On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.
APT exploitation of Fortinet Vulnerabilities
Advanced Persistent Threat actors targeting historic Fortinet vulnerabilities
Exchange server critical vulnerabilities
Microsoft identifies malicious actors exploiting Microsoft Exchange server vulnerabilities
Malware targeting Centreon software
ANSSI identifies campaign targeting Centreon system monitoring software
SonicWall Breach
SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.
Potential Accellion File Transfer Appliance compromise
ACSC identified Australian organisations may have been impacted the Accellion File Transfer Appliance vulnerability and has provided mitigation recommendations.
Potential SolarWinds Orion compromise
FireEye identifies global campaign leveraging malicious updates to SolarWinds software.
Phone and email scammers impersonating the ACSC
Scammers purporting to be from ACSC are calling and emailing Australians and attempting to trick them into installing malicious software on personal devices.
SDBBot targeting health sector
The ACSC has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).