Fed up with Phishing?
Jul 1, 2018 - Would you 'click here' and enter your bank account or credit card numbers, passwords or birthdate because you received an email or text that looks like it's from a bank or government department? If you answered 'yes', there's no need to feel ashamed. Cyber criminals are tricking more and more of us into sharing our most sensitive information. It's the most common type of scam reported in Australia, according to the latest data.Combat DNS infrastructure hijacking
Jul 1, 2018 - The Australian Cyber Security Centre (ACSC) is aware of a global Domain Name System (DNS) infrastructure hijacking campaign and urges organisations to protect their systems. 'We encourage administrators to follow best practices, including our Essential Eight mitigation strategies, to better safeguard their systems,' said Alastair MacGibbon, Head of the ACSC.Expanded agreement on incident management arrangements
Jul 1, 2018 - The Council of Australian Governments has today agreed to expanded Cyber Incident Management Arrangements (CIMA), increasing national cyber defences through improved cooperation across jurisdictions. The CIMA outlines the inter-jurisdictional coordination arrangements and principles for Australian Governments’ cooperation in response to national cyber incidents.2018 - Launching into action
Jul 1, 2018 - Working from new purpose-built headquarters after its official launch in August, the ACSC and its network of Joint Cyber Security Centres (JCSCs) across the country are building on decades of quiet success by Australian agencies. The ACSC, part of the Australian Signals Directorate (ASD), demonstrates the Australian Government's commitment to cyber security in a world where new threats are always emerging.
PageUp data incident
Jun 18, 2018 - On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems proactively informing of a possible breach. PageUp self-identified suspicious activity on its network and undertook immediate actions to investigate and contain the incident. PageUp notified their corporate customers and the Australian Cyber Security Centre (ACSC) of the issue, enabling the ACSC to quickly assess the incident and support PageUp in their response. In line with the new Notifiable Data…
ACSC statement on cryptocurrency miner inserted into BrowseAloud
Feb 12, 2018 - Main points The ACSC has become aware of an unauthorised cryptocurrency miner inserted in the BrowseAloud website plugin made by Texthelp. If organisations are using this plugin the ACSC advises your internal networks and websites are not at risk of compromise. Texthelp has released a statement advising that personal and customer data has not been accessed or lost. The security issue has been addressed by Texthelp and the BrowseAloud plugin has been temporarily taken offline, pending investigation. Recommendations
MSP Global Hack
Feb 11, 2018 - Global hack of MSPs affects Australian organisations Cyber security compromises of managed service providers (MSPs) globally, including Australia, have been exposed. These compromises were a concerted campaign to steal commercial secrets from the customers of MSPs for commercial advantage.
Exploitation of Critical Cisco ASA Vulnerability
Feb 10, 2018 - The ACSC has become aware of a change in the threat situation surrounding the recently announced Cisco ASA critical remote code execution vulnerability. Proof of concept code is now available which results in a denial of service condition on targeted vulnerable devices. Cisco first released a security advisory on 29 January detailing the vulnerability and affected devices but has since identified additional attack vectors and released additional, more comprehensive patches.