Sorry, you need to enable JavaScript to visit this website.
Skip to main content

News

Data protection

PageUp data incident

Jun 18, 2018 - On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems proactively informing of a possible breach. PageUp self-identified suspicious activity on its network and undertook immediate actions to investigate and contain the incident. PageUp notified their corporate customers and the Australian Cyber…
Browsealoud

ACSC statement on cryptocurrency miner inserted into BrowseAloud

Feb 12, 2018 - Main points The ACSC has become aware of an unauthorised cryptocurrency miner inserted in the BrowseAloud website plugin made by Texthelp. If organisations are using this plugin the ACSC advises your internal networks and websites are not at risk of compromise. Texthelp has released a statement advising that personal and customer data has not been accessed or lost. The security issue has been addressed by Texthelp and…
MSP Partner Program

MSP Global Hack

Feb 11, 2018 - Global hack of MSPs affects Australian organisations Cyber security compromises of managed service providers (MSPs) globally, including Australia, have been exposed. These compromises were a concerted campaign to steal commercial secrets from the customers of MSPs for commercial advantage. . What happened? MSPs are engaged by organisations to manage their IT services and infrastructure. MSPs…

ACSC and AISA seal partnership deal for a secure cyber future

Jan 29, 2018 - The Australian Cyber Security Centre (ACSC) and the Australian Information Security Association (AISA), Australia’s peak body for information security professionals, have joined forces to further strengthen Australia’s cyber security posture and achieve a cyber secure nation. Together the organisations will deliver a high impact program of events in 2019, including a bigger and better Australian Cyber Conference in…
Intel inside logo

ACSC statement on reports of Intel Active Management Technology (AMT) security issue

Jan 16, 2018 - The ACSC is aware of reporting that devices with Intel Active Management Technology (AMT) have an insecure default behaviour that could allow an attacker to bypass security controls on the device. AMT is a management feature of Intel products that enables administrators to remotely manage devices. The feature is found on devices such as laptops, desktops and servers. .

News ACSC Statement on Reports of Speculative Execution Flaws in Processors

Jan 4, 2018 - Main Points Security researchers have developed methods involving speculative execution to read kernel memory from user space on a variety of processors from a range of vendors produced in the last decade. At this point there is no indication that the reported flaws are being actively exploited by malicious cyber actors. The exact details of this security research have now been released by the Project Zero team at…

Wi-Fi protocol vulnerabilities

Oct 17, 2017 - Researchers have identified security vulnerabilities in the Wi-Fi WPA2 protocol which may make all Wi-Fi enabled devices, such as mobiles, computers and internet routers, vulnerable to malicious actors stealing sensitive information such as credit card numbers, passwords and emails. Malicious actors within range of an affected Wi-Fi device may be able to exploit this vulnerability. At this stage there are no reports of…
Router

Routers targeted

Aug 16, 2017 - The Australian Cyber Security Centre (ACSC) is aware that cyber adversaries are extracting configuration files from the routers and switches of a number of Australian organisations. We have no evidence at this stage to suggest that home users are directly impacted by this threat. Identifying vulnerable devices Switches with Cisco Smart Install accessible from the internet, and routers or switches with Simple Network…
Petya ransom message

Update on the initial infection vector of the Petya ransomware campaign

Jun 29, 2017 - From reports and analysis performed to date, this version of the ransomware appears to have been delivered via a malicious software update for My Electronic Document (M.E.Doc), which is accounting software used by Ukrainian-based companies. It appears that almost all affected organisations can be linked back to Ukraine either through direct or indirect connections. While only a relatively small number of organisations…

News Microsoft June 2017 patches for older platforms

Jun 15, 2017 - Latest Microsoft security updates address multiple critical vulnerabilities in Windows operating systems Microsoft's June 2017 security update addresses multiple critical vulnerabilities in Windows operating systems. Due to an increased threat of exploitation based on recent attacks and disclosures, Microsoft has released security updates for older platforms as well, including Windows XP. In particular, this update…