Contact us
Portal login
1300 CYBER1 (1300 292 371)
You can view all our alerts from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
04 Apr 2022 - Alert status: HIGH
Multiple vulnerabilities present in the Spring Framework for Java
The ACSC is aware of media reporting relating to multiple potential vulnerabilities, including the so-called SpringShell vulnerability, in the Java Spring framework and its execution environments. These vulnerabilities pose a threat to organisations running applications on the web which contain components using the Java Spring framework.
30 Mar 2022 - Alert status: HIGH
Remote code execution vulnerability present in Sophos Firewall
A vulnerability (CVE-2022-1040) has been identified in Sophos Firewall prior to version 18.5 which could allow a malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.
23 Mar 2022 - Alert status: LOW
New domain name changes could leave your business or organisation at risk
The new domain name category, could leave your business or organisation open to fraudulent cyber activity. Register your .au domain name before it becomes available to the general public.
12 Feb 2022 - Alert status: CRITICAL
Critical vulnerability identified in Apple iOS and macOS
A Remote Code Execution vulnerability has been identified in certain versions of Apple WebKit, affecting iOS and macOS devices. Affected users of these devices should update their devices as soon as possible.
10 Feb 2022 - Alert status: MEDIUM
Increased Global Ransomware Threats
In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally
04 Feb 2022 - Alert status: HIGH
Remote code execution vulnerability present in Samba versions prior to 4.13.17
A vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Exploitation of this vulnerability could allow a malicious cyber actor to perform privileged remote code execution. Affected Australian organisations should apply the available patch, including affected software vendors.
19 Jan 2022 - Alert status: HIGH
Remote code execution vulnerability present in SonicWall SMA 100 series appliances
A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.
23 Dec 2021 - Alert status: HIGH
Use of Log4j vulnerabilities in ransomware activity
The ACSC expects an increase in ransomware activity using Log4j as an exploit vector. Malicious actors may take advantage of trivial exploits to impact Australian organisations.
21 Dec 2021 - Alert status: CRITICAL
Critical remote code execution vulnerability found in the Log4j library
A vulnerability (CVE-2021-44228) exists in certain versions of the Log4j library. A malicious cyber actor could exploit this vulnerability to execute arbitrary code. Australian organisations should apply latest patches immediately where Log4j is known to be used.
10 Dec 2021 - Alert status: MEDIUM
Conti ransomware incidents in Australia
Multiple Australian organisations have been impacted by Conti ransomware in November and December 2021.
08 Dec 2021 - Alert status: HIGH
Zoho ManageEngine ServiceDesk Plus & Desktop Central remote code execution vulnerabilities
Vulnerabilities have been identified in certain versions of Zoho ManageEngine ServiceDesk Plus and Desktop Central product suites. Australian organisations using vulnerable Zoho ManageEngine products should apply the available patch.
17 Nov 2021 - Alert status: CRITICAL
Iranian Government-Sponsored APT Cyber Actors
FBI and CISA have observed an Iranian government-sponsored APT group that are exploiting vulnerabilities to gain access to systems. The APT group has exploited the same Microsoft Exchange vulnerability in Australia.
11 Nov 2021 - Alert status: CRITICAL
Critical vulnerability present in certain versions of Microsoft Excel
Microsoft has identified active exploitation of a vulnerability in Microsoft Excel. Affected Australian organisations should apply the available security update as soon as possible.
13 Oct 2021 - Alert status: HIGH
Critical vulnerability present in certain versions of Apple iOS and iPadOS
A vulnerability has been identified in certain Apple products which could allow an actor to install malware or perform other actions on a vulnerable device.
Multiple key vulnerabilities identified in Microsoft products
Multiple key vulnerabilities were identified in Microsoft’s 12 October 2021 patch release. While all vulnerabilities addressed in this release are important to mitigate the ACSC wishes to highlight several vulnerabilities for priority consideration.
08 Oct 2021 - Alert status: CRITICAL
Critical vulnerability in certain versions of Apache HTTP Server
A vulnerability exists in Apache HTTP Server 2.4.49. A cyber actor could exploit this vulnerability to execute arbitrary code. Initial information also indicates that the vulnerability could also be used perform remote code execution under certain configurations. Affected Australian organisations should apply the available patch.
24 Sep 2021 - Alert status: HIGH
Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors
A vulnerability exists in certain versions of ManageEngine ADSelfService Plus. A cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian organisations should apply the available security update.
22 Sep 2021 - Alert status: CRITICAL
Critical vulnerability in certain Hikvision products, IP cameras
A critical vulnerability exists in Hikvision products, including IP cameras, which could allow a cyber actor to take full control of the device. Affected Australian customers should apply an appropriate firmware update provided by Hikvision.
16 Sep 2021 - Alert status: CRITICAL
Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services
A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.
16 Sep 2021 - Alert status: HIGH
Remote code execution vulnerability present in the Windows Scripting Engine of Microsoft Windows
A vulnerability exists in a component of Microsoft Windows. A malicious cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian customers should apply the security update provided by Microsoft.
14 Sep 2021 - Alert status: HIGH
Remote code execution vulnerability present in the MSHTML component of Microsoft Windows
A vulnerability exists in a component of Microsoft Windows. A malicious cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. At this current time there is no patch available, affected Australian customers should apply the Microsoft recommended workarounds.
