Search

Vulnerability disclosure programs explained   Publication

Dec 12, 2024 - A vulnerability disclosure program (VDP) is a collection of processes and procedures designed to identify, verify, resolve and report on vulnerabilities disclosed by people who may be internal or external to organisations. The importance of developing, implementing and maintaining a well thought-out VDP cannot be underestimated. It is an integral part of professional organisations’ business operations.

Remote Code Execution Vulnerability In Cisco Unified Communications Products   Alert

Jan 26, 2024 - ASD’s ACSC is aware of a vulnerability in Cisco Unified Communications Products (CVE 2024-20253).

Organisations using Cisco Unified Communication products are strongly advised to follow the mitigation advice provided by Cisco if they are vulnerable.

Remote code execution vulnerability present in certain versions of Atlassian Confluence   Alert

Sep 1, 2021 - A vulnerability exists in certain self-hosted versions of Atlassian Confluence which could allow a malicious cyber actor to execute arbitrary code. Affected organisations should apply the available patch to mitigate this vulnerability.

Vulnerability Disclosure Program   News

Nov 23, 2022 - New ACSC publication released to help organisations implement a Vulnerability Disclosure Program.

Advisory 2021-004: Active exploitation of ForgeRock Access Manager / OpenAM servers   Advisory

Jul 9, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has identified targeting and compromise of Australian organisations with vulnerable internet-accessible servers running ForgeRock Access Manager (ForgeRock AM). ForgeRock AM was previously known as OpenAM. The ASD's ACSC has observed malicious actors exploiting the vulnerability in ForgeRock AM/OpenAM to gain initial access to networks in multiple organisations, and facilitate further access within these networks. On 7 July 2021 the ASD's ACSC alerted organisations that this vulnerability was being actively exploited. This ASD's ACSC advisory provides recommendations for securing ForgeRock AM against vulnerability CVE-2021-35464, and advice on identifying potential successful exploitation of this vulnerability.

Critical remote code execution vulnerability found in the Log4j library   Alert

Dec 21, 2021 - A vulnerability (CVE-2021-44228) exists in certain versions of the Log4j library. A malicious cyber actor could exploit this vulnerability to execute arbitrary code. Australian organisations should apply latest patches immediately where Log4j is known to be used.

Critical vulnerability discovered in HTTP.SYS in Microsoft Windows   Alert

May 13, 2021 - A remote code execution vulnerability could enable a malicious cyber actor to compromise vulnerable Microsoft Windows hosts. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) strongly recommends applying available patches.

Cisco IOS XE Software Web UI Zero Day Vulnerability   Alert

Oct 25, 2023 - A previously unknown vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software could allow a malicious actor to take control of vulnerable devices. All Australian organisations should follow the recommendations published by Cisco.

Critical security vulnerability affecting Apache Struts2 below 6.4.0.   Alert

Dec 13, 2024 - ASD’s ACSC is aware of a critical vulnerability impacting Apache Struts2 below 6.4.0 (CVE-2024-53677).

Remote code execution vulnerability present in SonicWall SMA 100 series appliances   Alert

Jan 19, 2022 - A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.

ASD's ACSC Advisory 2020-012: Critical remote code execution vulnerability in Windows DNS server (CVE-2020-1350)   Advisory

Jul 15, 2020 - An adversary who successfully exploits the vulnerability could run arbitrary code in the context of the Local System Account. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) strongly recommends users apply the security patch to their Windows DNS servers to prevent an adversary from exploiting this vulnerability.

2021-007: Log4j vulnerability – advice and mitigations   Advisory

Dec 29, 2021 - On 10 December 2021, ASD's ACSC released an alert relating to a serious vulnerability in versions of the Log4j Java logging library. Malicious cyber actors are using this vulnerability to target and compromise systems globally and in Australia. The ASD's ACSC is working with a significant number of victims and affected vendors across all sectors of the economy.

OS Command Injection Vulnerability in GlobalProtect Gateway   Alert

May 3, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-3400) that enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

The Case for Memory Safe Roadmaps   Publication

Dec 7, 2023 - This guidance provides manufacturers with steps to create memory safe roadmaps and implement changes to eliminate memory safety vulnerabilities from their products.

Remote code execution vulnerability present in Samba versions prior to 4.13.17   Alert

Feb 4, 2022 - A vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Exploitation of this vulnerability could allow a malicious cyber actor to perform privileged remote code execution. Affected Australian organisations should apply the available patch, including affected software vendors.

Active exploitation of vulnerability in Microsoft Internet Information Services   Alert

May 22, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware that sophisticated actors are actively exploiting a deserialisation vulnerability existing in all versions of Microsoft’s Internet Information Services (IIS) using the .NET framework (.NET). The vulnerability exploits the service’s VIEWSTATE parameter to allow for remote code execution by unauthorised users.

SonicWall Breach   Alert

Feb 4, 2021 - SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.

Microsoft Exchange ProxyShell Targeting in Australia   Alert

Aug 19, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.

Active exploitation of vulnerable Sitecore Experience Platform content management systems   Alert

Nov 5, 2021 - There is active exploitation of a vulnerability occurring in certain versions of Sitecore Experience Platform systems. Affected Australian organisation should apply the available security update.

FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability   Alert

Jan 15, 2025 - Fortinet has released information regarding an identified vulnerability in FortiOS version 7.0 and FortiProxy versions 7.0 and 7.2 instances. ASD’s ACSC recommends customers follow the advice contained in Fortinet’s notification.

Summary of Tactics, Techniques and Procedures Used to Target Australian Networks   Advisory

May 20, 2020 - This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.

Critical vulnerability present in certain versions of Microsoft Excel   Alert

Nov 11, 2021 - Microsoft has identified active exploitation of a vulnerability in Microsoft Excel. Affected Australian organisations should apply the available security update as soon as possible.

ForgeRock Open AM critical vulnerability   Alert

Jul 7, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ASD’s ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.

High Assurance Evaluation Program   Program page

Aug 18, 2022 - The Australian Signals Directorate’s High Assurance Evaluation Program involves rigorous analysis and testing to search for any security vulnerabilities in products.

Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457)   Alert

Apr 4, 2025 - Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD’s ACSC recommends customers follow the advice contained in Ivanti’s Security Advisory and assess their environments for malicious activity.

Cybercriminals scanning Australian entities for serious cyber vulnerability   News

Dec 21, 2021 - Australians must urgently patch applications and software products as malicious cyber adversaries conduct thousands of scans in search of the vulnerability related to the critical Log4j software flaw.

Potential Accellion File Transfer Appliance compromise   Alert

Feb 25, 2021 - The ACSC has identified Australian organisations that may have been impacted by the Accellion File Transfer Appliance vulnerability and have provided mitigation recommendations.

Netlogon elevation of privilege vulnerability (CVE-2020-1472)   Alert

Sep 22, 2020 - The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.

Small Business Cloud Security Guides: Technical Example - User Application Hardening   Publication

Dec 16, 2022 - User application hardening protects an organisation from a range of threats including malicious websites, advertisements running malicious scripts and exploitation of vulnerabilities in unsupported software. These attacks often take legitimate application functionality and use it for malicious purposes. User application hardening makes it harder for cybercriminals to exploit vulnerabilities or at-risk functionality in your organisation’s applications.

Remote Code Execution Vulnerability In Confluence Data Center and Confluence Server   Alert

Jan 17, 2024 - ASD’s ACSC is aware of a vulnerability in Confluence Data Center and Confluence Server (CVE-2023-22527). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.