WA Cyber Security Unit (Office of Digital Government)¶
This site contains technical information to support WA Government Cyber Security activities. Please propose updates directly via the edit link on each page or email cybersecurity@dpc.wa.gov.au with any feedback. The site is built with Material for MkDocs (reference) which includes several extensions to markdown for enhanced technical writing.
WA Security Operations Centre (WA SOC)¶
- Connecting to the WA SOC (Sentinel Guidance)
- Advisories (TLP:CLEAR)
- Incident Reporting User Guide (Jira)
- Threat Hunting (MITRE ATT&CK Tactics and Techniques)
- ACSC Essential Eight Assessment Process Guide
Baselines & Guidelines¶
Baselines are for use as self-assessment checklists, and guidelines are for general implementation guidance.
Baselines
- Security Operations Baseline - aligned with MITRE 11 Strategies of a World-Class Cybersecurity Operations Center and ACSC's Cyber Incident Response Plan Resource.
- Detection Coverage Baseline - telemetry collection and detection analytics aligned to the MITRE ATT&CK Framework.
- Vulnerability Management Baseline - focused on undertaking operational Identify and Protect capabilities.
Critical Infrastructure Entities and Operational Technology
The CISA Cross-Sector Cybersecurity Performance Goals are clear targeted recommendations focusing on most common and impactful threats, including cost, complexity and impact ratings against each recommendation. These are highly relevant targets for entities in scope of SOCI regulatory obligations.
Guidelines
- Supply Chain Risk Management Guideline - Implementation guidance for ACSC Cyber Supply Chain Risk Management.
- Guide to Securing Remote Access Software (CISA) - remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
- #StopRansomware Guide (CISA) - one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.
- Microsoft Sentinel Guidance - Implementation guidance for using Sentinel for ACSC Guidelines for System Monitoring
- Network Management Guideline - Implementation guidance for ACSC Network gateway hardening.
- Patch Management Guideline - Implementation guidance for ACSC Assessing Security Vulnerabilities and Applying Patches.
Additional documentation¶
The below documents are for general use.
Technical Documentation
Recent Advisories¶
2024 May¶
- Trend Micro Patches Multiple Vulnerability - 20240510005
- eDrawings Viewer DXF File Parsing RCE Vulnerability - 202405010004
- Deno Privilege Escalation - 20240510002
- F5 Security Advisory Addresses Multiple Vulnerabilities - 20240510001
- Google Chrome Arbitrary Code Execution Multiple Vulnerabilities - 20240509001
- Oracle WebLogic Server High Severity Vulnerability - 20240508004
- Mozilla PDF.js Arbitrary Code Execution Vulnerability - 20240508003
- Adobe Acrobat Updates May 2024 For Windows And MacOS - 20240508002
- Google Android Security Advisory May 2024 - 20240508001
- Xiaomi Android Devices Multiple Vulnerabilities Across Apps and System Components - 20240507002
- D-Link DIR-645 Router added to CISA Known Exploited Catalog - 20240507001
- WordPress Multiple Plugins Stored Cross-Site Scripting Vulnerability - 20240506001
- North Korean Threat Actor Email Policy Exploitation - 20240503004
- Acrobat Reader Vulnerability - 20240503003
- Cisco IP Phones Vulnerability - 20240503002
- Apache ActiveMQ Vulnerability - 20240503001
- HPE Aruba Network Products Critical RCE Vulnerabilities - 20240502001
- Foxit PDF Reader Vulnerabilities - 20240501003
- Zscaler Client Connector Vulnerability - 20240501002
- Microsoft SmartScreen Prompt Security Vulnerability - 20240501001
2024 April
- R Programming Language Vulnerability - 20240430003
- Network Attached Storage (NAS) Vulnerability - 20240430002
- CrushFTP systems vulnerability - 20240430001
- Delinea Secret Server Authentication Bypass Vulnerability - 20240429003
- WordPress Automatic plugin vulnerability - 20240429002
- Windows Kernel Elevation of Privilege Vulnerability - 20240429001
- Progress Software Telerik Reporting ObjectReader Vulnerability - 20240426003
- GitLab Critical Security Update - 20240426002
- ArcaneDoor Exploiting Cisco ASA Vulnerabilities - 20240426001
- Microsoft pulls fix for Outlook bug behind ICS security alerts - 20240424003
- Windows DOS-to-NT Path Conversion Process Exploited - 20240424002
- Microsoft Exchange Server Remote Code Execution Vulnerability - 20240424001
- Windows Print Spooler Elevation of Privilege Vulnerability - 20240423002
- VirtualBox Privilege Escalation Vulnerability - 20240423001
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - 20240422002
- HashiCorp Vulnerability in go-getter Library - 20240422001
- Libreswan Popular VPN Software Vulnerability - 20240419004
- Critical PuTTY Vulnerability Exposes Private Keys - 20240419003
- Oracle Critical Patch Update for April 2024 - 20240419002
- Cisco Patches Vulnerabilities in Integrated Management Controller - 20240419001
- Ivanti Avalanche Multiple RCE Vulnerabilities - 20240418004
- Botnets Swarm Exploited in TP-Link Archer Routers - 20240418003
- Google Chrome Multiple RCE Vulnerabilities - 20240418002
- Microsoft QUIC Denial of Service Vulnerability - 20240417002
- Multiple Vulnerabilities in Mozilla Products - 20240417001
- Critical Rust Standard Library Vulnerability - 20240416004
- Google Chrome V8 Enum Cache Out-Of-Bounds Read RCE Vulnerability - 20240416003
