May 20, 2020 - The Australian Cyber Security Centre (ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far. This advisory provides a summary of notable tactics, techniques and procedures (TTPs) exploited by Advanced Persistent Threats (APT) and cybercriminals identified during the ACSC’s investigations. These TTPs are summarised practically in the framework of tactics and techniques provided by MITRE ATT&CK. This technical guidance is provided for IT security professionals at public and private sector organisations.
Oct 3, 2019 - The Evaluated Products List (EPL) is a list of products that have been evaluated via the ASD Cryptographic Evaluation program or the High Assurance Evaluation program. For a list of products certified via the Australasian Information Security Evaluation Program (AISEP), see the Certified Products List (CPL) on the Common Criteria website.
Jan 18, 2019 - The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames. Titled 'Collection #1', the data breach was made public by Australian cyber security expert Troy Hunt, who identified that a large number of credential lists had been distributed on a known hacking forum.
Nov 1, 2018 - JOINT STATEMENT Department of Defence Department of Home Affairs Australian Cyber Security Centre The Australian Government is aware of the cyber security incident affecting Austal. This matter has been referred to the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) for investigation.
Aug 13, 2018 - Cyber adversaries will target the weakest link. If they are trying to target a network but it has strong cyber security, they will move to what's called secondary targeting. In secondary targeting, the adversary will try to compromise other networks that might be easier to target and hold the same information, are connected to their target network, or can provide information they can use to compromise the target network.
Aug 13, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Jul 1, 2018 - We provide information through two online portals to enable access and sharing of information about information security matters. One is available to members of our ACSC partnership program. The second, OnSecure, is for Australian Government ICT and cyber security professionals, IRAP assessors, selected vendors.
Jul 1, 2018 - Working from new purpose-built headquarters after its official launch in August, the ACSC and its network of Joint Cyber Security Centres (JCSCs) across the country are building on decades of quiet success by Australian agencies. The ACSC, part of the Australian Signals Directorate (ASD), demonstrates the Australian Government's commitment to cyber security in a world where new threats are always emerging.
Jun 18, 2018 - On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems proactively informing of a possible breach. PageUp self-identified suspicious activity on its network and undertook immediate actions to investigate and contain the incident. PageUp notified their corporate customers and the Australian Cyber Security Centre (ACSC) of the issue, enabling the ACSC to quickly assess the incident and support PageUp in their response. In line with the new Notifiable Data…
Jun 29, 2017 - From reports and analysis performed to date, this version of the ransomware appears to have been delivered via a malicious software update for My Electronic Document (M.E.Doc), which is accounting software used by Ukrainian-based companies. It appears that almost all affected organisations can be linked back to Ukraine either through direct or indirect connections. While only a relatively small number of organisations have been impacted globally, for those affected the impact has been severe.
Oct 1, 2015 - Prior to July 2017, the Australian Internet Security Initiative (AISI) was administered by the Australian Communications and Media Authority (ACMA), which undertook research in relation to the value and role of the program. The research consisted of 24 interviews with ISPs and universities and found many of the internet providers interviewed relied solely on the AISI malware reports for information about malware infections. Internet providers usually notified their customers of their malware infection by email. More than half of the providers interviewed also provided step-by…