The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Cyber Security Centre (ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.
SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The ACSC is aware of likely related activity targeting Australian organisations.
The ACSC has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.
On June 24, 2021 Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.
ALERTS
- Alert status: HIGH
SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The ACSC is aware of likely related activity targeting Australian organisations.
- Alert status: HIGH
Patch now available for Kaseya VSA platform.
- Alert status: HIGH
The ACSC has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.
- Alert status: MEDIUM
Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.
- Alert status: LOW
On June 24, 2021 Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.
About the ACSC
The Australian Cyber Security Centre (ACSC) is based within the Australian Signals Directorate (ASD). We provide advice and information about how to protect you, your family and your business online.
The ACSC’s cyber security mission is supported by ASD’s wider organisation, whose role is to provide foreign signals intelligence and who have a long history of cyber security excellence. We lead the Australian Government’s efforts to improve cyber security. Our role is to help make Australia the most secure place to connect online.
For further information read more about the ACSC.
Become an ACSC Partner
The ACSC Partnership Program enables a wide range of organisations to engage with the ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.
NEWS & MEDIA
Cyber Agencies Share Top Routinely Exploited Vulnerabilities
The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Cyber Security Centre (ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.
Cybercriminals are targeting Australians at an unprecedented level to steal sensitive information and money, including through business email compromise and ransomware attacks.
Adversaries continually evolve their tradecraft to defeat preventative measures that organisations put in place. The ACSC is committed to providing cyber security advice that is contemporary, and effective. This includes regular updates to the Essential Eight Maturity Model.
Australians continue to be targeted by cybercriminals through ransomware campaigns impacting multiple sectors across our economy.
