WA Cyber Security Unit (Office of Digital Government)¶
This site contains technical information to support WA Government Cyber Security activities. Please propose updates directly via the edit link on each page or email cybersecurity@dpc.wa.gov.au with any feedback. The site is built with Material for MkDocs (reference) which includes several extensions to markdown for enhanced technical writing.
WA Security Operations Centre (WA SOC)¶
- Connecting to the WA SOC (Sentinel Guidance)
- Advisories (TLP:CLEAR)
- Incident Reporting User Guide (Jira)
- Threat Hunting (MITRE ATT&CK Tactics and Techniques)
- ACSC Essential Eight Assessment Process Guide
Baselines & Guidelines¶
Baselines are for use as self-assessment checklists, and guidelines are for general implementation guidance.
Baselines
- Security Operations Baseline - aligned with MITRE 11 Strategies of a World-Class Cybersecurity Operations Center and ACSC's Cyber Incident Response Plan Resource.
- Detection Coverage Baseline - telemetry collection and detection analytics aligned to the MITRE ATT&CK Framework.
- Vulnerability Management Baseline - focused on undertaking operational Identify and Protect capabilities.
Critical Infrastructure Entities and Operational Technology
The CISA Cross-Sector Cybersecurity Performance Goals are clear targeted recommendations focusing on most common and impactful threats, including cost, complexity and impact ratings against each recommendation. These are highly relevant targets for entities in scope of SOCI regulatory obligations.
Guidelines
- Supply Chain Risk Management Guideline - Implementation guidance for ACSC Cyber Supply Chain Risk Management.
- Guide to Securing Remote Access Software (CISA) - remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
- #StopRansomware Guide (CISA) - one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.
- Microsoft Sentinel Guidance - Implementation guidance for using Sentinel for ACSC Guidelines for System Monitoring
- Network Management Guideline - Implementation guidance for ACSC Network gateway hardening.
- Patch Management Guideline - Implementation guidance for ACSC Assessing Security Vulnerabilities and Applying Patches.
Additional documentation¶
The below documents are for general use.
Technical Documentation
Recent Advisories¶
2024 September¶
- Cisco Publishes Critical Update - 20240906003
- Microsoft Vulnerability Known Exploitation - 20240906002
- CISA Releases New Joint Advisory - 20240906001
- WinRAR Vulnerability Active Exploitation - 20240904002
- Ivanti Critical Vulnerability PoC Published - 20240904001
- CISA Releases New ICS Advisories - 20240903002
- Zabbix Server Critical Vulnerability - 20240903001
2024 August
- CISA Releases Joint Advisory on RansomHub Ransomware - 20240830001
- SonicWall Publishes Critical Updates - 20240827001
- Progress WhatsUp Gold Critical Update - 20240826002
- Chromium Vulnerability Known Exploitation - 20240826001
- CISA Releases New ICS Advisories - 20240823002
- SolarWinds Releases Critical Update - 20240823001
- Microsoft Publishes Critical CVE Advisory - 20240822002
- WordPress Plugins Critical Vulnerabilities- 20240822001
- WPS Office Releases Critical Update - 20240819002
- WordPress Plugin Critical Vulnerabilities - 20240819001
- CISA Releases New ICS Advisories - 20240816001
- SAP Releases Critical Updates - 20240814003
- SolarWinds Releases Critical Update - 20240814002
- Microsoft Discloses Multiple ZeroDay Vulnerabilities - 20240814001
- RunZero Demonstrates Numerous SSH Vulnerabilities - 20240813001
- Cisco Releases Critical Update - 20240809001
- CISA Releases New ICS Advisories - 20240802002
- Bitdefender Releases Critical Security Updates - 20240802001
- Multiple SMTP Servers Vulnerable to Spoofing Attacks - 20240801004
- Progress Software Releases Security Advisory - 20240801003
- CISA Releases New ICS Advisories - 20240801002
- CISA Releases Advisory Addressing DigiCert Certificate Revocations - 20240801001
2024 July
- Apple Releases Multiple Product Updates - 20240731004
