Review their networks for the presence of affected SonicWall products. The Australian Cyber Security Centre has issued an alert over SonicWall, a network and cyber security appliance vendor, reporting that ransomware activity is currently targeting their Secure Mobile Access (SMA) and Secure Remote Access (SRA) products. This ransomware activity is…
Read More
The Essential Eight Maturity Model, first published in June 2017 and updated regularly. The Australian Cyber Security Centre (ACSC) has further strengthened the implementation guidance for the Essential Eight through changes that reflect its experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to…
Read More
ACSC sends out warning The Australian Cyber Security Centre (ASCS) has observed a growing trend affecting construction companies and their customers. In the past six months there has been an increase in cybercriminals targeting builders and construction companies to conduct business email compromise (BEC) scams within Australia. In a BEC scam, cybercriminals…
Read More
ACSC’s Critical Infrastructure Uplift Program to protect essential services from cyber security. The ACSC is calling for ACSC Partners to help pilot the Critical Infrastructure Uplift Program (CI-UP). CI-UP will help protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations. CI-UP is part of the Australian Signals Directorate’s…
Read More
Recent cybersecurity incidents such as SolarWinds and the Colonial Pipeline were a “sobering”. The recent cybersecurity attacks on US government and private enterprises have caused the government to overhaul its cybersecurity strategy, with President Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks. Recent…
Read More
Vulnerabilities could enable a malicious cyber actor to compromise vulnerable Exim servers. Multiple high severity vulnerabilities have been discovered within the Exim mail server. The most severe of these vulnerabilities allows remote code execution which could enable a malicious cyber actor to take full control of the vulnerable system. A…
Read More
US and Australian government agencies issue warnings and advice. The Cybersecurity and Infrastructure Security Agency (CISA) of the United States, is aware of compromises affecting government agencies, critical infrastructure entities, and other private sector organisations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to vulnerabilities in…
Read More
APT actors exploit vulnerabilities to gain initial access for future attacks. The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises organisations using Fortinet devices that Advanced Persistent Actors (APT’s) have been observed exploiting the following vulnerabilities: CVE-2018-13379 – Fortinet Path Traversal CVE-2020-12812 – Fortinet 2 Factor Authentication bypass CVE-2019-5591 – Fortinet Man-in-the-middle…
Read More
Companies have yet to address vulnerabilities in their Microsoft Exchange, leaving them open to cyber criminals. The Australian Cyber Security Centre (ACSC) has identified a large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC urges these organisations to…
Read More
Australian Government’s lead security agency sends out warnings. The Australian Cyber Security Centre (ACSC), the Australian Government lead agency for cyber security has sent out a number of high alerts for vulnerabilities in a number of software products, including Accellion which affected Singapore telecommunications provider, Singtel. According to the ACSC…
Read More