Skip to main content

News

Email security

Don't get burned by email scams this Summer

Jan 14, 2019 - At this time of the year, Australia sees its fair share of extreme weather events. From savage storms to raging bushfires, these extreme weather conditions can take place unexpectedly, leaving Australians little time to consider the possibility of being the target of cybercrime. Cybercriminals will take advantage of these stressful situations, pursuing individuals and businesses when they least expect. As witnessed in the United States late last year during Hurricane Florence, cyber scammers are indiscriminate in who they choose to target and will attempt to make a profit in…
SOC

Implementing the Essential Eight for MSPs

Jan 11, 2019 - Following the global compromise of managed service providers or MSPs, the Australian Cyber Security Centre (ACSC) is calling on Australian businesses and individuals to be proactive in implementing better cyber security practices. While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.
WhatsApp gold hoax

"Whatsapp Gold" is a hoax

Jan 9, 2019 - The Australian Cyber Security Centre (ACSC) is aware that messages are circulating on Whatsapp that attempt to lure people into using a ‘gold’ version of the app. The scam urges victims to sign up for an ‘upgrade’. After clicking on the link you would be redirected to a fake page and your phone would become infected with malware. Remember, any updates to WhatsApp usually happen automatically through the app. If you receive a request to download 'WhatsApp Gold' do not click the link. Delete it.

Phishing email scam – tender invitation

Jan 9, 2019 - The Australian Cyber Security Centre (ACSC) is aware of phishing emails allegedly from the Department of Infrastructure, Regional Development and Cities, inviting the recipient to respond to a tender invitation. This email is a scam, and the fake tender document attached contains malicious web-links that seek to steal your personal information.
Rackspace

ACSC adds Rackspace DHE to Certified Cloud Services List

Jan 8, 2019 - The Australian Cyber Security Centre has added the Rackspace Dedicated Hosting Environment (DHE) to the Certified Cloud Services List (CCSL) for unclassified workloads, increasing the options available to Australian Government agencies. The Rackspace DHE joins providers on the CCSL that meet stringent Australian Government security requirements for managing information storage at the minimum Australian Government security standard, Unclassified.

ACSC counters threat to web hosting providers

Dec 29, 2018 - The extensive compromise of multiple web hosting providers and mitigation measures have been detailed in a report released today by the Australian Cyber Security Centre (ACSC). The findings of the ACSC investigation, Operation Manic Menagerie, show that eight Australian web hosting providers were compromised, allowing a malicious actor access to customer websites.

National Cyber Security Adviser urges end to complacency after global theft of commercial secrets

Dec 21, 2018 - The Australian Cyber Security Centre (ACSC) is providing assistance to ICT managed service providers (MSPs) in the wake of the global cyber security compromise confirmed by the Australian Government. Alastair MacGibbon, Head of the ACSC and National Cyber Security Adviser, says the incident has affected ICT providers and their customers across the globe, and it demonstrates there is no room for complacency in boardrooms around Australia when it comes to ensuring organisations have better cyber security protections in place.

Microsoft warns of Internet Explorer vulnerability

Dec 21, 2018 - Microsoft has released a security update for Internet Explorer after receiving a report from Google about a new vulnerability that is being used in targeted attacks. Security vulnerabilities in applications can be used to execute malicious code on your systems, and using the latest version of applications is one way that you can better protect yourself, as we explain in the Essential Eight.

ACSC advice for MSPs

Dec 21, 2018 - The Australian Cyber Security Centre (ACSC) is providing assistance to ICT managed service providers (MSPs) in the wake of the global cyber security compromise confirmed by the Australian Government. Alastair MacGibbon, Head of the ACSC and National Cyber Security Adviser, says the incident has affected ICT providers and their customers across the globe, and it demonstrates there is no room for complacency in boardrooms around Australia when it comes to ensuring organisations have better cyber security protections in place.

Facebook warns 6.8 million users about photo bug

Dec 14, 2018 - Up to 6.8 million people who uploaded their photos to Facebook may have shared more than they intended to because of an application program interface (API) bug. 'Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,' Facebook said in a statement. Facebook said the bug gave third-party app developers too much access to people's uploaded photos between 13-25 September 2018.

