Wednesday, 12 September 2018

Australian Cyber Security Centre(ACSC) alert: 2018-140 Malicious activity targeting education institutions (GREEN)

Studentnet is a registered partner of the Australian Cyber Security Centre(ACSC). The ACSC is part of the Australian Signal Directorate of the Department of Defence. Registered partners of the ACSC are considered by DoD to be part of Australia's critical infrastructure. Studentnet receives alerts such as this as a result of that status. 

The ACSC has issued the following alert that is directly relevant to our school education community.:

==========================

TLP: GREEN

2018-140: Malicious activity targeting education institutions

The Australian Cyber Security Centre (ACSC) is aware of ongoing spear-phishing campaigns targeting multiple Australian higher education institutions.
==========================  

The alert is marked TLP Green:
"Restricted to closed groups and subject to confidentiality. 
You may share GREEN publications with external organisations, information exchanges, or individuals in the network security, information assurance or critical network infrastructure community that agree to maintain the confidentiality of the information in the publication. You may not publish or post on the web or otherwise release it in circumstances where confidentiality may not be maintained."

This means that Studentnet cannot distribute the content of the alert via this blog. However, we can email the alert to directly to individual members of our community.

The alert contains detailed information on the malicious activity and recommendations on protecting your organisation. Cloudwork contains specific features that allow you to easily implement the protection recommendations of the ACSC.

Studentnet strongly recommends that you obtain a copy of the alert. You can obtain a copy by emailing a request to kjk@studentnet.id. Studentnet will email you a full copy of the alert under TLP green conditions.

Please contact Kevin Karp at Studentnet(+61 2 9281 1626 or kjk@studentnet.id) to discuss and plan your implementation of the ACSC's recommendations using Cloudwork's features.

Thursday, 6 September 2018

Advisory: NTLM Abuse Mitigation

NT Lan Manager (NTLM) authentication is currently being abused to harvest user credentials, so CERT Australia has prepared a list of recommendations for techniques to mitigate NTLM abuse.

CERT Australia is now part of the Australian Cyber Security Centre(ACSC) of the Australian Signals Directorate(ASD) section of the Department of Defence.