Alerts

05 Jun 2022

Remote code execution vulnerability present in Atlassian Confluence Server and Data Center

A critical unauthenticated remote code execution vulnerability (CVE-2022-26134) has been identified in all supported versions of Atlassian Confluence Server and Data Center. ACSC recommends organisations restrict internet access to and from affected devices.

24 May 2022

Multiple vulnerabilities present in VMware products

The ACSC is aware of multiple vulnerabilities in VMware products. Affected Australian organisations should take appropriate action.

09 May 2022

Multiple vulnerabilities present in F5 products

The ACSC is aware of a F5 Security Advisory Addressing Multiple Vulnerabilities in their BIG-IP Product Range. Affected Australian organisations should take appropriate action.

04 Apr 2022

Multiple vulnerabilities present in the Spring Framework for Java

The ACSC is aware of media reporting relating to multiple potential vulnerabilities, including the so-called SpringShell vulnerability, in the Java Spring framework and its execution environments. These vulnerabilities pose a threat to organisations running applications on the web which contain components using the Java Spring framework.

30 Mar 2022

Remote code execution vulnerability present in Sophos Firewall

A vulnerability (CVE-2022-1040) has been identified in Sophos Firewall prior to version 18.5 which could allow a malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.

28 Mar 2022

Australian organisations encouraged to urgently adopt an enhanced cyber security posture

Australian organisations are encouraged to urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.

23 Mar 2022

New domain name changes could leave your business or organisation at risk

The new domain name category, could leave your business or organisation open to fraudulent cyber activity. Register your .au domain name before it becomes available to the general public.

11 Feb 2022

Critical vulnerability present in SAP Internet Communication Manager

A vulnerability has been identified in SAP Internet Communication Manager (ICM), a component of many SAP products, which may allow full system takeover. Affected organisations should apply the available security update.

10 Feb 2022

Increased Global Ransomware Threats

In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally

04 Feb 2022

Remote code execution vulnerability present in Samba versions prior to 4.13.17

A vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Exploitation of this vulnerability could allow a malicious cyber actor to perform privileged remote code execution. Affected Australian organisations should apply the available patch, including affected software vendors.

19 Jan 2022

Remote code execution vulnerability present in SonicWall SMA 100 series appliances

A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.

10 Dec 2021

Conti ransomware incidents in Australia

Multiple Australian organisations have been impacted by Conti ransomware in November and December 2021.

08 Dec 2021

Zoho ManageEngine ServiceDesk Plus & Desktop Central remote code execution vulnerabilities

Vulnerabilities have been identified in certain versions of Zoho ManageEngine ServiceDesk Plus and Desktop Central product suites. Australian organisations using vulnerable Zoho ManageEngine products should apply the available patch.

11 Nov 2021

Remote code execution vulnerability present in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component

A vulnerability has been identified in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component. Affected Australian organisations should apply the available update as soon as possible.

05 Nov 2021

Active exploitation of vulnerable Sitecore Experience Platform content management systems

There is active exploitation of a vulnerability occurring in certain versions of Sitecore Experience Platform systems. Affected Australian organisation should apply the available security update.

08 Oct 2021

Critical vulnerability in certain versions of Apache HTTP Server

A vulnerability exists in Apache HTTP Server 2.4.49. A cyber actor could exploit this vulnerability to execute arbitrary code. Initial information also indicates that the vulnerability could also be used perform remote code execution under certain configurations. Affected Australian organisations should apply the available patch.

24 Sep 2021

Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors

A vulnerability exists in certain versions of ManageEngine ADSelfService Plus. A cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian organisations should apply the available security update.

16 Sep 2021

Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services

A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.

10 Sep 2021

Suspected user credentials stolen from FortiNet devices leaked online

A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.

01 Sep 2021

Remote code execution vulnerability present in certain versions of Atlassian Confluence

A vulnerability exists in certain self-hosted versions of Atlassian Confluence which could allow a malicious cyber actor to execute arbitrary code. Affected organisations should apply the available patch to mitigate this vulnerability.

