This joint Cybersecurity Advisory was coauthored by the NSA. Summary This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities to establish a broad network of compromised infrastructure. These actors use the network to exploit a wide…
Read More
A critical unauthenticated remote code execution vulnerability has been identified. Background / What has happened? Atlassian published a security advisory regarding a critical unauthenticated remote code execution (RCE) vulnerability (CVE-2022-26134) in all supported versions of Atlassian Confluence Server and Data Center. Exploitation of this RCE vulnerability could allow a malicious actor to…
Read More
ABI Research’s new whitepaper presents critical and actionable cybersecurity trends and forecasts. Global cybersecurity spending in industrial critical infrastructure sectors (e.g., energy, transport, and water & waste management) is expected to hit $US23 billion by the end of 2022 and grow at a CAGR of 10 per cent to reach $US36.67 billion in 2027. This…
Read More
Affected Australian organisations should take appropriate action. Background / What has happened? Microsoft has disclosed a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability, dubbed “Follina”, can be exploited by an attacker sending a URL to a vulnerable machine. Successful exploitation allows an attacker…
Read More
Data compromises have almost doubled over the past few years as the world goes more digital. The Monetary Authority of Singapore (MAS) has imposed an additional capital requirement, of approximately S$330 million, on OCBC Bank (OCBC), given deficiencies in the bank’s response to a wave of spoofed SMS phishing scams…
Read More
Designing malware customised for manufacturing infrastructure. “Industrial Control Systems and the manufacturing sector are at the epicentre of a cyber insurgency. Dealing with the disruptions of labour shortages, manufacturers have implemented automation technologies and artificial intelligence to help bring more agility. But while the industrial Internet of Things (IIoT) brings…
Read More
Cybercrime groups have threatened to conduct cyber operations. Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks. Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations. Additionally, some cybercrime groups…
Read More
Focusing on guidance that enables transparent discussions. Summary The United Kingdom’s National Cyber Security Centre (NCSC-UK), the Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) expect an increase…
Read More
Cybercrime cartels have studied the interdependences of financial institutions. A joint advisory has been published by the U.S., UK, Canada, and ANZ warning of malicious cyber activity targeting MSPs and providing guidance on how best to protect against these cyber threats. VMware’s recent Modern Bank Heists report, referenced this, revealing 60 per cent of financial…
Read More
Phishing is the most common type of cyberattack threatening its networks and information. As cyberattacks become more frequent and sophisticated, it’s crucial that governments are well-equipped to not only respond to threats but prevent them from happening in the first place. Everyone needs to be on the same page in…
Read More