FBI issues advisory over Play ransomware

The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Australian Signals Directorate’s Australian Cyber Security Centre ACSC have released a joint Cybersecurity Advisory CSA about Play ransomware. According to the FBI, Play made around 300 victims...

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control ADC and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S...

#StopRansomware: BianLian Ransomware Group

Actions to take today to mitigate cyber threats from BianLian ransomware and data extortion: 1. Strictly limit the use of RDP and other remote desktop services. 2. Disable command-line and scripting activities and permissions. 3. Restrict usage of PowerShell and update Windows PowerShell or...

2021 Top Malware Strains

Summary Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication MFA. • Secure Remote Desktop Protocol RDP and other risky services. • Make offline backups of your data. • Provi...

Protecting Against Cyber Threats to Managed Service Providers and their Customers

Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently...

Update now! F5 BIG-IP vulnerability being actively exploited

The Australian Cyber Security Centre ACSC has announced it is aware of the existence of Proof of Concept PoC code exploiting a F5 Security Advisory Addressing Multiple Vulnerabilities in its BIG-IP Product Range. The vulnerability listed as CVE-2022-1388 allows attackers to bypass authentication ...

The top 5 most routinely exploited vulnerabilities of 2021

A joint Cybersecurity Advisory, coauthored by cybersecurity authorities of the United States CISA, NSA, and FBI, Australia ACSC, Canada CCCS, New Zealand NZ NCSC, and the United Kingdom NCSC-UK has detailed the top 15 Common Vulnerabilities and Exposures CVEs routinely exploited by malicious cybe...

2021 Top Routinely Exploited Vulnerabilities

CISA, the National Security Agency NSA, the Federal Bureau of Investigation FBI, the Australian Cyber Security Centre ACSC, the Canadian Centre for Cyber Security CCCS, the New Zealand National Cyber Security Centre NZ NCSC, and the United Kingdom’s National Cyber Security Centre NCSC-UK have...

2021 Trends Show Increased Globalized Threat of Ransomware

CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Australian Cyber Security Centre ACSC, and the United Kingdom’s National Cyber Security Centre NCSC-UK have released a joint Cybersecurity Advisory CSA highlighting a global increase in sophisticated, high-impact...

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implementmulti-factor authentication. • Usestrong, unique passwords.v...

MuddyWater is taking advantage of old vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, the Australian Cyber Security Centre ACSC, and the United Kingdoms National Cyber Security Centre NCSC have issued a joint...

scap-security-guide bug fix and enhancement update

The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol SCAP format and constitutes a catalog of practical hardening advice, linked to government...

Top Routinely Exploited Vulnerabilities

CISA, the Australian Cyber Security Centre ACSC, the United Kingdom’s National Cyber Security Centre NCSC, and the U.S. Federal Bureau of Investigation FBI have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely...

Avaddon ransomware campaign prompts warnings from FBI, ACSC

Both the Australian Cyber Security Centre ACSC and the US Federal Bureau of Investigation FBI have issued warnings about an ongoing cybercrime campaign that is using Avaddon ransomware. The FBI states that is has received notifications of unidentified cyber actors using Avaddon ransomware against...

New ACSC Cybersecurity Campaign Begins by Focusing on Ransomware Threats

The Australian Cyber Security Centre ACSC has launched a new cyber security campaign encouraging all Australians to protect themselves against online threats. The initial focus of the campaign is ransomware threats, and the ACSC provides easy-to-follow security advice at cyber.gov.au to help...

ACSC Releases Annual Cyber Threat Report for 2019–2020

The Australian Cyber Security Centre ACSC has released its annual report on key cyber threats and statistics from 2019–2020. The report highlights that phishing and spearphishing are still the most common cyberattacks, and ransomware has become a significant threat to operations across multiple...

Australian Cyber Attack Vectors Blocked Out of the Box by Imperva WAF

On June 18, 2020, the Australian Cyber Security Centre ACSC released a disclosure detailing a ‘sophisticated’ and sustained attack against Australian government bodies and companies. The disclosure was covered by several mainstream media outlets including the BBC, and the Guardian. The following...

ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises

The Australian Cyber Security Centre ACSC has released an advisory regarding an ongoing cyber campaign involving “copy-paste compromises” targeting Australian government and commercial networks. According to the advisory, a sophisticated malicious cyber actor is carrying out the campaign using...

Broad, Ongoing Cyberattacks Targeting Australia Underscore Need for Behavioral-Based Cybersecurity

On Friday the Australian Federal Government detailed sustained ‘copy-paste’ threats on government and business throughout the country. According to the Government: “‘Copy-paste compromises’ is derived from … heavy use of proof-of-concept exploit code, web shells and other tools copied almost...

ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020

The Australian Cyber Security Centre ACSC has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures TTPs used by cyber criminals and advanced persistent threat APT groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and...