VoicePlus Blogs

underline-img
Iranian Government-Sponsored APT Cyber Actors

Iranian Government-Sponsored APT Cyber Actors

FBI and CISA have observed an Iranian government-sponsored APT group that are exploiting vulnerabilities to gain access to systems. The APT group has exploited the same Microsoft Exchange vulnerability in Australia.

Read More arrow-img
Vulnerability - Palo Alto firewalls utilising the GlobalProtect VPN component

Vulnerability - Palo Alto firewalls utilising the GlobalProtect VPN component

A vulnerability has been identified in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component. Affected Australian organisations should apply the available update as soon as possible. Alert status - HIGH

Read More arrow-img
Critical vulnerability present in certain versions of Microsoft Excel

Critical vulnerability present in certain versions of Microsoft Excel

Microsoft has identified active exploitation of a vulnerability in Microsoft Excel. Affected Australian organisations should apply the available security update as soon as possible.

Read More arrow-img
Critical Vulnerability present in certain versions of Apple iOS and ipads

Critical Vulnerability present in certain versions of Apple iOS and ipads

A vulnerability has been identified in certain Apple products which could allow an actor to install malware or perform other actions on a vulnerable device.

Read More arrow-img
Critical Vulnerability in Certain Versions of Apache HTTP Server

Critical Vulnerability in Certain Versions of Apache HTTP Server

A vulnerability exists in Apache HTTP Server 2.4.49. A cyber actor could exploit this vulnerability to execute arbitrary code. Initial information also indicates that the vulnerability could also be used perform remote code execution under certain configurations. Affected Australian organisations should apply the available patch.

Read More arrow-img
ACSC - High Alert - Apple IOS, Macos and Safari

ACSC - High Alert - Apple IOS, Macos and Safari

Critical vulnerabilities present in certain versions of Apple iOS, macOS and Safari

Read More arrow-img
ACSC - Microsoft Azure Service - Critical Alert

ACSC - Microsoft Azure Service - Critical Alert

A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.

Read More arrow-img
2021-006: ACSC Ransomware Profile - Lockbit 2.0

2021-006: ACSC Ransomware Profile - Lockbit 2.0

ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia. The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the ACSC is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.

Read More arrow-img
Vulnerability Affecting BlackBerry QNX RTOS

Vulnerability Affecting BlackBerry QNX RTOS

BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system. Alert status: HIGH Background /What has happened? The ACSC is tracking a vulnerability in BlackBerry QNX RTOS on Australian networks. An integer overflow vulnerability exists in BlackBerry’s QNX products (including standard, medical and safety-certified versions). This vulnerability could allow remote code execution or denial-of-service attacks. This is a high-risk vulnerability, affecting QNX SDP 6.5 SP1 and below (shipped in products manufactured between 1996 to 2012) and QNX for safety manufactured until 2018.

Read More arrow-img
Cybercriminals targeting construction companies to conduct email scams

Cybercriminals targeting construction companies to conduct email scams

Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.

Read More arrow-img
  • 1
  • 2

3 Strategies to Reduce Telecom Cost