Contact us
Portal login
1300 CYBER1 (1300 292 371)
You can view all our alerts from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
04 Aug 2022
Multiple vulnerabilities present in VMware products
The ACSC is aware of multiple vulnerabilities in VMware products. Affected Australian organisations should take appropriate action.
06 Jul 2022
Post-Quantum Cryptography
A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography (PKC) insecure, thus making ubiquitous secure communications based on current PKC technology infeasible. The Australian Signals Directorate (ASD) is aware of the risks presented by the creation of a CRQC and encourages organisations to consider anticipating future requirements and dependencies of vulnerable systems during the transition to PQC standards.
05 Jun 2022
Remote code execution vulnerability present in Atlassian Confluence Server and Data Center
A critical unauthenticated remote code execution vulnerability (CVE-2022-26134) has been identified in all supported versions of Atlassian Confluence Server and Data Center. ACSC recommends organisations restrict internet access to and from affected devices.
09 May 2022
Multiple vulnerabilities present in F5 products
The ACSC is aware of a F5 Security Advisory Addressing Multiple Vulnerabilities in their BIG-IP Product Range. Affected Australian organisations should take appropriate action.
04 Apr 2022
Multiple vulnerabilities present in the Spring Framework for Java
The ACSC is aware of media reporting relating to multiple potential vulnerabilities, including the so-called SpringShell vulnerability, in the Java Spring framework and its execution environments. These vulnerabilities pose a threat to organisations running applications on the web which contain components using the Java Spring framework.
30 Mar 2022
Remote code execution vulnerability present in Sophos Firewall
A vulnerability (CVE-2022-1040) has been identified in Sophos Firewall prior to version 18.5 which could allow a malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.
28 Mar 2022
Australian organisations encouraged to urgently adopt an enhanced cyber security posture
Australian organisations are encouraged to urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.
23 Mar 2022
New domain name changes could leave your business or organisation at risk
The new domain name category, could leave your business or organisation open to fraudulent cyber activity. Register your .au domain name before it becomes available to the general public.
11 Feb 2022
Critical vulnerability present in SAP Internet Communication Manager
A vulnerability has been identified in SAP Internet Communication Manager (ICM), a component of many SAP products, which may allow full system takeover. Affected organisations should apply the available security update.
10 Feb 2022
Increased Global Ransomware Threats
In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally
04 Feb 2022
Remote code execution vulnerability present in Samba versions prior to 4.13.17
A vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Exploitation of this vulnerability could allow a malicious cyber actor to perform privileged remote code execution. Affected Australian organisations should apply the available patch, including affected software vendors.
19 Jan 2022
Remote code execution vulnerability present in SonicWall SMA 100 series appliances
A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.
10 Dec 2021
Conti ransomware incidents in Australia
Multiple Australian organisations have been impacted by Conti ransomware in November and December 2021.
08 Dec 2021
Zoho ManageEngine ServiceDesk Plus & Desktop Central remote code execution vulnerabilities
Vulnerabilities have been identified in certain versions of Zoho ManageEngine ServiceDesk Plus and Desktop Central product suites. Australian organisations using vulnerable Zoho ManageEngine products should apply the available patch.
11 Nov 2021
Remote code execution vulnerability present in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component
A vulnerability has been identified in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component. Affected Australian organisations should apply the available update as soon as possible.
05 Nov 2021
Active exploitation of vulnerable Sitecore Experience Platform content management systems
There is active exploitation of a vulnerability occurring in certain versions of Sitecore Experience Platform systems. Affected Australian organisation should apply the available security update.
08 Oct 2021
Critical vulnerability in certain versions of Apache HTTP Server
A vulnerability exists in Apache HTTP Server 2.4.49. A cyber actor could exploit this vulnerability to execute arbitrary code. Initial information also indicates that the vulnerability could also be used perform remote code execution under certain configurations. Affected Australian organisations should apply the available patch.
24 Sep 2021
Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors
A vulnerability exists in certain versions of ManageEngine ADSelfService Plus. A cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian organisations should apply the available security update.
16 Sep 2021
Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services
A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.
10 Sep 2021
Suspected user credentials stolen from FortiNet devices leaked online
A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.
