Jul 1, 2018 - Working from new purpose-built headquarters after its official launch in August, the ACSC and its network of Joint Cyber Security Centres (JCSCs) across the country are building on decades of quiet success by Australian agencies. The ACSC, part of the Australian Signals Directorate (ASD), demonstrates the Australian Government's commitment to cyber security in a world where new threats are always emerging.
Jun 18, 2018 - On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems proactively informing of a possible breach. PageUp self-identified suspicious activity on its network and undertook immediate actions to investigate and contain the incident. PageUp notified their corporate customers and the Australian Cyber Security Centre (ACSC) of the issue, enabling the ACSC to quickly assess the incident and support PageUp in their response. In line with the new Notifiable Data…
Feb 12, 2018 - Main points The ACSC has become aware of an unauthorised cryptocurrency miner inserted in the BrowseAloud website plugin made by Texthelp. If organisations are using this plugin the ACSC advises your internal networks and websites are not at risk of compromise. Texthelp has released a statement advising that personal and customer data has not been accessed or lost. The security issue has been addressed by Texthelp and the BrowseAloud plugin has been temporarily taken offline, pending investigation. Recommendations
Feb 11, 2018 - Global hack of MSPs affects Australian organisations Cyber security compromises of managed service providers (MSPs) globally, including Australia, have been exposed. These compromises were a concerted campaign to steal commercial secrets from the customers of MSPs for commercial advantage.
Feb 10, 2018 - The ACSC has become aware of a change in the threat situation surrounding the recently announced Cisco ASA critical remote code execution vulnerability. Proof of concept code is now available which results in a denial of service condition on targeted vulnerable devices. Cisco first released a security advisory on 29 January detailing the vulnerability and affected devices but has since identified additional attack vectors and released additional, more comprehensive patches.
Jan 29, 2018 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption. Intel has released an advisory recommending that users cease deployment of the current microcode update (Root Cause of Reboot Issue Identified).
Jan 29, 2018 - The Australian Cyber Security Centre (ACSC) and the Australian Information Security Association (AISA), Australia’s peak body for information security professionals, have joined forces to further strengthen Australia’s cyber security posture and achieve a cyber secure nation. Together the organisations will deliver a high impact program of events in 2019, including a bigger and better Australian Cyber Conference in Melbourne 7-9 October, replacing the ACSC Conference.
Jan 16, 2018 - The ACSC is aware of reporting that devices with Intel Active Management Technology (AMT) have an insecure default behaviour that could allow an attacker to bypass security controls on the device. AMT is a management feature of Intel products that enables administrators to remotely manage devices. The feature is found on devices such as laptops, desktops and servers.
Jan 4, 2018 - Main Points Security researchers have developed methods involving speculative execution to read kernel memory from user space on a variety of processors from a range of vendors produced in the last decade. At this point there is no indication that the reported flaws are being actively exploited by malicious cyber actors.
Oct 17, 2017 - Researchers have identified security vulnerabilities in the Wi-Fi WPA2 protocol which may make all Wi-Fi enabled devices, such as mobiles, computers and internet routers, vulnerable to malicious actors stealing sensitive information such as credit card numbers, passwords and emails. Malicious actors within range of an affected Wi-Fi device may be able to exploit this vulnerability. At this stage there are no reports of this vulnerability being exploited in Australia.