Critical vulnerabilities present in certain versions of Apple iOS, macOS and Safari
Vulnerabilities have been identified in certain versions of Apple iOS, macOS and Safari which could allow an actor to install malware or perform other actions on a vulnerable device or computer.
30 Aug 2021 - Alert status: MEDIUM
Property-related business email compromise scams rising in Australia
Cybercriminals are targeting the property and real estate sector to conduct business email compromise scams. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods.
19 Aug 2021 - Alert status: HIGH
Microsoft Exchange ProxyShell Targeting in Australia
The ACSC has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.
05 Aug 2021 - Alert status: MEDIUM
LockBit 2.0 ransomware incidents in Australia
ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia.
06 Jul 2021 - Alert status: MEDIUM
Cybercriminals targeting construction companies to conduct email scams
Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.
30 Jun 2021 - Alert status: LOW
Microsoft Releases Security Updates for Microsoft Edge Browser
On June 24, 2021 Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.
21 Jun 2021 - Alert status: HIGH
Google Releases Security Updates for Chrome Browser
On June 17, 2021 Google released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. The patch notes for this version can be viewed at Chrome Release Note.
13 May 2021 - Alert status: HIGH
Critical vulnerability discovered in HTTP.SYS in Microsoft Windows
A remote code execution vulnerability could enable a malicious cyber actor to compromise vulnerable Microsoft Windows hosts. The ACSC strongly recommends applying available patches.
10 May 2021 - Alert status: HIGH
Multiple high severity vulnerabilities discovered in the Exim mail server
Exim vulnerabilities could enable a malicious cyber actor to compromise vulnerable Exim servers. The ACSC strongly recommends applying available patches.
08 May 2021 - Alert status: HIGH
Avaddon Ransomware
Increase in Avaddon ransomware attacks in Australia.
27 Apr 2021 - Alert status: HIGH
Potential exploitation of Click Studio’s PasswordState software
On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.
21 Apr 2021 - Alert status: HIGH
Exploitation of Pulse Connect Secure Vulnerabilities
New advice for mitigating Pulse Connect Secure Virtual Private Network (VPN) vulnerabilities
15 Apr 2021 - Alert status: CRITICAL
Exchange server critical vulnerabilities
On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling access to email accounts and to enable further compromise of the Exchange server and associated networks.
16 Feb 2021 - Alert status: HIGH
Malware targeting Centreon software
ANSSI identifies campaign targeting Centreon system monitoring software
04 Feb 2021 - Alert status: HIGH
SonicWall Breach
SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.
25 Jan 2021 - Alert status: HIGH
Potential SolarWinds Orion compromise
FireEye identifies global campaign leveraging malicious updates to SolarWinds software.
12 Nov 2020 - Alert status: HIGH
SDBBot targeting health sector
The ACSC has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).
30 Oct 2020 - Alert status: HIGH
Sustained targeting of the health sector
The Australian Signals Directorate’s Australian Cyber Security Centre has identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector.
01 Oct 2020 - Alert status: HIGH
2019-131a: Emotet malware campaign
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed an ongoing and widespread campaign of malicious emails designed to spread Emotet across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.
22 Sep 2020 - Alert status: HIGH
Netlogon elevation of privilege vulnerability (CVE-2020-1472)
The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.
18 Sep 2020 - Alert status: HIGH
Active exploitation of vulnerable MobileIron products
The ACSC is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.
16 Sep 2020 - Alert status: HIGH
Copy-paste compromises
The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source.
13 Aug 2020 - Alert status: HIGH
Phone scams impersonating Australian businesses and government agencies
Cybercriminals are spoofing Australian mobile numbers and pretending to be from an Australian Government agency, delivery company or business, manipulating the individual to gain access to their device.
02 Aug 2020 - Alert status: CRITICAL
Ransomware targeting Australian aged care and healthcare sectors
ACSC is aware of increasing targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.
16 Jul 2020 - Alert status: HIGH
Increasing reports of myGov-related SMS and email scams targeting Australians
Be on the lookout for myGov-related SMS and email scams asking you to verify your myGov details.
15 Jul 2020 - Alert status: CRITICAL
Remote code execution vulnerability in Windows DNS (CVE-2020-1350)
On 14 July 2020, Microsoft acknowledged a critical remote code execution vulnerability in Windows Domain Name System (DNS), which could allow an adversary to run arbitrary code.
14 Jul 2020 - Alert status: CRITICAL
Critical vulnerability for SAP NetWeaver Application Server (CVE-2020-6287)
On 13 July 2020 (United States EST), enterprise resource planning provider SAP released a security patches for a critical vulnerability affecting the Java component LM Configuration Wizard within the SAP NetWeaver Application Server.
22 May 2020 - Alert status: HIGH
COVID-19 malicious cyber activity
Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme.
2019-126: Vulnerable version of Telerik UI being actively exploited by APT actor
The Australian Cyber Security Centre (ACSC) has become aware that Advanced Persistent Threat (APT) actors have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publicly available exploits. Successful exploitation could allow an attacker to upload files to the vulnerable server to facilitate further compromise.
