Australian Signals Directorate

Why collect a bug bounty when you can collect a full-time bug salary? Squish bugs in Australia’s most secure cryptographic products before they are even made. We’re looking for people with curious and creative minds who will bring new ideas and skills to our organisation. Decoding hidden messages, cracking codes and revealing secrets is a large part of the work that we do. Help make Australia’s most secure networks, even more secure. Interested in becoming an ASD Cryptographer? Apply now 👉 https://lnkd.in/gE35nE8P

The Essential Eight (E8) isn’t a magic 8 ball, but it will help keep your organisation more secure from APT40 attacks and other cyber threats. Implementing E8 protects your IT networks and is based on our experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the E8. The mitigation strategies that constitute the E8 are: • patch applications • patch operating systems • enable multi-factor authentication • restrict administrative privileges • apply application control • restrict Microsoft Office macros • implement user application hardening • perform regular backups. Read more 👉 https://lnkd.in/gXBnEPEh

Cast your vote and share your thoughts in the comments.

Microsoft has released its July security updates. This update included: •            142 vulnerabilities patched. •            2 vulnerabilities with evidence of exploitation. •            5 'Critical' rated. The ASD’s ACSC encourages all users to apply the available patch updates ASAP. For more details, visit the Microsoft Security Response Centre website 👉 https://lnkd.in/gzeHWGYG

The ASD’s Richard Brasier, Assistant Director-General, Skills & Training was pleased to be part of a dynamic panel discussion on the crucial topic of diversity and inclusion in the security workforce. Thanks to AWSN - Australian Women in Security Network Canberra for an insightful morning!

Today, we released a Joint Cybersecurity Advisory with international partners about a People’s Republic of China (PRC) state-sponsored cyber group, APT40, and the current threat it poses to Australian networks. APT40 is conducting regular reconnaissance against networks of interest in Australia looking for opportunities to compromise its targets. The group uses compromised infrastructure, including small-office/home-office (SOHO) devices as operational infrastructure, to launch attacks that blend in with legitimate traffic, challenging network defenders. This regular reconnaissance allows them to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities due to systems being unpatched. We strongly recommend implementing the ASD Essential Eight mitigation strategies, as well as additional relevant mitigations from our Strategies to Mitigate Cyber Security Incidents guidance. Mitigation that can reduce the effectiveness of the activity includes: • Logging and detection – maintaining comprehensive and historical logging information across web servers, window events and internet proxy • Patch management – implement a centralised patch management system to automate and expedite the patch process. • Network segmentation – segments networks to limit or block lateral movement by denying traffic between computers unless required. To read the advisory and learn more about how to identify, prevent and remediate APT40 intrusions, visit https://lnkd.in/g8YnRnG6. This advisory has been jointly issued by Cybersecurity and Infrastructure Security Agency, National Security Agency, Federal Bureau of Investigation (FBI), National Cyber Security Centre (UK), Communications Security Establishment Canada | Centre de la sécurité des télécommunications Canada, National Cyber Security Centre (NZ), Bundesnachrichtendienst (BND), Bundesamt für Verfassungsschutz (BfV), National Center of Incident Readiness and Strategy for Cybersecurity + National Police Agency (Japan), and National Intelligence Service + National Cyber Security Center (Korea).

NAIDOC Week 2024 is here and the theme this year is ‘Keep the Fire Burning! Blak, Loud & Proud.’ NAIDOC Week, from 7-14 July, celebrates and recognises the history, culture & achievements of Aboriginal and Torres Strait Islander Peoples. This artwork was created for this occasion by ASD staff member - the incredibly talented Kiara Kennedy. “With this artwork, I wanted to emphasise celebration… I have incorporated things from my journey to becoming Loud, Blak and Proud. Over the years, sharing our culture, knowledge and growing an understanding of who we are and where we come from, created a space where we can be Loud, Blak and Proud.”

Gear up for some #FridayFun with our cybersecurity crossword challenge! Do you know the answers? Comment below. ACROSS 2. Malicious software designed to disrupt, damage, or gain unauthorised access to a computer system. (7) 5. Service that encrypts your internet traffic and protects your information online. (3) 6. The practice of techniques for securing communications in which plaintext data is converted through a cipher into ciphertext. (12) 7. A network device that filters incoming and outgoing network data based on a series of rules. (8) 8. A piece of software designed to update a computer program or its supporting data, to fix or improve it. (5) 9. A small text file stored by a web browser that retains user preferences and session information, often tracked for marketing purposes. (6) DOWN 1. A sequence of words used for authentication that is longer and more secure than a simple password. (10) 3. Verifying the identity of a user, process or device as a prerequisite to allowing access to resources in a system. (14) 4. Process of converting information or data into a code, especially to prevent unauthorised access. (10)

Beware of phishing – don't get reeled in! Phishing attacks are a common scam tactic in the online world. They can trick you into giving away sensitive information such as passwords, credit card numbers or online banking logins. These attacks often come in the form of emails, messages or websites that seem legitimate. They pose as a trusted source to lure you into a trap. Here’s how you can stay a step ahead: • Avoid opening links or attachments that you’re not expecting, or from people that you don’t know. • Look out for urgent requests, threats, spelling mistakes or poor grammar. • Use multi-factor authentication (MFA) on your accounts where possible for extra security. Some phishing scams can be hard to spot. Take our quiz to see if you can spot a scam, and learn how to recognise and report them 👉 https://lnkd.in/gVf6tdk2

Are you ready to elevate your career to new heights? Join our team of cloud trailblazers building secure cloud platforms. We’re seeking talented people with a passion for innovation, a commitment to excellence and an appreciation of security. Working with us, you'll be at the forefront of technical innovation, harnessing the power of cloud technology to revolutionise our operations and advance national security. Want to be part of it? Visit our website to find out more and submit your application 👉 https://lnkd.in/g27FwxR5