Alerts

24 Sep 2021

Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors

A vulnerability exists in certain versions of ManageEngine ADSelfService Plus. A cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian organisations should apply the available security update.

16 Sep 2021

Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services

A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.

10 Sep 2021

Suspected user credentials stolen from FortiNet devices leaked online

A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.

01 Sep 2021

Remote code execution vulnerability present in certain versions of Atlassian Confluence

A vulnerability exists in certain self-hosted versions of Atlassian Confluence which could allow a malicious cyber actor to execute arbitrary code. Affected organisations should apply the available patch to mitigate this vulnerability.

27 Aug 2021

Malicious actors deploying Gootkit Loader on Australian Networks

ACSC has observed an increase of Gootkit JavaScript (JS) Loaders on Australian networks.

19 Aug 2021

Microsoft Exchange ProxyShell Targeting in Australia

The ACSC has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.

18 Aug 2021

Vulnerability Affecting BlackBerry QNX RTOS

BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.

05 Aug 2021

LockBit 2.0 ransomware incidents in Australia

ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia.

03 Aug 2021

SonicWall devices targeted with ransomware utilising stolen credentials

SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The ACSC is aware of likely related activity targeting Australian organisations.

12 Jul 2021

Kaseya VSA Supply-Chain Ransomware Attack

Patch now available for Kaseya VSA platform.

07 Jul 2021

ForgeRock Open AM critical vulnerability

The ACSC has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.

13 May 2021

Critical vulnerability discovered in HTTP.SYS in Microsoft Windows

A remote code execution vulnerability could enable a malicious cyber actor to compromise vulnerable Microsoft Windows hosts. The ACSC strongly recommends applying available patches.

10 May 2021

Multiple high severity vulnerabilities discovered in the Exim mail server

Exim vulnerabilities could enable a malicious cyber actor to compromise vulnerable Exim servers. The ACSC strongly recommends applying available patches.

08 May 2021

Avaddon Ransomware

Increase in Avaddon ransomware attacks in Australia.

27 Apr 2021

Potential exploitation of Click Studio’s PasswordState software

On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.

21 Apr 2021

Exploitation of Pulse Connect Secure Vulnerabilities

New advice for mitigating Pulse Connect Secure Virtual Private Network (VPN) vulnerabilities

03 Apr 2021

APT exploitation of Fortinet Vulnerabilities

Advanced Persistent Threat actors targeting historic Fortinet vulnerabilities

25 Feb 2021

VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.

25 Feb 2021

Potential Accellion File Transfer Appliance compromise

ACSC identified Australian organisations may have been impacted the Accellion File Transfer Appliance vulnerability and has provided mitigation recommendations.

16 Feb 2021

Malware targeting Centreon software

ANSSI identifies campaign targeting Centreon system monitoring software

04 Feb 2021

SonicWall Breach

SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.

25 Jan 2021

Potential SolarWinds Orion compromise

FireEye identifies global campaign leveraging malicious updates to SolarWinds software.

12 Nov 2020

SDBBot targeting health sector

The ACSC has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).

30 Oct 2020

Sustained targeting of the health sector

The Australian Signals Directorate’s Australian Cyber Security Centre has identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector.

22 Sep 2020

Netlogon elevation of privilege vulnerability (CVE-2020-1472)

The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.

18 Sep 2020

Active exploitation of vulnerable MobileIron products

The ACSC is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.

16 Sep 2020

Copy-paste compromises

The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source.

15 Jul 2020

Remote code execution vulnerability in Windows DNS (CVE-2020-1350)

On 14 July 2020, Microsoft acknowledged a critical remote code execution vulnerability in Windows Domain Name System (DNS), which could allow an adversary to run arbitrary code.

06 Jul 2020

TMUI remote code execution vulnerability - CVE-2020-5902

The ACSC advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

25 May 2020

DDoS threats being made against Australian organisations

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.

22 May 2020

2019-126: Vulnerable version of Telerik UI being actively exploited by APT actor

The Australian Cyber Security Centre (ACSC) has become aware that Advanced Persistent Threat (APT) actors have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publicly available exploits. Successful exploitation could allow an attacker to upload files to the vulnerable server to facilitate further compromise.

22 May 2020

Active exploitation of vulnerability in Microsoft Internet Information Services

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware that sophisticated actors are actively exploiting a deserialisation vulnerability existing in all versions of Microsoft’s Internet Information Services (IIS) using the .NET framework (.NET). The vulnerability exploits the service’s VIEWSTATE parameter to allow for remote code execution by unauthorised users.

20 May 2020

Summary of Tradecraft Trends for 2019-20

The Australian Cyber Security Centre (ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far.

08 May 2020

Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services

The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware that Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities.

29 Jan 2020

Processors can be exploited by Meltdown and Spectre vulnerabilities

Security researchers have developed methods involving speculative execution to read kernel memory from user space on a variety of processors from a range of vendors produced in the last decade. These methods have been referred to as Meltdown and Spectre.

13 Jan 2020

Active exploitation of critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of ongoing attempts to exploit a critical vulnerability in Citrix Application Delivery Controller (ADC) (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP.

05 Aug 2019

2019-130: Password spray attacks

The Australian Cyber Security Centre (ACSC) is aware of a high volume of ongoing password spray attacks targeting Australian organisations.

30 Jul 2019

ICS-CERT Alerts

Link to ICS-CERT alerts from the US Department of Homeland Security

03 Jul 2019

2019-009: Securing unprotected network and data services

The Australian Cyber Security Centre (ACSC), the cyber defensive component of the Australian Signals Directorate (ASD), has observed a large number of unprotected network and database/storage services hosted on Australian Internet Protocol (IP) address ranges.

06 May 2019

Microsoft SharePoint CVE-2019-0604

The ACSC is aware of malicious cyber actors successfully exploiting a Microsoft SharePoint vulnerability in order to implant web shells on compromised hosts.

01 Jul 2018

Vulnerability in the Drupal content management system

The ACSC has become aware of a critical vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

25 May 2018

VPNFilter malware

Australian users need to be aware of VPNFilter malware.

17 Apr 2018

Routers targeted: Cisco Smart Install feature continues to be targeted by Russian state-sponsored actors

Russian state-sponsored actors are responsible for activity targeting Cisco devices using the Smart Install feature worldwide, including Australia.

15 Nov 2015

Web shells being used as attack vectors on networks

This alert highlights the frequent use of web shells as an exploitation vector. Web shells can be used to leverage unauthorised access and can lead to wider network compromise.