OzTech: Australian IT talent not good enough; Five Eyes reveals attacks via new and old vulnerabilities

Australia’s IT talent isn’t good enough

A survey of Australian Information Industry Association (AIIA) members found that while 75% of tech companies in the country are actively hiring, only 65% ​​said they hire local talent. This means that 35% are looking for foreign talent.

Most respondents do not believe that the education system provides job-ready candidates, with 49% of respondents saying further training is needed for those leaving university to enter the labor market effectively.

AIIA has 200 active members, 87% of which are local Australian small and medium-sized businesses. Just over 100 members participated in the survey.

Five Eyes reveals attacks via new and old vulnerabilities

Another week, another warning – this time an advisory co-authored by the cybersecurity agencies of the Five Eyes nations – Australia, Canada, New Zealand, US and UK – revealed 15 common vulnerabilities and exposures targeted by cyber-actors in 2021.

Among the most targeted vulnerabilities was Log4Shell, affecting Apache’s Log4j library. Many of the top 15 vulnerabilities were on Microsoft Exchange mail servers.

Globally, in 2021, cyber attackers have targeted Internet-connected systems, such as mail servers and virtual private network (VPN) servers. The top 15 vulnerabilities were:

  1. CVE-2021-44228 (Log4Shell): Apache Log4j Remote Code Execution (RCE) Vulnerability
  2. CVE-2021-40539: RCE Vulnerability in Zoho ManageEngine AD SelfService Plus
  3. CVE-2021-34523 (ProxyShell): Microsoft Exchange Server Elevation of Privilege Vulnerability
  4. CVE-2021-34473 (ProxyShell): RCE Vulnerability in Microsoft Exchange Server
  5. CVE-2021-31207 (ProxyShell): Bypassing Security Feature in Microsoft Exchange Server
  6. CVE-2021-27065 (Proxy connection): RCE Vulnerability in Microsoft Exchange Server
  7. CVE-2021-26858 (Proxy connection): RCE Vulnerability in Microsoft Exchange Server
  8. CVE-2021-26857 (ProxyLogon): RCE Vulnerability in Microsoft Exchange Server
  9. CVE-2021-26855 (Proxy connection): RCE Vulnerability in Microsoft Exchange Server
  10. CVE-2021-26084: Arbitrary Code Execution Vulnerability in Atlassian Confluence Server and Data Center
  11. CVE-2021-21972: RCE Vulnerability in VMware vSphere Client
  12. CVE-2020-1472 (ZeroLogon): Microsoft Netlogon Remote Protocol (MS-NRPC) Elevation of Privilege Vulnerability
  13. CVE-2020-0688: RCE Vulnerability in Microsoft Exchange Server
  14. CVE-2019-11510: Pulse Secure Arbitrary File Read Vulnerability Pulse Connect Secure
  15. CVE-2018-13379: Path Traversal Vulnerability in Fortinet FortiOS and FortiProxy

The advisory also listed 21 other commonly exploited vulnerabilities affecting Internet-connected systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure.

Copyright © 2022 IDG Communications, Inc.

Leave a Comment