WA Cyber Security Unit (Office of Digital Government)¶
This site contains technical information to support WA Government Cyber Security activities. Please propose updates directly via the edit link on each page or email cybersecurity@dpc.wa.gov.au with any feedback. The site is built with Material for MkDocs (reference) which includes several extensions to markdown for enhanced technical writing.
WA Security Operations Centre (WA SOC)¶
- Connecting to the WA SOC (Sentinel Guidance)
- Advisories (TLP:CLEAR)
- Incident Reporting User Guide (Jira)
- Threat Hunting (MITRE ATT&CK Tactics and Techniques)
- ACSC Essential Eight Assessment Process Guide
Baselines & Guidelines¶
Baselines are for use as self-assessment checklists, and guidelines are for general implementation guidance.
Baselines
- Security Operations Baseline - aligned with MITRE 11 Strategies of a World-Class Cybersecurity Operations Center and ACSC's Cyber Incident Response Plan Resource.
- Detection Coverage Baseline - telemetry collection and detection analytics aligned to the MITRE ATT&CK Framework.
- Vulnerability Management Baseline - focused on undertaking operational Identify and Protect capabilities.
Critical Infrastructure Entities and Operational Technology
The CISA Cross-Sector Cybersecurity Performance Goals are clear targeted recommendations focusing on most common and impactful threats, including cost, complexity and impact ratings against each recommendation. These are highly relevant targets for entities in scope of SOCI regulatory obligations.
Guidelines
- Supply Chain Risk Management Guideline - Implementation guidance for ACSC Cyber Supply Chain Risk Management.
- Guide to Securing Remote Access Software (CISA) - remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
- #StopRansomware Guide (CISA) - one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.
- Microsoft Sentinel Guidance - Implementation guidance for using Sentinel for ACSC Guidelines for System Monitoring
- Network Management Guideline - Implementation guidance for ACSC Network gateway hardening.
- Patch Management Guideline - Implementation guidance for ACSC Assessing Security Vulnerabilities and Applying Patches.
Additional documentation¶
The below documents are for general use.
Technical Documentation
Recent Advisories¶
2025 July¶
- Microsoft SharePoint Active Exploitation - 20250721001
- Cisco Critical Security Vulnerabilities - 20250718001
- IBM WebSphere Application Vulnerability - 20250717002
- Google Chrome Zero-Day Vulnerability - 20250716003
- Oracle Critical Updates - 20250716002
- Broadcom Critical Updates - 20250716001
- Mozilla Critical Vulnerabilities - 20250714001
- CISA Releases New ICS Advisories - 20250711001
- SAP New Critical Vulnerabilities Updates - 202509004
- Adobe Critical Update - 20250709003
- Fortinet Critical Update - 20250709002
- Microsoft Monthly Security Updates - 20250709001
- Phishing Campaigns Using M365 Direct Send - 20250707001
- Cisco Unified Communications Manager Vulnerability - 20250703001
- Linux Sudo chroot Vulnerability - 20250702002
- Google Chrome Zero-Day Vulnerability - 20250702001
2025 June
- Critical Cisco ISE RCE Vulnerability - 20250627001
- Citrix NetScaler Critical Vulnerability - 20250626001
- Critical ICS Vulnerabilities - 20250625001
- ICS Critical Vulnerabilities - 20250619003
- GeoTools Critical Vulnerability - 20250619002
- Citrix NetScaler Critical Vulnerability - 20250619001
- Veeam Patches Critical Vulnerability - 20250618001
- Google Chrome Zero-Day Vulnerability - 20250617001
- ICS Critical Vulnerabilities - 20250613002
- Trend Micro Critical Vulnerabilties - 20250613001
- Wazuh Server Deserialization of Untrusted Data Vulnerability - 20250612002
- Mozilla Firefox Critical Vulnerabilities - 20250612001
- SAP Critical Vulnerability - 20250611002
- Microsoft Monthly Security Updates - 20250611001
- ManageEngine Critical Vulnerability - 20250610001
- Cisco Critical Vulnerability - 20250605001
- Google Chrome Active Exploitation - 20250603001
2025 May
- CrushFTP auth bypass vulnerability - 20250520002
- Mozilla Patches 2 Firefox Zero-Day Vulnerabilities - 20250520001
- Jenkins Critical Vulnerability - 20250519001
- Fortinet Critical Vulnerability - 20250516002
- Chromium-based Browser Active Exploit Vulnerability - 20250516001
- Fortinet Products Critical Vulnerability - 20250515001
- Microsoft Monthly Security Updates - 20250514001
- Cisco IOS XE Software Vulnerability - 20250508001
- Apache ActiveMQ Vulnerability - 20250502001
- SonicWall Critical Vulnerability - 20250501001
WA SOC - Recent Threat Activity (June 2025)¶
Based on recent high impact incidents seen by the WA SOC, security teams should be focusing on the below areas of improvement based on phishing and phishing resistant MFA:
WASOC Guidance targeted on recent escalation of state-based actor threat activity
- Financial Fraud Campaigns Increased Financial Fraud Activity
- Heightened Awareness: Securing Edge Devices
Recent WA SOC advisories this month worth staying across include:
- Critical Cisco ISE RCE Vulnerability
- Citrix NetScaler Critical Vulnerability (CVE-2025-5777)
- Citrix NetScaler Critical Vulnerability (CVE-2025-6543)
- ManageEngine Critical Vulnerability
WASOC - General Advice¶
Security Hardening remains a focus for all organisations. Please refer to the below guides to ensure all external and internal sign-ins are appropriately monitored.
-
Policy The Government of Western Australia’s Artificial Intelligence Policy specifies the principles that must be applied by WA Government agencies who are developing or using Artificial Intelligence (AI) tools. WA Government Artificial Intelligence Policy and Assurance Framework