Cyber actors exploiting vulnerabilities for data extortion and disk encryption

The IRGC-affiliated actors are actively targeting a broad range of targeted entities This joint Cybersecurity Advisory (CSA) is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), U.S. Cyber Command Cyber National Mission Force…

Read More

180,000 bugs in every fully autonomous vehicle

Open door to cyber criminals. Many autonomous vehicles are not fully protected against cyberattacks, with GlobalData, a leading data and analytics company, estimating that there may be up to 180,000 bugs in the code operating a level 5 autonomous vehicle*— potentially leaving hackers with 15,000 security vulnerabilities to choose from.…

Read More

Russian state-sponsored and criminal cyber threats

Cybercrime groups have threatened to conduct cyber operations. Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks. Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations. Additionally, some cybercrime groups…

Read More

ANZ security leaders think outdated security approaches are failing

Legacy thinking has security leaders and businesses investing in solutions. Vectra AI, a leader in threat detection and response, today released a new report highlighting how today’s organisations are continuing to fail, tackling complex, modern cyber threats using outdated methods. Vectra’s Security Leaders Research Report found that legacy thinking has security leaders…

Read More

2021 top routinely exploited vulnerabilities

The cybersecurity authorities encourage organizations to apply the recommendations. Summary This joint Cybersecurity Advisory (CSA) was co-authored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber…

Read More

Ukraine war has complicated the way cybercriminals launder funds

However, they are adapting. It’s becoming clear that Russia’s invasion of Ukraine has complicated the means through which cybercriminals launder funds, but they are adapting. I thought you might be interested in comment from risk intelligence firm Flashpoint, based on discussions analysts have observed in recent months. Sanctions introduced against Russia, coupled with…

Read More

Australian organisations should adopt enhanced cyber security

Prioritise these actions to defend against malicious cyber activity. Organisations should prioritise the following actions to mitigate against threats posed by a range of malicious cyber actors. Many actors use common techniques such as exploiting internet-facing applications and spear phishing to compromise victim networks. Organisations should ensure they have implemented mitigations…

Read More

Global cyber agencies share top routinely exploited vulnerabilities

Four of the most targeted vulnerabilities in 2020 involved remote work. The US Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), United Kingdom’s National Cyber Security Centre (NCSC) and Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory highlighting the top Common Vulnerabilities and Exposures (CVEs) routinely…

Read More

ACSC identifies vulnerable Microsoft Exchange deployments

Multiple actors taking advantage of unpatched systems to attack those with on-premises Exchange Server. The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has identified extensive targeting, and has confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments.  The ACSC is assisting affected organisations with their incident response and…

Read More