- SAP Security Advisory April 2024 - 20240416002
- Node.js Security Patch for Critical Vulnerability - 20240416001
- Juniper Security Updates for Multiple Products - 20240415003
- Bitdefender Critical Vulnerabilities in GravityZone and Endpoint Security - 20240415002
- Palo Alto Networks PAN-OS Command Injection Vulnerability - 20240415001
- Chrome Security Update - 20240412001
- Adobe Releases Security Updates for Multiple Products - 20240410004
- Microsoft Releases April Security Updates - 20240410003
- Fortinet Releases Security Updates for Multiple Products - 20240410002
- D-Link Critical Vulnerability - 20240410001
- Podman Buildah Vulnerability - 20240408004
- Google Releases Patches for Pixel Zero-Days - 20240408003
- Cisco Vulnerability in Discontinued Small Business Routers - 20240408002
- PGAdmin Remote Code Execution Vulnerability - 20240408001
- Apache HTTP Server Triple Vulnerabilities - 20240405003
- Microsoft Edge Spoofing Vulnerability - 20240405002
- Ivanti Security Update for Connect Secure and Policy Secure Gateways - 20240405001
- VMware SD-WAN Edge and SD-WAN Orchestrator Multiple Security Updates - 20240404001
- JetBrains TeamCity Cross-Site Scripting Vulnerability - 20240402006
- Linux Kernel Vulnerability - 20240402005
- WallEscape util-Linux Vulnerability - 20240402004
- GitLab Stored XSS Vulnerability - 20240402003
- Supply Chain Compromise Affecting XZ Utils Data Compression Library - 20240402002
- Cisco Security Updates for Multiple Products - 20240402001
2024 March
- Chrome Zero Days - 20240328002
- Apple Released Security Updates for Safari and macOS - 20240328001
- Firefox Patches Critical Zero-Day Vulnerabilities - 20240327003
- Apache Tomcat Denial of Service Vulnerabilities - 20240327002
- CISA Releases Multiple Critical Infrastructure Related Advisories - 20240327001
- Microsoft Edge Chromium based Security Feature Bypass Vulnerability - 20240326003
- Microsoft Edge Chromium based Security Feature Bypass Vulnerability - 20240326003
- .NET Framework Information Disclosure Vulnerability - 20240326002
- Ivanti Endpoint Manager Code Injection Vulnerability - 20240326001
- Advantech WebAccess/SCADA SQL Injection Vulnerability - 20240322003
- Ivanti Neurons for ITSM and Standalone Sentry Security Updates - 20240322002
- Chrome Security Update - 20240322001
- Xbox Gaming Services Elevation of Privilege Vulnerability - 20240321002
- Mozilla Security Updates For Multiple Products - 20240320001
- WordPress miniOrange Plugins Critical Vulnerability - 20240319002
- Directory Traversal PoC in FileCatalyst Workflow - 20240319001
- WordPress Plugin File Manager and File Manager Pro Critical Vulnerability- 20240318004
- Fortinet Critical SQLi Vulnerability in FortiClientEMS Software - 20240318003
- Akamai Kubernetes Vulnerability - 20240318002
- Arcserve UDP Software Critical Vulnerabilities - 20240318001
- CISA Releases Fifteen Industrial Control Systems Advisories - 20240315003
- Cisco Security Updates for IOS XR Software - 20240315001
- DNSSEC Verification Complexity Vulnerability - 20240313004
- Adobe Releases Security Updates for Multiple Products - 20240313003
- Fortinet Releases Security Updates for Multiple Products - 20240313002
- Microsoft Releases Security Updates for Multiple Products - 20240313001
- Word Press Plugin 3DPrint Lite Critical Vulnerability - 20240311003
- Fortinet FortiOS Critical Vulnerability - 20240311002
- Apple Multiple Products Security Advisory - 20240311001
- Veritas NetBackup Server and Client RCE Vulnerability - 20240308005
- Android security advisory -- March 2024 Monthly Rollup (AV24-119)- 20240308004
- Windows Themes Spoofing Vulnerability - 20240308003
- Microsoft Edge for Android Spoofing Vulnerability - 20240308002
- Cisco Releases Security Advisories for Multiple Products - 20240308001
- VMware Releases Security Advisory for Multiple Products - 20240307002
- Known Exploited Apple iOS and iPad Zeroday Vulnerabilities - 20240307001
- Android Pixel Vulnerability added to CISA Known Exploited Catalog - 20240306001
- JetBrains TeamCity Vulnerability Added to CISAs Known Exploited Catalog - 20240305003
- Adobe Acrobat Reader Multiple Vulnerabilities - 20240305002
- Cisco Patches NX-OS DoS Vulnerabilities - 20240305001
WA SOC - Recent Threat Activity (April 2024)¶
Based on recent high impact incidents seen by the WA SOC, security teams should be focusing on the below areas of improvement:
WASOC Guidance targeted on recent threat activity
- Lessons from XZ Utils: Achieving a More Sustainable Open Source Ecosystem (https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem)
- Secure by Design CISA Guidance on SBOM
- Software Bill of Materials SBOM
- Publication on the SVR activity targeting Government cloud infrastructure. Review and adapt the SCuBA Toolset to validate security controls.
Recent WA SOC advisories this month worth staying across include:
- Palo Alto Networks PAN-OS Command Injection Vulnerability
- Ivanti Security Update for Connect Secure and Policy Secure Gateways
- ArcaneDoor Exploiting Cisco ASA Vulnerabilities
Agencies should review the latest NIST CSF 2.0 and the new AI Policy and Assurance Framework.
Security Hardening remains a focus for all organisations. Please refer to the below guides to ensure all external and internal sign-ins are appropriately monitored.