Australian Cyber Security Centre

Critical Vulnerability: Vulnerability in Widely Used Open Source Software is Discovered

Dec 24 2021

By Cameron Abbott, Rob Pulham, Max Evans and Ella Krygier

A critical security vulnerability has been discovered in Apache Log4j, an open-source logging library used by many popular Java applications to provide logging functionality for troubleshooting purposes, according to the Australian Cyber Security Centre (ACSC).

The software’s vulnerability, known as Log4Shell, allows for remote code execution, which, if left unfixed, could allow cybercriminals to take control of IT systems, steal personal data, passwords and files, and install backdoors for future access, simply by adding an additional line of arbitrary code. According to the ACSC, malicious cyber actors have used this vulnerability to target and compromise IT systems globally and in Australia, which led the ACSC to publish advice on mitigation and detection recommendations.

Apr 01 2021

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Channel Nine has suffered the largest cyber attack on a media company in Australia’s history, according to reports from IT News, the AFR and Nine News.

The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.

Sep 16 2020

By Cameron Abbott and Keely O’Dowd

The adoption of cloud based solutions offer many advantages to businesses, such as cost savings, efficiencies and flexibility. Cloud based solutions can also improve data security as cloud providers will be tasked with monitoring the security of their solutions, updating software and improving security features as required.

However, adopting a cloud based solution will not automatically reduce an organisation’s exposure to cyber risks. Care must be taken before procuring a cloud based solution and any solution must be properly assessed from a security perspective.

Jun 19 2020

By Cameron Abbott, Keely O’Dowd and Rebecca Gill

News reports have revealed that Lion Beer Australia has suffered a second cyberattack within a week of falling victim to a ransomware attack. While Lion continues to recover from the first cyberattack, it must now investigate, respond and recover from this second attack.

Today, Lion announced it had received reports of Lion document lists posted online in recent days. It is continuing to investigate if any data has been removed from its system. Lion has also advised relevant authorities and regulators of the first incident.

Apr 21 2020

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

As noted in part I of this blog, various reports have highlighted the significant increase in phishing scams in light of the global COVID-19 pandemic. In particular, there has been an increase in coronavirus-related emails and SMS messages that are embedded with malicious links or documents, created for the purposes of stealing personal information (among other things), usually for financial gain. In order to stop the spread (pardon the pun) of such virus-inspired phishing scams, the Australian Signals Directorate (ASD) has confirmed that it has launched an offensive against malicious attackers located offshore.

Tag:Australian Cyber Security Centre

Critical Vulnerability: Vulnerability in Widely Used Open Source Software is Discovered

Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack

Under attack: Lion suffers second cyberattack and the Federal Government warns of an active cyberattack on Australian organisations

A phishing pandemic (and offensive): Part III