WA Cyber Security Unit (Office of Digital Government)

This site contains technical information to support WA Government Cyber Security activities. Please propose updates directly via the edit link on each page or email cybersecurity@dpc.wa.gov.au with any feedback. The site is built with Material for MkDocs (reference) which includes several extensions to markdown for enhanced technical writing.

RSS Feeds

If you would like to subscribe to updates for this site please use the RSS or ATOM feeds.

WA Security Operations Centre (WA SOC)

• Connecting to the WA SOC (Sentinel Guidance)
• Advisories (TLP:CLEAR)
• Incident Reporting User Guide (Jira)
• Threat Hunting (MITRE ATT&CK Tactics and Techniques)
• ACSC Essential Eight Assessment Process Guide

Baselines & Guidelines

Baselines are for use as self-assessment checklists, and guidelines are for general implementation guidance.

Baselines

• Security Operations Baseline - aligned with MITRE 11 Strategies of a World-Class Cybersecurity Operations Center and ACSC's Cyber Incident Response Plan Resource.
• Detection Coverage Baseline - telemetry collection and detection analytics aligned to the MITRE ATT&CK Framework.
• Vulnerability Management Baseline - focused on undertaking operational Identify and Protect capabilities.

Critical Infrastructure Entities and Operational Technology

The CISA Cross-Sector Cybersecurity Performance Goals are clear targeted recommendations focusing on most common and impactful threats, including cost, complexity and impact ratings against each recommendation. These are highly relevant targets for entities in scope of SOCI regulatory obligations.

Guidelines

• Supply Chain Risk Management Guideline - Implementation guidance for ACSC Cyber Supply Chain Risk Management.
• Guide to Securing Remote Access Software (CISA) - remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
• #StopRansomware Guide (CISA) - one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.
• Microsoft Sentinel Guidance - Implementation guidance for using Sentinel for ACSC Guidelines for System Monitoring
• Network Management Guideline - Implementation guidance for ACSC Network gateway hardening.
• Patch Management Guideline - Implementation guidance for ACSC Assessing Security Vulnerabilities and Applying Patches.

Additional documentation

The below documents are for general use.

Technical Documentation

• SOC Analyst Induction
• Collecting Digital Forensic Evidence
• Cyber Security Playbooks

Recent Advisories

2025 April

• Apple Patches Zero-Day Vulnerabilites - 20250417001
• Jenkins Critical Vulnerabilities - 20250414001
• Fortinet Publishes Active Exploitation Blog - 20250411001
• ASD Publishes Joint Advisory on new Malicious Cyber Actors and Guidance - 20250410001
• Critical Siemens Vulnerabilities - 20250409004
• SAP Critical Updates - 20250409003
• Fortinet Critical Vulnerability - 20250409002
• Microsoft Monthly Security Updates - 20250409001

2025 March

• Mozilla Critical Advisory - 20250328001
• Next.js Critical Vulnerability - 20250325002
• Ingress NGINX Critical Vulnerability - 20250325001
• Veeam Patches Critical Vulnerbility - 20250321001
• Apache Tomcat Remote Code Execution Vulnerability - 20250318001
• Bitdefender Releases Updates Fixing Critical Vulnerabilities - 20250313002
• Apple releases patches for zero-day vulnerabilities - 20250312002
• Microsoft Releases March 2025 Patch - 20250312001
• CISA Releases New ICS Advisories - 20250310001
• Microsoft Publishes Silk Typhoon Threat Intelligence Article - 20250306001
• CISA Releases New ICS Advisories - 20250305002
• VMWare and Linux added to CISA Known Exploited Catalog - 20250305001
• CISA Adds Known Exploited Vulnerabilities to Catalog - 20250304001

2025 February

• CISA Releases New ICS Advisories - 20250228001
• CISA Adds Known Exploited Vulnerabilities to Catalog - 20250227001
• CISA Releases New ICS Advisories - 20250226001
• Adobe and Oracle Known Exploited Vulnerabilities - 20250225001
• Cisco Publishes Known Exploitation Advisory - 20250224001
• Citrix Authenticated Privilege Escalation Vulnerability - 20250221003
• Microsoft Fixes Power Pages Zero-day Bug Exploited in Attacks - 20250221002
• CISA Releases New ICS Advisories - 20250221001
• CISA Releases Joint Advisory on Ghost (Cring) Ransomware - 20250220001
• CISA Releases New ICS Advisories - 20250219001
• Juniper Critical Vulnerability - 20250218001
• PostgreSQL Flaw Exploited as Zero-Day in BeyondTrust Breach - 20250217001
• Palo Alto Monthly Security Update and Active Exploitation - 20250214002
• CISA Releases New ICS Advisories - 20250214001
• Google Chrome Multiple Vulnerability Updates - 20250213002
• CISA Releases New ICS Advisories - 20250212004
• Apple Patches Zero Day Vulnerabilities - 20250212002
• Microsoft Monthly Security Updates - 20250212001
• WhoDB Critical Vulnerability - 20250211001
• CISA Releases New ICS Advisories - 20250207002
• Cisco Critical Vulnerabilities - 20250207001
• Veeam Critical Vulnerability - 20241205001
• CISA Adds One Known Exploited Vulnerability - 20250206001
• CISA Adds Known Exploited Vulnerabilities to Catalog - 20250205003
• New ICS Advisories - 20250205002
• Increase of ASD ACSC Impersonation Campaigns - 20250204001
• CISA Releases New ICS Advisories - 20250203002
• BeyondTrust Discloses Data Breach Details - 20250203001

WA SOC - Recent Threat Activity (March 2025)

Based on recent high impact incidents seen by the WA SOC, security teams should be focusing on the below areas of improvement based on phishing and phishing resistant MFA:

WASOC Guidance targeted on recent escalation of state-based actor threat activity

• Oracle Data "Breach" The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants
• Fake CAPTCHAs Australian Signals Directorate

Recent WA SOC advisories this month worth staying across include:

• Microsoft Monthly Security Updates Microsoft Releases March 2025 Patch
• Ingress NGINX Critical Vulnerability
• Apache Tomcat Remote Code Execution Vulnerability

Agencies should review the latest WA Government Cyber Security Policy

WASOC - General Advice

Security Hardening remains a focus for all organisations. Please refer to the below guides to ensure all external and internal sign-ins are appropriately monitored.

• Policy The Government of Western Australia’s Artificial Intelligence Policy specifies the principles that must be applied by WA Government agencies who are developing or using Artificial Intelligence (AI) tools. WA Government Artificial Intelligence Policy and Assurance Framework
• ASD's Blueprint for Secure Cloud