Bomb threat email scam targeting Australians

Dec 14, 2018 - The Australian Cyber Security Centre (ACSC) is aware of bomb threat emails being received by Australians. The emails claim an explosive device has been hidden in the recipient’s premises, and will be detonated unless a ransom is paid in bitcoin. If you receive this email:

ACSC adds Google Cloud Platform to CCSL

Dec 13, 2018 - The Australian Cyber Security Centre (ACSC) has added Google Cloud Platform to the Certified Cloud Services List (CCSL) for unclassified workloads, increasing the options available to Australian Government agencies. Google Cloud Platform joins 12 existing providers in the CCSL that meet stringent Australian Government security requirements for managing information storage at the minimum Australian Government security standard, known as ‘Unclassified’.

Cyber Incident Management Arrangements for Australian Governments

Dec 12, 2018 - Australia’s Cyber Incident Management Arrangements (CIMA) outlines the inter-jurisdictional coordination arrangements and principles for Australian governments’ cooperation in response to national cyber incidents. The CIMA bridges the current gap between a localised cyber security incident handled by an individual state, and Australia’s national crisis management arrangements. If a national cyber incident reaches a crisis level, the CIMA will operate in support of jurisdictions’ respective crisis management arrangements.
Flash player logo

Adobe urges users to patch Flash Player

Dec 6, 2018 - Adobe has released security updates for its widely used Flash Player app to help users defend themselves against the latest malware. Users who fail to update their Flash Player app could be vulnerable to cyber criminals, who could use it as an opportunity to access data, programs, individual computers or networks.

New approach to support cyber security

Dec 4, 2018 - The updated Australian Government Information Security Manual (ISM) has been released by the Australian Cyber Security Centre (ACSC). The 2018 release supports a move towards a risk-based approach that gives organisations greater flexibility to manage their cyber security based on their own unique circumstances, enabling greater innovation within Government.

Inspiring a new generation

Dec 4, 2018 - Australia's best young cyber stars have been recognised in the Cyber Security Challenge Australia (CySCA), the nation's flagship hacking competition for tertiary students. The Australian Signals Directorate (ASD) and industry partners run the challenge to address the critical cyber security skills shortage by encouraging young Australians to pursue a career in the field. The latest research reveals the domestic cyber security industry must employ over 45,000 additional workers over the next decade to build a cyber security sector that advances Australia’s cyber resilience.

Marriott, Starwood hit by security incident

Dec 1, 2018 - The Marriott Group have released a statement regarding a significant data security incident involving their Starwood Guest Reservation database. An investigation undertaken by Marriott in September 2018 determined that there had been unauthorised access to the database, which contained guest information relating to reservations at Starwood properties since 2014.

Medicare & Aus Post SMS scam

Nov 29, 2018 - You may have seen news reports yesterday of an active phishing campaign via SMS, pretending to be from either Medicare or Australia Post. The messages claim that you have a rebate owed or a competition opportunity and asks you to click through to a website and provide your personal details.

Adelaide JCSC officially opens

Nov 23, 2018 - Today the Minister for Defence, the Hon Christopher Pyne, officially opened the Adelaide Joint Cyber Security Centre (JCSC), as part of the Government’s $47 million commitment to collaborative cyber security solutions under the 2016 Cyber Security Strategy. The Adelaide Centre builds on the success of the JCSCs in Brisbane, Melbourne, Sydney and Perth by bringing together business and academia along with state, territory and Commonwealth agencies in an engaging and cooperative environment.
Feature - APRA

We all have a stake in cyber security

Nov 12, 2018 - Australia’s banks, insurers and superannuation funds are an attractive target for cyber criminals, so all financial institutions must be able to handle cyber risks and regularly test their own defences. To help businesses and organisations better protect themselves, and respond quickly and effectively if a cyber attack occurs, a new standard for information security management has been released by the Australian Prudential Regulation Authority (APRA). The new Prudential Standard CPS 234 Information Security is intended to shore up APRA-regulated entities’ resilience against…

The ACSC is updating partner contact information

Nov 6, 2018 - The Australian Cyber Security Centre (ACSC) is currently in the process of updating its contact list for our partners. Our cyber community is experiencing rapid change and people are often on the move, falling outside of the information loop. We want to ensure that, in times of crisis, we are able to quickly inform the cyber community. As an ACSC partner you will receive a message from ASD.Assist@defence.gov.au asking you to update your contact details.

