WA Cyber Security Unit (Office of Digital Government)

This site contains technical information to support WA Government Cyber Security activities. Please propose updates directly via the edit link on each page or email cybersecurity@dpc.wa.gov.au with any feedback. The site is built with Material for MkDocs (reference) which includes several extensions to markdown for enhanced technical writing.

RSS Feeds

If you would like to subscribe to updates for this site please use the RSS or ATOM feeds.

WA Security Operations Centre (WA SOC)

• Connecting to the WA SOC (Sentinel Guidance)
• Advisories (TLP:CLEAR)
• Incident Reporting User Guide (Jira)
• Threat Hunting (MITRE ATT&CK Tactics and Techniques)
• ACSC Essential Eight Assessment Process Guide

Baselines & Guidelines

Baselines are for use as self-assessment checklists, and guidelines are for general implementation guidance.

Baselines

• Security Operations Baseline - aligned with MITRE 11 Strategies of a World-Class Cybersecurity Operations Center and ACSC's Cyber Incident Response Plan Resource.
• Detection Coverage Baseline - telemetry collection and detection analytics aligned to the MITRE ATT&CK Framework.
• Vulnerability Management Baseline - focused on undertaking operational Identify and Protect capabilities.

Critical Infrastructure Entities and Operational Technology

The CISA Cross-Sector Cybersecurity Performance Goals are clear targeted recommendations focusing on most common and impactful threats, including cost, complexity and impact ratings against each recommendation. These are highly relevant targets for entities in scope of SOCI regulatory obligations.

Guidelines

• Supply Chain Risk Management Guideline - Implementation guidance for ACSC Cyber Supply Chain Risk Management.
• Guide to Securing Remote Access Software (CISA) - remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
• #StopRansomware Guide (CISA) - one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.
• Microsoft Sentinel Guidance - Implementation guidance for using Sentinel for ACSC Guidelines for System Monitoring
• Network Management Guideline - Implementation guidance for ACSC Network gateway hardening.
• Patch Management Guideline - Implementation guidance for ACSC Assessing Security Vulnerabilities and Applying Patches.

Additional documentation

The below documents are for general use.

Technical Documentation

• SOC Analyst Induction
• Collecting Digital Forensic Evidence
• Cyber Security Playbooks

Recent Advisories

2024 November

• CISA Releases New ICS Advisories - 20241120002
• Apple Releases Urgent Updates - 20241120001
• Paloalto Publishes Critical Advisory - 20241119001
• New ICS Advisories - 20241118001
• Siemens Releases New ICS Advisories - 20241113003
• Microsoft Monthly Updates - 20241113002
• ACSC Publishes Routinely Exploited Vulnerability Advisory - 20241113001
• CISA Releases New ICS Advisories - 20241108001
• Cisco Releases Critical Updates - 20241107001
• Ricoh Critical Updates - 20241105001
• New ICS Advisories - 20241101002
• ServiceNow Critical Vulnerability - 20241101001