27 Aug 2021

Malicious actors deploying Gootkit Loader on Australian Networks

ACSC has observed an increase of Gootkit JavaScript (JS) Loaders on Australian networks.

19 Aug 2021

Microsoft Exchange ProxyShell Targeting in Australia

The ACSC has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.

18 Aug 2021

Vulnerability Affecting BlackBerry QNX RTOS

BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.

05 Aug 2021

LockBit 2.0 ransomware incidents in Australia

ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia.

03 Aug 2021

SonicWall devices targeted with ransomware utilising stolen credentials

SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The ACSC is aware of likely related activity targeting Australian organisations.

12 Jul 2021

Kaseya VSA Supply-Chain Ransomware Attack

Patch now available for Kaseya VSA platform.

07 Jul 2021

ForgeRock Open AM critical vulnerability

The ACSC has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.

13 May 2021

Critical vulnerability discovered in HTTP.SYS in Microsoft Windows

A remote code execution vulnerability could enable a malicious cyber actor to compromise vulnerable Microsoft Windows hosts. The ACSC strongly recommends applying available patches.

10 May 2021

Multiple high severity vulnerabilities discovered in the Exim mail server

Exim vulnerabilities could enable a malicious cyber actor to compromise vulnerable Exim servers. The ACSC strongly recommends applying available patches.

08 May 2021

Avaddon Ransomware

Increase in Avaddon ransomware attacks in Australia.

27 Apr 2021

Potential exploitation of Click Studio’s PasswordState software

On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.

21 Apr 2021

Exploitation of Pulse Connect Secure Vulnerabilities

New advice for mitigating Pulse Connect Secure Virtual Private Network (VPN) vulnerabilities

03 Apr 2021

APT exploitation of Fortinet Vulnerabilities

Advanced Persistent Threat actors targeting historic Fortinet vulnerabilities

25 Feb 2021

VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.

25 Feb 2021

Potential Accellion File Transfer Appliance compromise

ACSC identified Australian organisations may have been impacted the Accellion File Transfer Appliance vulnerability and has provided mitigation recommendations.

16 Feb 2021

Malware targeting Centreon software

ANSSI identifies campaign targeting Centreon system monitoring software

04 Feb 2021

SonicWall Breach

SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.

25 Jan 2021

Potential SolarWinds Orion compromise

FireEye identifies global campaign leveraging malicious updates to SolarWinds software.

12 Nov 2020

SDBBot targeting health sector

The ACSC has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).

30 Oct 2020

Sustained targeting of the health sector

The Australian Signals Directorate’s Australian Cyber Security Centre has identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector.

22 Sep 2020

Netlogon elevation of privilege vulnerability (CVE-2020-1472)

The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.

18 Sep 2020

Active exploitation of vulnerable MobileIron products

The ACSC is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.

16 Sep 2020

Copy-paste compromises

The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source.

15 Jul 2020

Remote code execution vulnerability in Windows DNS (CVE-2020-1350)

On 14 July 2020, Microsoft acknowledged a critical remote code execution vulnerability in Windows Domain Name System (DNS), which could allow an adversary to run arbitrary code.

06 Jul 2020

TMUI remote code execution vulnerability - CVE-2020-5902

The ACSC advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

25 May 2020

DDoS threats being made against Australian organisations

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.

22 May 2020

Active exploitation of vulnerability in Microsoft Internet Information Services

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware that sophisticated actors are actively exploiting a deserialisation vulnerability existing in all versions of Microsoft’s Internet Information Services (IIS) using the .NET framework (.NET). The vulnerability exploits the service’s VIEWSTATE parameter to allow for remote code execution by unauthorised users.

22 May 2020

2019-126: Vulnerable version of Telerik UI being actively exploited by APT actor

The Australian Cyber Security Centre (ACSC) has become aware that Advanced Persistent Threat (APT) actors have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publicly available exploits. Successful exploitation could allow an attacker to upload files to the vulnerable server to facilitate further compromise.

20 May 2020

Summary of Tradecraft Trends for 2019-20

The Australian Cyber Security Centre (ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far.

08 May 2020

Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services

The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware that Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities.