You are here Home About the ACSC View all content Alerts & Advisories Alerts and advisories Find the latest in cyber security alerts and advice Top alerts and advisories 31 Mar 2023 Alert rating MEDIUM Medium alert rating A medium alert details a cyber security vulnerability that entities should act soon to mitigate. The ACSC has assessed that network owners and operators need to be notified of the possible threats so that they can take appropriate actions to mitigate risks. Medium alerts refer to vulnerabilities, which if not mitigated against, have the potential to impact Australia, due to a publicly available proof-of-concept or evidence of active exploitation, but comprehensive patches or easily implemented mitigation mechanisms are available. Supply chain compromise of 3CX DesktopApp The ACSC is aware of a reported supply chain compromise affecting the 3CX DesktopApp, allowing malicious actors to conduct multi-stage attacks against users of the legitimate software. Australian users of affected… 29 Mar 2023 Alert rating HIGH High alert rating A high alert details a cyber security vulnerability that entities should act quickly to minimise the risk, within 48 hours. The ACSC has assessed that network owners and operators should be informed of the threats so that they can decide on the most appropriate active mitigation actions to minimise risks to their networks. High alerts refer to vulnerabilities that are currently or likely to impact Australia, due to a publicly available proof-of-concept or evidence of active exploitation, and at the time of publication, have no comprehensive patches or easily implemented mitigation mechanisms available. High Severity Vulnerability present in Microsoft Outlook for Windows The Australian Cyber Security Centre (ACSC) is aware of a Microsoft Outlook for Windows vulnerability. All Australian organisations using all versions of Microsoft Outlook for Windows should apply the available patch… 20 Mar 2023 Alert rating Advisory 2023-03: ACSC Ransomware Profile – Lockbit 3.0 The Australian Cyber Security Centre (ACSC) is aware of Lockbit 3.0 which is the newest version of Lockbit ransomware. It is used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations… All alerts and advisories Title - Any -AdvisoryAlert - Any -CRITICALHIGHMEDIUMLOW - Any -Individuals & familiesSmall & medium businessesOrganisations & Critical InfrastructureGovernment Sort by Sort byDate updated (new to old)Date updated (old to new)Title (A-Z)Title (Z-A) Items per page 6121824- All - 13 Dec 2022 Alert rating HIGH High alert rating A high alert details a cyber security vulnerability that entities should act quickly to minimise the risk, within 48 hours. The ACSC has assessed that network owners and operators should be informed of the threats so that they can decide on the most appropriate active mitigation actions to minimise risks to their networks. High alerts refer to vulnerabilities that are currently or likely to impact Australia, due to a publicly available proof-of-concept or evidence of active exploitation, and at the time of publication, have no comprehensive patches or easily implemented mitigation mechanisms available. Critical severity vulnerability in Fortinet FortiOS SSL-VPN The Australian Cyber Security Centre (ACSC) is aware of a heap-based buffer overflow vulnerability in FortiOS SSL-VPN. All Australian organisations should apply the available patch immediately. 01 Dec 2022 Alert rating MEDIUM Medium alert rating A medium alert details a cyber security vulnerability that entities should act soon to mitigate. The ACSC has assessed that network owners and operators need to be notified of the possible threats so that they can take appropriate actions to mitigate risks. Medium alerts refer to vulnerabilities, which if not mitigated against, have the potential to impact Australia, due to a publicly available proof-of-concept or evidence of active exploitation, but comprehensive patches or easily implemented mitigation mechanisms are available. Medibank Private Cyber Security Incident ASD’s Australian Cyber Security Centre is working closely with Medibank Private following the recent incident. 08 Nov 2022 Alert rating LOW Low alert rating A low alert details a cyber security vulnerability that entities should be aware of. The ACSC has assessed that network owners and operators should be aware of the possible threats so that they can take appropriate actions to mitigate risks. Low alerts refer to vulnerabilities that, while important for ACSC to disseminate to a widespread audience at a level of urgency, have minimal potential to impact Australia due to the low likelihood of success, lack of a publicly available proof-of-concept, age of the exploit, or other factors. Multiple Vulnerabilities in VMware vRealize Hyperic monitoring and performance management product The Australian Cyber Security Centre (ACSC) has identified a number of critical vulnerabilities affecting VMware’s vRealize Hyperic monitoring and performance management product. 02 Nov 2022 Alert rating HIGH High alert rating A high alert details a cyber security vulnerability that entities should act quickly to minimise the risk, within 48 hours. The ACSC has assessed that network owners and operators should be informed of the threats so that they can decide on the most appropriate active mitigation actions to minimise risks to their networks. High alerts refer to vulnerabilities that are currently or likely to impact Australia, due to a publicly available proof-of-concept or evidence of active exploitation, and at the time of publication, have no comprehensive patches or easily implemented mitigation mechanisms available. High Severity vulnerability present in OpenSSL version 3.x The Australian Cyber Security Centre (ACSC) is aware of a buffer overrun and buffer overflow vulnerability in OpenSSL versions above to 3.0. All Australian organisations using version 3.x should apply the available patch… 13 Oct 2022 Alert rating CRITICAL Critical alert rating A critical alert details a cyber security vulnerability that entities should take immediate action to minimise the risk. The ACSC has assessed that network owners and operators be informed of the threats so that they can take actions to minimise risk and impact to their networks. Critical alerts refer to vulnerabilities that are currently or will imminently impact Australia, due to a publicly available trivially exploitable proof-of-concept and evidence of active exploitation, and at the time of publication will require drastic actions to minimise harm to networks. Remote code execution vulnerability present in Fortinet devices A vulnerability (CVE-2022-40684) has been identified in several Fortinet products running certain versions from 7.0.0 onwards, that could allow a malicious cyber actor to bypass authentication and perform unauthorised… 11 Oct 2022 Alert rating CRITICAL Critical alert rating A critical alert details a cyber security vulnerability that entities should take immediate action to minimise the risk. The ACSC has assessed that network owners and operators be informed of the threats so that they can take actions to minimise risk and impact to their networks. Critical alerts refer to vulnerabilities that are currently or will imminently impact Australia, due to a publicly available trivially exploitable proof-of-concept and evidence of active exploitation, and at the time of publication will require drastic actions to minimise harm to networks. Remote code execution vulnerability present in vm2 sandbox The ACSC is aware of a remote code execution vulnerability in vm2 sandbox versions prior to 3.9.11. Affected Australian organisations should apply the available patch immediately. Pagination Previous page ‹‹ Page 2 Next page ›› Think you might be impacted? Cybercrime is the use of a computer or online network to commit crimes such as fraud, online image abuse, identity theft or threats and intimidation. You can report cybercrime to the police via ReportCyber. Never miss a threat Sign up for the latest cyber security alerts and get information on threats and how to keep yourself secure online. Your name Email reCAPTCHAv3 Validation Response Was this information helpful? Was this information helpful? Yes No Thanks for your feedback! Thanks for your feedback! Optional Tell us why this information was helpful and we’ll work on making more pages like it Leave this field blank Watch out for new threats Learn how to identify common cyberattacks and defend yourself against them. Set up and perform regular backups Learn how to make a copy of your files so you don't lose valuable data.
