Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Patching strategies

Pulse Secure Logo

Vulnerability in Pulse Connect Secure VPN Software

Oct 1, 2019 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of a working exploit for a vulnerability that exists in the Pulse Connect Secure Virtual Private Network (VPN) solution software The vulnerability, known as CVE-2019-11510, was initially disclosed in April 2019 and has resurfaced after the ACSC has received multiple reports of this publicly available exploit available for use on Pastebin and GitHub.
Pulse Secure Logo

Advisory – 2019-129: File Disclosure Vulnerability in Pulse Connect Secure VPN Software

Oct 1, 2019 - Overview The Australian Signals Directorate’s Australian Cyber Security Centre is aware of a vulnerability that exists in the Pulse Connect Secure Virtual Private Network (VPN) solution. We advise users to ensure their systems are patched and up to date. The Pulse VPN Vulnerability, also known as CVE-2019-11510, was initially disclosed in April 2019 but has resurfaced after multiple reports of exploitation and the disclosure of working exploits available for use on Pastebin and GitHub.
Software update

You need to patch to protect your business online

May 17, 2019 - Malicious actors are compromising Australian business Remote Desktop Protocol (RDP) services, also known as Windows Terminal Services or Windows Remote Desktop. In 2018 and 2019, the ACSC knows of more than 48,000 Australian RDP services that were accessible on the Internet, exposing more than 2,000 Australian businesses.
WhatsApp logo

Users advised to update WhatsApp

May 15, 2019 - The Australian Cyber Security Centre (ACSC) advises users of WhatsApp to implement the latest fix for a reported vulnerability. Cyber criminals can use any weakness in apps to access your phone or device. To stay one step ahead of remote attackers, we recommend that you set your phone and device/s to auto update your apps.
Wordpress logo

WordPress 5.1.1 security update

Mar 21, 2019 - The Australian Cyber Security Centre (ACSC) advises users and administrators of WordPress version 5.1 to update their applications to WordPress 5.1.1. The update addresses a vulnerability that could allow an attacker to take control of an affected website. WordPress 5.1 and prior versions are affected. More information about the update can be found here
Map with GPS markers

GPS week roll over April 6th

Feb 20, 2019 - On April 6th, the GPS week counter rolls over and resets to zero. This change may affect Industrial Control Systems (ICSs) and Critical Infrastructure (CI) owners and operators. This rollover may affect log time stamp information, loss of communication between devices, inability to authenticate multi-factor authentication, or the ability to log in to computers.
SOC

Implementing the Essential Eight for MSPs

Jan 11, 2019 - Following the global compromise of managed service providers or MSPs, the Australian Cyber Security Centre (ACSC) is calling on Australian businesses and individuals to be proactive in implementing better cyber security practices. While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

Microsoft warns of Internet Explorer vulnerability

Dec 21, 2018 - Microsoft has released a security update for Internet Explorer after receiving a report from Google about a new vulnerability that is being used in targeted attacks. Security vulnerabilities in applications can be used to execute malicious code on your systems, and using the latest version of applications is one way that you can better protect yourself, as we explain in the Essential Eight.
Flash player logo

Adobe urges users to patch Flash Player

Dec 6, 2018 - Adobe has released security updates for its widely used Flash Player app to help users defend themselves against the latest malware. Users who fail to update their Flash Player app could be vulnerable to cyber criminals, who could use it as an opportunity to access data, programs, individual computers or networks.
Feature - Password security

New Google Chrome update to highlight website security

Jul 26, 2018 - A new version of Google Chrome is now available that marks websites that don’t use HTTPS encryption as ‘not secure’. The ACSC advises all website owners to configure their website to serve web content only via the encrypted HTTPS protocol, and not via the unencrypted HTTP protocol.