Austal cyber security incident

Nov 1, 2018 - JOINT STATEMENT Department of Defence Department of Home Affairs Australian Cyber Security Centre The Australian Government is aware of the cyber security incident affecting Austal. This matter has been referred to the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) for investigation.
Feature - Women in Cyber

Women in security, "You can't be what you can't see"

Nov 1, 2018 - 'A masterclass in national security' is how many participants have described the Women in National Security Conference hosted by the Australian National University's (ANU) National Security College (NSC) in Canberra last week. Secretary of the Department of Foreign Affairs and Trade, Frances Adamson, said the work of women is essential for successful outcomes in a broad range of fields -- crisis management, international legal practice, intelligence analysis, peacekeeping and diplomacy.

Australia maintains a key role in international cyber security community

Oct 30, 2018 - Australia will continue its leading role in the region’s largest cyber security community with the Australian Cyber Security Centre re-elected as Chair of the Asia-Pacific Computer Emergency Response Team (APCERT) Steering Committee in Shanghai on 23 October 2018. The ACSC maintains its role working alongside regional partners on cyber capability and protections in its capacity leading Australia’s computer emergency response capability.

Beware of phishing after Cathay Pacific data theft

Oct 30, 2018 - Scammers often take advantage of incidents to trick people into sharing personal or financial information. Cathay Pacific Airways Limited announced last week that there had been 'unauthorised access' to passenger data of approximately 9.4 million people, who were travellers with the company and its wholly owned subsidiary, Hong Kong Dragon Airlines Limited. Although Cathay Pacific said it had no evidence that any personal information was misused, the airline is concerned about the subsequent phishing campaign for passenger information, which people may be tricked into…

What's up with WhatsApp?

Oct 24, 2018 - Popular messaging app WhatsApp has more than a billion users, including 6 million Australians, which makes it a popular hunting ground for cyber criminals and misinformation merchants alike. As a result, the company, which is owned by social media platform Facebook, is testing new limits on the number of people to whom private WhatsApp messages can be forwarded in Brazil, after recent political controversy there about misinformation, and to maintain what the organisation describes as a 'feeling of intimacy' for its users. WhatsApp is primarily an end-to-end encrypted…

UK NCSC releases second Annual Review

Oct 15, 2018 - On its second anniversary, the United Kingdom's National Cyber Security Centre (NCSC), has published its second Annual Review, highlighting the sustained threat to the UK from hostile state actors and cyber criminals. The report, released on Tuesday 16 October 2018, revealed the NCSC had defended the UK from an average of more than 10 attacks per week.

Investigations continue into Facebook security issue

Oct 15, 2018 - We recently reported a security issue affecting an estimated 50M Facebook user accounts, between July 2017 and September 2018. Over the weekend, Facebook issued an update reporting that fewer people were impacted by the theft of access tokens than originally thought. 'Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen' Facebook reported.

Report reveals common categories of hacking tools

Oct 12, 2018 - A report by international cyber security authorities highlights the use of five publicly available hacking tools and techniques, observed in recent cyber incidents around the world. The report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the UK and USA.

Business email compromise, a fast growing scam

Oct 12, 2018 - The Melbourne Joint Cyber Security Centre (JCSC) hosted a two-hour seminar yesterday on Business Email Compromises (BECs), which many cyber security experts consider to be the major current cybercrime threat to business. The seminar provided information to small and medium business representatives, as these sectors are particularly targeted by cybercriminals who are perpetrating BECs. The JCSC worked with Small Business Victoria, the Victorian Small Business Commissioner and the ACCC's Consumer and Small Business Strategies Branch, to invite key Victorian business…

A curious mind - CYSCA 2018

Oct 11, 2018 - Australia's flagship national cyber security challenge wrapped up in Melbourne yesterday after a record number of Australian tertiary students battled to reverse real-world cyber threats around Australia. Defending champion the University of New South Wales was victorious again, taking first and second place, with Monash University coming third. For the first time ever, eight teams competed live in Melbourne including two women's teams from RMIT and the Box Hill Institute.

