View all alerts

14 Apr 2021

Exchange server critical vulnerabilities

On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling access to email accounts and to enable further compromise of the Exchange server and associated networks.

05 Jan 2021

Phone and email scammers impersonating the ACSC

Scammers purporting to be from ACSC are calling and emailing Australians and attempting to trick them into installing malicious software on personal devices.

01 Oct 2020

2019-131a: Emotet malware campaign

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed an ongoing and widespread campaign of malicious emails designed to spread Emotet across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.

13 Aug 2020

Phone scams impersonating Australian businesses and government agencies

Cybercriminals are spoofing Australian mobile numbers and pretending to be from an Australian Government agency, delivery company or business, manipulating the individual to gain access to their device.

02 Aug 2020

Ransomware targeting Australian aged care and healthcare sectors

ACSC is aware of increasing targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.

16 Jul 2020

Increasing reports of myGov-related SMS and email scams targeting Australians

Be on the lookout for myGov-related SMS and email scams asking you to verify your myGov details.

14 Jul 2020

Critical vulnerability for SAP NetWeaver Application Server (CVE-2020-6287)

On 13 July 2020 (United States EST), enterprise resource planning provider SAP released a security patches for a critical vulnerability affecting the Java component LM Configuration Wizard within the SAP NetWeaver Application Server.

22 May 2020

COVID-19 malicious cyber activity

Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme.

16 Apr 2020

Sextortion email campaign impacting Australians

A large number of Australians are being impacted by an email ‘sextortion’ campaign in which the cyber scammers responsible have threatened to release personal and sensitive information to the recipients’ contacts unless the scammer is paid in cash or bitcoin.

06 Feb 2020

2020-003: Mailto ransomware incidents

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of recent ransomware incidents involving a ransomware tool known as ‘Mailto’ or ‘Kazakavkovkiz’. Mailto belongs to the KoKo ransomware family.

15 Jan 2020

2020-002: Critical vulnerabilities for Microsoft Windows

On 15 January 2020 (AEDT), Microsoft released security patches for three critical and one important vulnerabilities in the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows operating system. The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network.

13 Dec 2019

Australia Post SMS scam targeting Australians

With millions of parcel deliveries expected around the country, Australia Post is seeing widespread scam text (SMS) messages being sent to people, using their brand.

24 Jul 2019

Sextortion campaign

The Australian Cyber Security Centre (ACSC) is aware of a sextortion scam email campaign targeting the Australian community.

06 Jun 2019

Microsoft Windows security vulnerability – ‘BlueKeep’ (CVE-2019-0708)

CVE-2019-0708, also known as ‘BlueKeep’ leaves users open to attack from malicious actors who can exploit a vulnerability via Remote Desktop Services (RDS) on legacy versions of the Windows operating system.

15 Mar 2019

773M accounts affected by 'Collection #1' breach

The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames.

29 Sep 2018

Facebook security issue affects 50M user accounts

The ACSC is aware of a security issue affecting 50 million Facebook user accounts whereby a flaw in the 'View As' feature allowed attackers to steal Facebook access tokens, which could be used to take over user's accounts. Access tokens are the equivalent of digital keys that allow users to remain logged into Facebook.