2024 October

• IBM Critical Update - 20241031002
• Google Chrome Critical Updates - 20241031001
• New ICS Advisories - 20241030004
• Spring WebFlux Critical Advisory - 20241030003
• QNAP Zero-Day Vulnerability - 20241030002
• Apple Critical Update - 20241030001
• Progress WhatsUp Critical Update - 20241029001
• New ICS Advisories - 20241028001
• CISA Releases New ICS Advisories - 20241025002
• Cisco Addresses Critical Vulnerabilities - 20241025001
• Microsoft SharePoint Vulnerability Added in CISA Known Exploits - 20241024002
• Fortinet FortiManager Critical Vulnerability - 20241024001
• CISA Releases New ICS Advisories - 20241021003
• Grafana Releases Critical Update - 20241021002
• Trend Releases Critical Update - 20241021001
• Oracle Publishes Quarterly Critical Patch Advisory - 20241018001
• Kubernetes Image Builder Vulnerability - 20241016002
• Oracle WebLogic Server Vulnerability - 20241016001
• Java deserialization vulnerability - 20241015001
• GitLab CI/CD pipeline Vulnerability - 20241014001
• CISA Publishes New ICS Advisories - 20241011002
• CISA Publishes F5 BIG-IP Advisory - 20241011001
• Progress Telerik Critical Vulnerability - 20241010004
• Palo Alto Critical Vulnerabilities - 20241010003
• Fortinet Critical Vulnerabilities - 20241010002
• Mozilla Firefox Critical Vulnerability - 20241010001
• Siemens Publishes ICS Advisory - 20241009004
• SAP Critical Vulnerability - 20241009003
• TeamViewer Publishes Important Updates - 20241009002
• Microsoft Releases Critical Security Updates - 20241009001
• GitLab Critical SAML Vulnerability - 20241008001
• Apple Releases Critical Updates - 20241007001
• CISA Releases New ICS Advisories and OT Guidance - 20241004002
• Microsoft Office Critical ZeroDay Vulnerability - 20241004001
• CISA Releases New ICS Advisories - 20241002001
• SolarWinds Critical Vulnerability - 20241001001

2024 September

• Progress WhatsUp Gold Critical Updates - 20240930002
• Common UNIX Printing System (CUPS) Critical Vulnerabilities - 20240930001
• CISA Releases New ICS Advisories - 20240927003
• GitLab Critical Vulnerability - 20240927002
• ASD Publishes Joint Advisory - 20240927001
• CISA Releases OT and ICS Security Advisory - 20240926002
• SQL-based Critical Vulnerabilities - 20240926001
• CISA Publishes New ICS Advisories - 20240925001
• GeoServer Critical Vulnerability - 20240924002
• Grafana Plugin SDK Information Leakage Vulnerabilty - 20240924001
• Broadcom VMware Critical Update - 20240919002
• ASD Publishes Joint Advisory on China Linked Botnet Operations - 20240919001
• CISA Releases New ICS Advisories - 20240918001
• CISA and Siemens Release New ICS Advisories - 20240913004
• GitLab Publishes Critical Update - 20240913003
• WordPress Plugin Critical Update - 20240913002
• SolarWinds Critical Update - 20240913001
• CISA Publishes ICS Advisory - 20240911003
• Ivanti Publishes Critical Security Updates - 20240911002
• Microsoft Publishes Critical Updates - 20240911001
• Veeam Releases Critical Updates - 20240909001
• Cisco Publishes Critical Update - 20240906003
• Microsoft Vulnerability Known Exploitation - 20240906002
• CISA Releases New Joint Advisory - 20240906001
• WinRAR Vulnerability Active Exploitation - 20240904002
• Ivanti Critical Vulnerability PoC Published - 20240904001
• CISA Releases New ICS Advisories - 20240903002
• Zabbix Server Critical Vulnerability - 20240903001

WA SOC - Recent Threat Activity (October 2024)

Based on recent high impact incidents seen by the WA SOC, security teams should be focusing on the below areas of improvement:

WASOC Guidance targeted on recent escalation of state-based actor threat activity

• Threat Actor Exploiting Wekanesses in Low Strength Multi-factor Authentication Protocols Microsoft Guidance
• Uptick in Whaling Phishing Activity Whaling Guidance

Recent WA SOC advisories this month worth staying across include:

• A reminder to stay on top of Microsoft patching Sharepoint Deserilisation Exploit

Agencies should review the latest WA Government Cyber Security Policy

WASOC - General Advice

Security Hardening remains a focus for all organisations. Please refer to the below guides to ensure all external and internal sign-ins are appropriately monitored.

• Policy The Government of Western Australia’s Artificial Intelligence Policy specifies the principles that must be applied by WA Government agencies who are developing or using Artificial Intelligence (AI) tools. WA Government Artificial Intelligence Policy and Assurance Framework