Record number of competitors team up to reverse the threat

Oct 9, 2018 - Australia’s flagship national cyber security challenge, CySCA (Cyber Security Challenge Australia) is on again around Australia on 9-10 October 2018, bringing together a record number of Australian tertiary students to battle real-world cyber attacks on a purpose-built Telstra network. For the 427 students taking part, it’s a foot in the door of Australia’s cyber workforce, which like elsewhere in the world, is suffering a shortage of skilled workers at a time when cybercrime is growing.
Stay Smart Online Week 2018 in Melbourne

Reversing the threat of cyber crime together

Oct 9, 2018 - In a show of strength to reverse the threat of cybercrime for all Australians, members of the business, government and cyber security community gathered for national Stay Smart Online Week 2018 in Melbourne today to share information about the latest challenges in cyber security in Australia and confirm their commitment to supporting a cyber-aware community. Hosted by ANZ the Stay Smart Online Week Industry Breakfast included a message from Alastair MacGibbon, Head of the Australian Cyber Security Centre (ACSC), who said raising awareness of the importance of cyber security to…

Stay Smart Online. Reverse the Threat

Oct 8, 2018 - Each year the number of Australians impacted by cybercriminals continues to rise. In 2017, over 6 million adult Australians were impacted by cybercrime - that's one in every four Australians. This is a statistic that needs to be reversed. At a time when the majority of us are online to conduct our day-to-day activities, cybercriminals are looking for gaps in our online accounts, in an attempt to exploit our busy lives and steal our money or personal information. 

One in four Australians hit by cybercrime - reversing the threat

Oct 7, 2018 - Cybercrime and cyber-enabled crime is harming more and more Australians every day, and it’s time to reverse the threat. ‘One in four Australians were hit by cybercrime last year – that’s over 6 million Australians. If we’re going to fight back, we need to work together,’ Alastair MacGibbon, Head of the Australian Cyber Security Centre (ACSC), said on the eve of Stay Smart Online Week 2018. This year, Stay Smart Online is launching ‘Reverse the Threat’ to encourage all Australians and businesses to take simple actions to defend against cybercrime.

Attribution of a pattern of malicious cyber activity to Russia

Oct 4, 2018 - The Australian Government has joined international partners to condemn a pattern of malicious cyber activity by Russia targeting political, business, media and sporting institutions worldwide. The Prime Minister, the Hon Scott Morrison MP and the Foreign Affairs Minister, Senator the Hon Marise Payne have made a joint statement condemning these actions.
Canadian Centre for Cyber Security

Canadian Centre for Cyber Security launches

Oct 3, 2018 - This week the Canadian Centre for Cyber Security (CCCS) officially began operations. The new Centre will support a unified approach to cyber security and build community awareness and education. It will provide expert advice, guidance, services and support on cyber security for Canadian businesses, industry, governments, citizens, and international partners. The Centre is made up of elements of existing government agencies including Public Safety Canada, Shared Services Canada and the Communications Security Establishment.

Correcting the record - Certified Cloud Services List

Sep 29, 2018 - Recent media reports suggest third-party solutions built on ACSC Certified Cloud Services automatically inherit ACSC certification. This is not accurate. Any solution or service built on a certified cloud service does not automatically inherit the awarded certification of the supporting infrastructure and is not certified by the ACSC, unless it is also listed on the CCSL.

Facebook security issue affects 50M user accounts

Sep 29, 2018 - The ACSC is aware of a security issue affecting 50 million Facebook user accounts. A flaw in the "View As" feature allowed attackers to steal Facebook access tokens, which could be used to take over user's accounts. Access tokens are the equivalent of digital keys that allow users to remain logged into Facebook. 'This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted the "View As" feature', Facebook stated on their website.

Thirteen High Impact IOS vulnerabilities outlined by Cisco

Sep 28, 2018 - This week Cisco Systems released its semi-annual Software Security Advisory Report detailing a number of vulnerabilities in its IOS and IOS XE switch and router operating software. Cisco, a manufacturer of networking hardware and telecommunications equipment, listed a total of 13 vulnerabilities which, if left unpatched, could enable an attacker to gain system privileges or cause a denial of service (DoS) on an affected device. Cisco has labelled all of the 13 vulnerabilities a Security Impact Rating (SIR) of High.
Feature - Senior Australians

Working to protect senior Australians

Sep 21, 2018 - Supporting and protecting senior members of our community from online threats is an important focus for the Australian Government, according to the Minister for Home Affairs, Peter Dutton. ‘We want to say to all Australians, particularly older Australians – as they use internet banking, as they converse online, as they use social media, as they answer their emails – we want people to think twice before they provide any details online,’ Minister Dutton told the House of Representatives this week.

Team cyber expands as Aus Digital Council begins

Sep 19, 2018 - Cyber security is everyone’s responsibility as we work together to share and use the information that builds communities and strengthens our families, businesses and governments. To improve the use of public sector data and develop better digital services for people and businesses, the Australian Digital Council recently held its first Ministerial Council where governments shared their ideas about smarter services and opportunities for working together.
Netflix logo

Netflix warns users about malicious emails

Sep 17, 2018 - Always question unexpected requests for your personal or financial information, and keep your passwords safe. Netflix warned subscribers at the weekend about a malicious email campaign that entices users to follow a 'link' to update bank details, but which instead gives cyber criminals access to your bank account. If you suspect you have received a fraudulent email or text message that appears to be from the company, Netflix advises that you follow these tips to keep your information safe and secure:

US urges cyber vigilance after Hurricane Florence

Sep 17, 2018 - Fraudsters often try to exploit our willingness to help those in need, as Australians have experienced in the aftermath of devastating cyclones. The National Cybersecurity and Communications Integration Centre (NCCIC) in the United States has warned users and administrators to be vigilant for malicious cyber activity in the aftermath of Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites.
Pacific Cyber Security Operational Network

Strengthening cyber security across the Pacific

Sep 13, 2018 - As the digital economy expands across the Pacific, cyber criminals are extending their reach into the lives of our neighbours. Amid this more complex cyber ecosystem, a broader concept of security that includes cyber security has been affirmed by the Forty-Ninth Pacific Islands Forum in Nauru. "Tackling cybercrime needs the close involvement of governments and businesses, and we're working hard to strengthen cyber security together" said Alastair MacGibbon, Head of the Australian Cyber Security Centre (ACSC). "It's important that there aren’t any safe havens"
British Airways

BA warns of secondary fraud after data theft

Sep 12, 2018 - British Airways is continuing to investigate the theft of customer data and warns that fraudsters pretending to be from the airline may try to gather more personal information. ‘We are investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21 2018 until 21:45 BST September 5 2018 from our website, ba.com, and our mobile app,’ British Airways said. ‘Our website is now working normally.’

Don't abandon your domain to cyber criminals

Sep 11, 2018 - Losing control of your email service is devastating, even if your company has merged or shut down. A domain name is a core foundation of every business and email is an essential service. Allowing corporate domain names to expire puts businesses at risk, potentially exposing clients’ personal and confidential information, client-legal privileged information and financial details.

A wave of fake social media accounts

Sep 7, 2018 - We use social media daily as an active communication tool, connecting us with millions of users around the globe. Social media has become increasingly popular and accessible which has created a new domain for businesses, government agencies and industry bodies to actively engage with their customer-base.

Scammers claiming to be from government

Sep 3, 2018 - The Australian Cyber Security Centre (ACSC) is aware of a phone scam in which scammers are posing as employees from Australian Government Agencies. Scammers are attempting to convince you that your computer has been compromised, and to assist in their investigation, they're asking for remote access via a legitimate screen sharing program such as TeamViewer. The scammer then attempts to persuade you to take actions, such as enter a URL into your browser and access your online banking service which then compromises your computer to reveal banking information, enabling them…

Five Eyes on the cyber beat

Aug 31, 2018 - Australia, Canada, New Zealand, the United Kingdom and the United States have reaffirmed a collective resolve to protect us from cyber criminals. Home Affairs, Homeland Security, Public Safety and Immigration Ministers from the Five Eyes countries met on the Gold Coast this week to discuss how to better collaborate to meet common security challenges.