01 Sep 2021
Remote code execution vulnerability present in certain versions of Atlassian Confluence
A vulnerability exists in certain self-hosted versions of Atlassian Confluence which could allow a malicious cyber actor to execute arbitrary code. Affected organisations should apply the available patch to mitigate this vulnerability.
27 Aug 2021
Malicious actors deploying Gootkit Loader on Australian Networks
ACSC has observed an increase of Gootkit JavaScript (JS) Loaders on Australian networks.
19 Aug 2021
Microsoft Exchange ProxyShell Targeting in Australia
The ACSC has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.
18 Aug 2021
Vulnerability Affecting BlackBerry QNX RTOS
BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.
05 Aug 2021
LockBit 2.0 ransomware incidents in Australia
ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia.
03 Aug 2021
SonicWall devices targeted with ransomware utilising stolen credentials
SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The ACSC is aware of likely related activity targeting Australian organisations.
12 Jul 2021
Kaseya VSA Supply-Chain Ransomware Attack
Patch now available for Kaseya VSA platform.
07 Jul 2021
ForgeRock Open AM critical vulnerability
The ACSC has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.
13 May 2021
Critical vulnerability discovered in HTTP.SYS in Microsoft Windows
A remote code execution vulnerability could enable a malicious cyber actor to compromise vulnerable Microsoft Windows hosts. The ACSC strongly recommends applying available patches.
10 May 2021
Multiple high severity vulnerabilities discovered in the Exim mail server
Exim vulnerabilities could enable a malicious cyber actor to compromise vulnerable Exim servers. The ACSC strongly recommends applying available patches.
08 May 2021
Avaddon Ransomware
Increase in Avaddon ransomware attacks in Australia.
27 Apr 2021
Potential exploitation of Click Studio’s PasswordState software
On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.
21 Apr 2021
Exploitation of Pulse Connect Secure Vulnerabilities
New advice for mitigating Pulse Connect Secure Virtual Private Network (VPN) vulnerabilities
03 Apr 2021
APT exploitation of Fortinet Vulnerabilities
Advanced Persistent Threat actors targeting historic Fortinet vulnerabilities
25 Feb 2021
VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.
Potential Accellion File Transfer Appliance compromise
ACSC identified Australian organisations may have been impacted the Accellion File Transfer Appliance vulnerability and has provided mitigation recommendations.
16 Feb 2021
Malware targeting Centreon software
ANSSI identifies campaign targeting Centreon system monitoring software
04 Feb 2021
SonicWall Breach
SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.
25 Jan 2021
Potential SolarWinds Orion compromise
FireEye identifies global campaign leveraging malicious updates to SolarWinds software.
12 Nov 2020
SDBBot targeting health sector
The ACSC has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).
30 Oct 2020
Sustained targeting of the health sector
The Australian Signals Directorate’s Australian Cyber Security Centre has identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector.
22 Sep 2020
Netlogon elevation of privilege vulnerability (CVE-2020-1472)
The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.
18 Sep 2020
Active exploitation of vulnerable MobileIron products
The ACSC is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.
16 Sep 2020
Copy-paste compromises
The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source.
15 Jul 2020
Remote code execution vulnerability in Windows DNS (CVE-2020-1350)
On 14 July 2020, Microsoft acknowledged a critical remote code execution vulnerability in Windows Domain Name System (DNS), which could allow an adversary to run arbitrary code.
06 Jul 2020
TMUI remote code execution vulnerability - CVE-2020-5902
The ACSC advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.
25 May 2020
DDoS threats being made against Australian organisations
The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.
22 May 2020
Active exploitation of vulnerability in Microsoft Internet Information Services
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware that sophisticated actors are actively exploiting a deserialisation vulnerability existing in all versions of Microsoft’s Internet Information Services (IIS) using the .NET framework (.NET). The vulnerability exploits the service’s VIEWSTATE parameter to allow for remote code execution by unauthorised users.
2019-126: Vulnerable version of Telerik UI being actively exploited by APT actor
The Australian Cyber Security Centre (ACSC) has become aware that Advanced Persistent Threat (APT) actors have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publicly available exploits. Successful exploitation could allow an attacker to upload files to the vulnerable server to facilitate further compromise.
20 May 2020
Summary of Tradecraft Trends for 2019-20
The Australian Cyber Security Centre (ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far.
