen 5 devices
• Gen 6 devices
• Gen 7 devices running SonicOS 7.0.1-5035 and older versions

 Posted on 01 September 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published an alert regarding multiple vulnerabilities impacting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products:

• CVE-2025-7775 (Critical) involves a memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service.
• CVE-2025-7776 (High) involves a memory overflow vulnerability leading to unpredictable or erroneous behaviour and Denial of Service.
• CVE-2025-8424 (High) involves improper access control on the NetScaler Management Interface.

Citrix reports active exploitation of these vulnerabilities has been observed.
 

 Posted on 19 August 2025

Phishing scam alert

Type:    

We have seen an increase of cyber criminals gaining unauthorised access to data stored in customer relationship management (CRM) systems through social engineering.

Social engineering is a tactic used by cyber criminals to extract sensitive information, often via social media or phone calls (“vishing”). This data may be used to impersonate employees or vendors to gain access to company information or systems. Attackers typically exploit emotions like fear, urgency, or excitement to pressure individuals into bypassing standard procedures. If a communication seems suspicious or asks for unusual actions, avoid sharing information, uphold business security protocols, and end the interaction immediately.
 

Posted on 21 July 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Microsoft Office SharePoint Server products (CVE-2025-53770).

According to the ASD’s ACSC, the vulnerability may allow an unauthorised attacker to execute code over a network.
 

Posted on 10 July 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published an alert regarding 2 vulnerabilities affecting Citrix Netscaler ADC and NetScaler Gateway Products.

The following vulnerabilities have been identified:

• CVE-2025-5777: Insufficient input validation.
• CVE-2025-5349: Improper access control on the NetScaler Management Interface.

According to the ASD’s ACSC, these vulnerabilities can lead to memory overflow issues, resulting in unintended control flow and Denial of Service due to insufficient input validation.
 

Posted on 23 June 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has sent a critical alert relevant to Australian organisations using Citrix Netscaler ADC and NetScaler Gateway Products (CVE-2025-5349 and CVE-2025-5777).

Citrix has identified the following vulnerabilities affecting Netscaler ADC and NetScaler Gateway Products:

• CVE-2025-5777: Insufficient input validation leading to memory overread, potentially leading to the exposure of sensitive data.
• CVE-2025-5349: Improper access control on the NetScaler Management Interface.