- Langflow Privilege Escalation - 20240731002
- Cisco Critical RADIUS Protocol Vulnerability - 20240730002
- VMWare ESXi Active Exploitation Campaigns - 20240730001
- OpenStack Releases Critical Security Advisory - 20240729002
- Acronis Releases Critical Security Advisory - 20240729001
- ServiceNow Public Exploitation Campaigns - 20240726005
- CISA Publishes New ICS Advisories - 20240726004
- GitLab Releases Security Advisory - 20240726003
- Telerik Releases Security Advisory - 20240726002
- CISA Releases Joint Advisory for North Korean Cyber Espionage Activity - 20240726001
- Google Releases New Chrome Stable Version - 20240725003
- Docker Releases Critical Security Advisory - 20240725002
- ISC Releases Multiple BIND 9 Security Advisories - 20240725001
- CISA Publishes New ICS Advisories - 20240724003
- CISA Updates Known Exploited Catalog - 20240724001
- Okta Releases Browser Plugin Advisory - 20240723002
- AWS Security Advisory for Flaws in AWS Client VPN - 20240723001
- SonicWall Releases New Security Advisory - 20240722003
- Microsoft DSVM Proof of Concept Published - 20240722002
- IrfanView Plugin Vulnerability - 20240722001
- Oracle Publishes Quarterly Critical Patch Advisory - 20240719001
- SolarWinds Patches Critical Vulnerabilities - 20240718006
- Atlassian July 2024 Security Advisory - 20240718005
- Ivanti Releases New Security Advisories - 20240718004
- Cisco Releases New Security Advisories - 20240718003
- Chromium Browsers Release Updates - 20240718002
- CISA Adds items to known exploited catalog - 20240718001
- CISA Releases Critical Infrastructure Related Advisory - 20240717001
- GeoServer Critical Vulnerability Added to Known Exploited Catalog - 20240716001
- Junos OS Evolved: Privilege Escalation Vulnerability Resolved - 20240715001
- CISA Releases Multiple Critical Infrastructure Related Advisories - 20240712005
- LightTPD Critical Vulnerability - 20240712004
- PHP Vulnerability Active Exploitation - 20240712003
- GitLab Critical Advisory - 20240712002
- Palo Alto Expedition - Admin Account Takeover Vulnerability - 20240712001
- Citrix Updates Multiple Products - 20240710005
- Adobe Updates Multiple Products - 20240710004
- CISA Releases APT40 Advisory - 20240710003
- Microsoft Azure Network Watcher VM Vulnerability - 20240710002
- Windows Vulnerabilities Added to CISA Known Exploited Catalog - 20240710001
- Synology Camera Advisory - 20240709002
- Cisco Affected by OpenSSH Vulnerability - 20240709001
- Apache HTTP Server Critical Source Code Disclosure Vulnerability - 20240708001
- Splunk RCE Advisory - 20240705001
- GeoServer Urgent Advisory - 20240704002
- Juniper Security Advisory - 20240704001
- CISA Releases New ICS Advisories - 20240703002
- Apache Security Advisory - 20240703001
- LibreOffice Patches Critical Vulnerability in LibreOfficeKit - 20240702003
- Cisco NX-OS Software CLI Command Injection Vulnerability - 20240702002
- OpenSSH Critical Advisory - 20240702001
- Oracle WebLogic Server Exploitation - 20240701004
- Rockwell Urgent Advisory - 20240701003
- HubSpot Investigating Potential Breach - 20240701002
- Juniper Releases Urgent Advisory - 20240701001
WA SOC - Recent Threat Activity (August 2024)¶
Based on recent high impact incidents seen by the WA SOC, security teams should be focusing on the below areas of improvement:
WASOC Guidance targeted on recent escalation of state-based actor threat activity
- The ACSC has released a coordinated advisory about the newly realised APT40.
- CISA has released a joint Cybersecurity Advisory titled "North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime's Military and Nuclear Programs".
- The ACSC has observed activity of Threat Actors impersonating the ACSC Email scammers impersonating the ASD's ACSC
Recent WA SOC advisories this month worth staying across include:
Agencies should review the latest WA Government Cyber Security Policy
WASOC - General Advice¶
Security Hardening remains a focus for all organisations. Please refer to the below guides to ensure all external and internal sign-ins are appropriately monitored.