From cdde794472a82536bf2527738acb8276ad30c355 Mon Sep 17 00:00:00 2001 From: DamoOne <115965806+DamoOne@users.noreply.github.com> Date: Wed, 1 May 2024 14:24:38 +0800 Subject: [PATCH] Updated to April 2024 (#693) * Update threat-activity.md to April 2024 * Format markdown docs --------- Co-authored-by: DamoOne --- docs/threat-activity.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/threat-activity.md b/docs/threat-activity.md index 9a9809ef..ec601544 100644 --- a/docs/threat-activity.md +++ b/docs/threat-activity.md @@ -2,18 +2,21 @@ {{ date_index("docs/advisories", prefix="advisories/", expand=1, include=2) }} -## WA SOC - Recent Threat Activity (March 2024) +## WA SOC - Recent Threat Activity (April 2024) Based on recent high impact incidents seen by the WA SOC, security teams should be focusing on the below areas of improvement: !!! warning "WASOC Guidance targeted on recent threat activity" - - Phishing campaigns that attempt to impersonate legitimate webpages ["Spoofing"](https://www.mimecast.com/content/website-spoofing/) of organisations + - Lessons from XZ Utils: Achieving a More Sustainable Open Source Ecosystem (https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem) + - Secure by Design [CISA Guidance on SBOM](https://www.cisa.gov/sites/default/files/2023-10/SecureByDesign_1025_508c.pdf) + - Software Bill of Materials [SBOM](https://www.cisa.gov/sbom) - Publication on the [SVR](https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/svr-cyber-actors-adapt-tactics-initial-cloud-access) activity targeting Government cloud infrastructure. Review and adapt the [SCuBA Toolset](https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project) to validate security controls. Recent WA SOC advisories this month worth staying across include: -- [Fortinet Services](https://soc.cyber.wa.gov.au/advisories/20240313002-Fortinet-Updates-Multiple-Products/) -- [XZ Utility](https://soc.cyber.wa.gov.au/advisories/20240402002-Supply-Chain-Compromise-Affecting-XZ-Utils-Data-Compression-Library/) +- [Palo Alto Networks PAN-OS Command Injection Vulnerability](https://soc.cyber.wa.gov.au/advisories/20240415001-PaloAlto-Networks-PAN-OS-Command-Injection-Vulnerability/) +- [Ivanti Security Update for Connect Secure and Policy Secure Gateways](https://soc.cyber.wa.gov.au/advisories/20240402002-Supply-Chain-Compromise-Affecting-XZ-Utils-Data-Compression-Library/) +- [ArcaneDoor Exploiting Cisco ASA Vulnerabilities](https://soc.cyber.wa.gov.au/advisories/20240426001-ArcaneDoor-Exploiting-Cisco-ASA-Vulnerabilities/) Agencies should review the latest [NIST CSF 2.0](https://www.nist.gov/quick-start-guides) and the new [AI Policy and Assurance Framework](https://www.wa.gov.au/government/publications/wa-government-artificial-intelligence-policy-and-assurance-framework).