You are here Home About the ACSC View all content Alerts & Advisories Alerts and advisories Find the latest in cyber security alerts and advice Top alerts and advisories 23 Sep 2022 Alert rating MEDIUM Medium alert rating A medium alert details a cyber security vulnerability that entities should act soon to mitigate. The ACSC has assessed that network owners and operators need to be notified of the possible threats so that they can take appropriate actions to mitigate risks. Medium alerts refer to vulnerabilities, which if not mitigated against, have the potential to impact Australia, due to a publicly available proof-of-concept or evidence of active exploitation, but comprehensive patches or easily implemented mitigation mechanisms are available. Optus notifies customers of cyberattack compromising customer information To help protect against fraud, Optus has notified customers to look to reputable sources such as Moneysmart and the Office of the Australian Information Commissioner. 15 Sep 2022 Alert rating Advisory Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations The Australian Cyber Security Centre (ACSC) has joined with international cyber security agency partners to co-author an advisory on continued Iranian state-sponsored cyber threats. Organisations are encouraged to apply the… 08 Aug 2022 Alert rating LOW Low alert rating A low alert details a cyber security vulnerability that entities should be aware of. The ACSC has assessed that network owners and operators should be aware of the possible threats so that they can take appropriate actions to mitigate risks. Low alerts refer to vulnerabilities that, while important for ACSC to disseminate to a widespread audience at a level of urgency, have minimal potential to impact Australia due to the low likelihood of success, lack of a publicly available proof-of-concept, age of the exploit, or other factors. Are you ready for Australian domain name changes? Australians have until 20 September 2022 to seek priority allocation of an .au direct domain name that matches their existing domain name. All alerts and advisories Status StatusCRITICALHIGHMEDIUMLOW Type TypeAdvisoryAlert Audience AudienceIndividuals & familiesSmall & medium businessesOrganisations & Critical InfrastructureGovernment Title Date updatedTitle AscDesc Items per page 6121824- All - 15 Jun 2022 Alert rating CRITICAL Critical alert rating A critical alert details a cyber security vulnerability that entities should take immediate action to minimise the risk. The ACSC has assessed that network owners and operators be informed of the threats so that they can take actions to minimise risk and impact to their networks. Critical alerts refer to vulnerabilities that are currently or will imminently impact Australia, due to a publicly available trivially exploitable proof-of-concept and evidence of active exploitation, and at the time of publication will require drastic actions to minimise harm to networks. Exploitation of Microsoft Office vulnerability: Follina The ACSC is aware of active exploitation of the Follina zero-day vulnerability in the Microsoft Support Diagnostic Tool (CVE-2022-30190). Affected Australian organisations should take appropriate action. 05 Jun 2022 Alert rating CRITICAL Critical alert rating A critical alert details a cyber security vulnerability that entities should take immediate action to minimise the risk. The ACSC has assessed that network owners and operators be informed of the threats so that they can take actions to minimise risk and impact to their networks. Critical alerts refer to vulnerabilities that are currently or will imminently impact Australia, due to a publicly available trivially exploitable proof-of-concept and evidence of active exploitation, and at the time of publication will require drastic actions to minimise harm to networks. Remote code execution vulnerability present in Atlassian Confluence Server and Data Center A critical unauthenticated remote code execution vulnerability (CVE-2022-26134) has been identified in all supported versions of Atlassian Confluence Server and Data Center. ACSC recommends organisations restrict internet… 17 May 2022 Alert rating Advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that… 12 May 2022 Alert rating Advisory Protecting Against Cyber Threats to Managed Service Providers and their Customers This advisory describes cybersecurity best practices for information and communications technology (ICT), focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive… 09 May 2022 Alert rating HIGH High alert rating A high alert details a cyber security vulnerability that entities should act quickly to minimise the risk, within 48 hours. The ACSC has assessed that network owners and operators should be informed of the threats so that they can decide on the most appropriate active mitigation actions to minimise risks to their networks. High alerts refer to vulnerabilities that are currently or likely to impact Australia, due to a publicly available proof-of-concept or evidence of active exploitation, and at the time of publication, have no comprehensive patches or easily implemented mitigation mechanisms available. Multiple vulnerabilities present in F5 products The ACSC is aware of a F5 Security Advisory Addressing Multiple Vulnerabilities in their BIG-IP Product Range. Affected Australian organisations should take appropriate action. 28 Apr 2022 Alert rating Advisory 2022-02: Australian organisations should urgently adopt an enhanced cyber security posture Entities should follow ACSC advice and act on improving their resilience within a heightened threat environment. Pagination Previous page ‹‹ Page 2 Next page ›› Think you might be impacted? Cybercrime is the use of a computer or online network to commit crimes such as fraud, online image abuse, identity theft or threats and intimidation. You can report cybercrime to the police via ReportCyber. Never miss a threat Sign up for the latest cyber security alerts and get weekly info on threats, how to keep yourself secure, and cyber news Your name Email reCAPTCHAv3 Validation Response Was this information helpful? Was this information helpful? Yes No Thanks for your feedback! Thanks for your feedback! Optional Tell us why this information was helpful and we’ll work on making more pages like it Watch out for new threats Learn how to identify common cyberattacks and defend yourself against them. Set up and perform regular backups Learn how to make a copy of your files so you don't lose valuable data.
