WA Cyber Security Unit (Office of Digital Government)

This site contains technical information to support WA Government Cyber Security activities. Please propose updates directly via the edit link on each page or email cybersecurity@dpc.wa.gov.au with any feedback. The site is built with Material for MkDocs (reference) which includes several extensions to markdown for enhanced technical writing.

RSS Feeds

If you would like to subscribe to updates for this site please use the RSS or ATOM feeds.

WA Security Operations Centre (WA SOC)

• Connecting to the WA SOC (Sentinel Guidance)
• Advisories (TLP:CLEAR)
• Incident Reporting User Guide (Jira)
• Threat Hunting (MITRE ATT&CK Tactics and Techniques)
• ACSC Essential Eight Assessment Process Guide

Baselines & Guidelines

Baselines are for use as self-assessment checklists, and guidelines are for general implementation guidance.

Baselines

• Security Operations Baseline - aligned with MITRE 11 Strategies of a World-Class Cybersecurity Operations Center and ACSC's Cyber Incident Response Plan Resource.
• Detection Coverage Baseline - telemetry collection and detection analytics aligned to the MITRE ATT&CK Framework.
• Vulnerability Management Baseline - focused on undertaking operational Identify and Protect capabilities.

Critical Infrastructure Entities and Operational Technology

The CISA Cross-Sector Cybersecurity Performance Goals are clear targeted recommendations focusing on most common and impactful threats, including cost, complexity and impact ratings against each recommendation. These are highly relevant targets for entities in scope of SOCI regulatory obligations.

Guidelines

• Supply Chain Risk Management Guideline - Implementation guidance for ACSC Cyber Supply Chain Risk Management.
• Guide to Securing Remote Access Software (CISA) - remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
• #StopRansomware Guide (CISA) - one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.
• Microsoft Sentinel Guidance - Implementation guidance for using Sentinel for ACSC Guidelines for System Monitoring
• Network Management Guideline - Implementation guidance for ACSC Network gateway hardening.
• Patch Management Guideline - Implementation guidance for ACSC Assessing Security Vulnerabilities and Applying Patches.

Additional documentation

The below documents are for general use.

Technical Documentation

• SOC Analyst Induction
• Collecting Digital Forensic Evidence
• Cyber Security Playbooks

Recent Advisories

2025 November

• Google Chrome Zero-Day Vulnerability - 20251118001
• Citrix NetScaler Vulnerability - 20251117001
• IBM Critical Vulnerabilities - 20251114002
• PgAdmin Critical Update - 20251114001
• BIND9 Important Updates - 20251112003
• Zohocorp ManageEngine Critical Vulnerability - 20251112002
• Microsoft Critical Monthly Updates - 20251112001
• QNAP Critical Updates - 20251110001
• Critical Cisco Vulnerabilities - 20251106001
• Linux Active Exploitation Vulnerability - 20251105001

2025 October

• Microsoft Critical Out-of-Band Update - 20251027001
• New ICS Critical Vulnerabilities - 20251024002
• Oracle Monthly Critical Vulnerabilities - 20251024001
• VMWare Active Exploitation - 20251021001
• Redis Critical Vulnerability - 20251017002
• New Critical ICS Vulnerabilities - 20251017001
• F5 Security Incident And Critical Updates - 20251016001
• Veeam Patches Critical Vulnerabilities - 20251015002
• Microsoft Monthly Security Updates - 20251015001
• Oracle E-Business Suite Remote Code Vulnerability - 20251006001

2025 September

• Cisco ASA Active Exploitation - 20250926001
• Cisco Zero-Day Vulnerability - 20250925001
• SonicWall Cloud Backup Security Incident - 20250923001
• ASD Publishes Advisory on Ongoing Attack on NPM - 20250919002
• Google Chrome Zero-Day Vulnerability - 20250919001
• pgAdmin Critical Vulnerability - 20250915001
• Siemens Critical Vulnerabilities - 20250912001
• Microsoft Monthly Security Updates - 20250910001

WASOC - Recent Threat Activity (September 2025)

Based on recent high impact incidents seen by the WASOC, security teams should be focusing on the below areas of improvement based on phishing and phishing resistant MFA:

WASOC Guidance targeted on recent escalation of state-based actor threat activity

Heightened Awareness:

• Securing Edge Devices

Recent WASOC advisories this month worth staying across include:

• Microsoft Multiple Critical Vulnerabilities as part of Monthly Update
• Oracle E-Business Suite Remote Code Vulnerability
• F5 Security Incident And Critical Updates involving Nation State Actors

WASOC - General Advice

• The WASOC has observed consistent exploitation delivered via Phishing campaigns.

Security Hardening remains a focus for all organisations. Please refer to the below guides to ensure all external and internal sign-ins are appropriately monitored.

• ASD's Annual Cyber Threat Report 2024-2025

• ACSC - Secure by Design

• Guidelines for Secure Software Development

• Ongoing targeting of online code repositories

• A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity