OzTech: Australian IT talent is not good enough; Five Eyes reveals attacks via new and old vulnerabilities

Australian IT talent not good enough

A survey of members of the Australian Information Industry Association (AIIA) has found that although 75% of technology companies in the country are actively hiring only 65% reported hiring local talent. This means 35% are going after overseas talent.

Most of the respondents do not believe the education system provides job-ready candidates, with 49% of respondents saying that further training is needed for those leaving university to join the workforce effectively.

AIIA has 200 active members, 87% of whom are local small and medium Australian businesses. Just over 100 members took part on the survey.

Five Eyes reveals attacks via new and old vulnerabilities

Another week, another warning — this time an advisory co-authored by cybersecurity agencies of Five Eyes nations—Australia, Canada, New Zealand, the US, and the UK—revealed 15 common vulnerabilities and exposures that were targeted by cyber actors during 2021.

Among the most targeted vulnerabilities were was Log4Shell, affecting Apache’s Log4j library. Many of the top 15 vulnerabilities were on Microsoft Exchange email servers.

Globally, in 2021, cyberattackers targeted internet-facing systems, such as email servers and virtual private network (VPN) servers. The top 15 vulnerabilities were:

1. CVE-2021-44228 (Log4Shell): Remote code execution (RCE) vulnerability in Apache Log4j
2. CVE-2021-40539: RCE vulnerability in Zoho ManageEngine AD SelfService Plus
3. CVE-2021-34523 (ProxyShell): Elevation of privilege vulnerability in Microsoft Exchange Server
4. CVE-2021-34473 (ProxyShell): RCE vulnerability in Microsoft Exchange Server
5. CVE-2021-31207 (ProxyShell): Security feature bypass in Microsoft Exchange Server
6. CVE-2021-27065 (ProxyLogon): RCE vulnerability in Microsoft Exchange Server
7. CVE-2021-26858 (ProxyLogon): RCE vulnerability in Microsoft Exchange Server
8. CVE-2021-26857 (ProxyLogon): RCE vulnerability in Microsoft Exchange Server
9. CVE-2021-26855 (ProxyLogon): RCE vulnerability in Microsoft Exchange Server
10. CVE-2021-26084: Arbitrary code execution vulnerability in Atlassian Confluence Server and Data Center
11. CVE-2021-21972: RCE vulnerability in VMware vSphere Client
12. CVE-2020-1472 (ZeroLogon): Elevation of privilege vulnerability in Microsoft Netlogon Remote Protocol (MS-NRPC)
13. CVE-2020-0688: RCE vulnerability in Microsoft Exchange Server
14. CVE-2019-11510: Arbitrary file reading vulnerability in Pulse Secure Pulse Connect Secure
15. CVE-2018-13379: Path traversal vulnerability in Fortinet FortiOS and FortiProxy

The advisory also listed another 21 commonly exploited vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure.