You can view all our news and media releases from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
20 Apr 2020
COVID-19 cyber scams mount against Australians
Cybercriminals continue to target Australians through a range of COVID-19 themed scams, fraud attempts and deceptive email schemes, the Australian Cyber Security Centre (ACSC) has warned in a new threat update.
15 Apr 2020
Are you cyber-safe at home?
With increasing numbers of Australians working from home to combat the spread and impact of COVID-19, the Australian Cyber Security Centre (ACSC) has issued a new advisory containing tips to reduce the risk of Australians falling victim to cybercriminals at home.
07 Apr 2020
Protecting small business against cyber attacks during COVID-19
The Australian Cyber Security Centre (ACSC) has published advice on how small businesses can better protect themselves from cyber attacks and disruptions during COVID-19.
02 Apr 2020
Stay safe and be tele aware
In light of COVID-19, many businesses and individuals are now turning to web conferencing systems, like Zoom, Skype, Google Hangouts, GoToMeeting and Cisco WebEx to connect online.
01 Apr 2020
ACSC program enters its next phase through JCSCs
The ACSC Partnership Program is increasingly bringing industry, academia, law enforcement and government agencies together in collaborative work spaces, enabling information-sharing and network-hardening across the economy. This is being enabled through the network of Joint Cyber Security Centres (JCSCs) around Australia.
ACSC aware of critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of a critical vulnerability that exists in the Citrix Application Delivery Controller (ADC) (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway).
27 Mar 2020
Microsoft warns of vulnerabilities in Adobe Type Manager Library
The ACSC is aware of Microsoft’s recent disclosure of two remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library. Microsoft reports that there is targeted exploitation of these vulnerabilities.
Cyber scams during the COVID-19 crisis - ABC Radio interview
Mr Karl Hanmore, acting Head Australian Cyber Security Centre, interview with Wendy Harmer and Robbie Buck on ABC Radio Sydney, 27 March 2020
13 Mar 2020
Cyber security is essential when preparing for COVID-19
Ensuring good cyber security measures now is the best way to address the cyber threat.
12 Mar 2020
Microsoft warns of vulnerabilities in SMBv3 (update: patch released 13 March 2020)
The ACSC is aware of Microsoft’s recent disclosure of a vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol called CVE-2020-0796, also known as EternalDarkness.
02 Mar 2020
Joint public statement on independent review of CSCP and IRAP
In late July 2019, the Australian Signals Directorate (ASD) commissioned an independent review of its Cloud Services Certification Program (CSCP) and Information Security Registered Assessors Program (IRAP).
03 Dec 2019
Shopping safely online at holiday time
What are the do’s and don’ts to avoid online shopping scams? Read our tips now.
28 Nov 2019
Online fraud and shopping scams among the top cybercrimes targeting Australians
Australians are urged to be vigilant and protect themselves online, especially over the busy festive period.
07 Nov 2019
National Cyber Security Committee urges vigilance as two concerning cyber security threats are in the wild
The ACSC, with its state and territory partners, is continuing to respond to the widespread malware campaign known as Emotet while responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.
24 Oct 2019
Widespread exploitation of vulnerable systems via Emotet malware
The ACSC is investigating a widespread malware campaign known as Emotet. Emotet is a Trojan virus delivered via emails sent with malicious attachments.
01 Oct 2019
Vulnerability in Pulse Connect Secure VPN Software
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of a working exploit for a vulnerability that exists in the Pulse Connect Secure Virtual Private Network (VPN) solution software.
07 Sep 2019
ACSC confirms the public release of BlueKeep exploit
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of the overnight release of a working exploit for the vulnerability known as BlueKeep (CVE-2019-0708). Australian businesses and users of older versions of Windows should update their systems as soon as practically possible, before hackers further refine their tools and tradecraft in order to fully utilise this exploit.
04 Sep 2019
Australian Government Information Security Manual updated
The Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC) has released updates to the Australian Government Information Security Manual (ISM) to help organisations set the strategic framework for protecting their systems and information from cyber threats.
29 Aug 2019
Electricity program generates a buzz
The ACSC has been actively working with energy sector organisations and government agencies to strengthen their resilience to cyber security threats.
26 Jul 2019
Cyber security best practice in mergers, acquisitions and MoG changes
The ACSC has developed tailored advice to help organisations manage the increased cyber security risks, including when data is being migrated from one system to another. Businesses undergoing major organisational change, whether it be through a merger, acquisition or machinery of government changes, are an attractive target for cyber criminals because of significant upheaval and disruption to the normal flow of business.
25 Jul 2019
Cyber defences tested in the ACSC and Splunk BOTS Day
The ACSC and Splunk Boss of the Security Operations Centre (BOTS) Day is underway today with up to 650 players participating across Australia and New Zealand. The region’s biggest capture-the-flag-style event tests the skills of cyber security professionals in our largest business, government and education organisations.
23 Jul 2019
Business Email Compromise freight forwarding scam
The Australian Cyber Security Centre (ACSC) is warning small to medium sized businesses supplying IT and electrical products of a social engineered email scam requesting quotes on goods.
02 Jul 2019
Updates to the Essential Eight Maturity Model
As the lead agency on cyber security, the ACSC assists organisations by adopting a risk management approach and providing expert advice that best meets their specific needs. It’s never one-size-fits-all.
19 Jun 2019
Australian Cyber Security Centre advises Windows users across Australia to protect against BlueKeep
The ACSC is aware of Microsoft’s recent disclosure of a remote desktop vulnerability called CVE-2019-0708, also known as BlueKeep. As an indication of just how significant the impacts of BlueKeep can be to their customers, Microsoft took the unusual step of publishing advice to warn of its ability to propagate or ‘worm’ through vulnerable computer systems, with no user interaction at all.
17 Jun 2019
ACSC Small Business Survey. Tell us about your cyber security challenges
The ACSC Small Business Survey is being shared with a range of government and small business support groups around Australia, inviting members and stakeholders to participate. The survey is an opportunity to share the challenges small businesses face and to know what they’re worried about, so we can help businesses of all kinds manage risks and minimise harm.
25 May 2019
Canva users advised to change your password
The ACSC is aware of a security incident affecting the Australian online design platform, Canva.
23 May 2019
Never let a stranger remotely access your devices
The ACSC regularly receives reports from businesses and members of the public about remote access scams. Allowing anyone open access to your devices can, and usually does, end with devastating consequences.
19 May 2019
Phone scammers impersonating ACSC
The ACSC is aware of a new scam where people call who pretend to be from the ACSC, seeking your help to act against cyber criminals.
17 May 2019
You need to patch to protect your business online
Malicious actors are compromising Australian business Remote Desktop Protocol (RDP) services, also known as Windows Terminal Services or Windows Remote Desktop.
15 May 2019
Follow our essential steps to protect your business
This week is national Privacy Awareness Week, an annual initiative of the Office of the Australian Information Commissioner that raises awareness of privacy issues and the importance of protecting personal information.
Users advised to update WhatsApp
The ACSC advises users of WhatsApp to implement the latest fix for a reported vulnerability.
02 May 2019
Take steps to better secure yourself
The ACSC has released a checklist to help Australians protect themselves from cyber criminals. Lottery and grant scams, identity theft, investment scams, hacking, phishing, dating and romance scams, online abuse and sextortion are just some of the threats people face.
03 Apr 2019
Subject - Urgent payroll request
Cyber criminals are trying to commit payroll fraud by sending fake emails requesting a change to your bank details.
30 Mar 2019
Fake Paypal emails request ‘account details’
The ACSC is aware of malicious emails that are falsely advising Australians that their account has violated Paypal rules. These phishing emails try to lure the recipient into sharing personal information which could then be used for identity theft and financial gain by cyber criminals.
26 Mar 2019
Keeping up with the updates
The ACSC advises users of Drupal and Firefox to implement the latest fixes for vulnerabilities.
PageUp data incident
On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems proactively informing of a possible breach.
Plug in to ACSC for cyber resilience
The Australian Cyber Security Centre (ACSC) has launched a nationwide program of cyber resilience and response activities for the electricity industry and for government agencies that have an energy and cyber security role.
21 Mar 2019
WordPress 5.1.1 security update
The Australian Cyber Security Centre advises users and administrators of WordPress version 5.1 to update their applications to WordPress 5.1.1. The update addresses a vulnerability that could allow an attacker to take control of an affected website. WordPress 5.1 and prior versions are affected.
Norwegian aluminium giant hit by ransomware
Norsk Hydro, a Norwegian aluminium and renewable energy company, was subject to a ransomware attack on Tuesday, 19 March 2019.
20 Mar 2019
Fake CIA emails requesting Bitcoin or arrest
The ACSC is aware of malicious emails claiming to be from the US Central Intelligence Agency (CIA) that are being received by Australians.
18 Mar 2019
Who will be Australia’s next Boss of the SOC?
The Australian Cyber Security Centre (ACSC) and Splunk are teaming up this week to host Australia’s largest ever cyber security challenge.
15 Mar 2019
New approach to support cyber security
The updated Australian Government Information Security Manual (ISM) has been released by the Australian Cyber Security Centre (ACSC).
14 Mar 2019
A wave of fake social media accounts
The Australian Cyber Security Centre (ACSC) recently discovered multiple fake Twitter accounts pretending to be affiliated with an Australian company. The accounts featured similar branding and messaging using fake identities and contact details, creating possible confusion for users looking for support.
12 Mar 2019
Joint report on publicly available hacking tools
This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the UK and USA. It highlights the use of five publicly available tools, observed in recent cyber incidents around the world.
08 Mar 2019
Google Chrome security update
The ACSC advises Google Chrome users to update their browser in order to patch a known vulnerability.
22 Feb 2019
ACSC detects malicious activity targeting political party networks
ACSC identifies that during the recent Australian Parliament House Network investigation, a sophisticated state actor was also revealed to have undertaken malicious activities on Australian political party networks including The Nationals, Labor and Liberal.
20 Feb 2019
GPS week roll over 6 April
On 6 April, the GPS week counter rolls over and resets to zero. This change may affect industrial control systems and critical infrastructure owners and operators. This rollover may affect log time stamp information, loss of communication between devices, inability to authenticate multi-factor authentication, or the ability to log in to computers.
07 Feb 2019
Get serious about protecting commercial secrets
The ACSC urges organisations to step up efforts to protect themselves from cyber criminals, after the December quarter Notifiable Data Breaches Quarterly Statistics Report revealed an increase in reported malicious or criminal activity.
05 Feb 2019
ACSC celebrates Safer Internet Day
Today marks Safer Internet Day (SID), and the Australian Cyber Security Centre (ACSC) is a proud partner in supporting this year's theme -- 'Together for a better internet'.
01 Feb 2019
Scammers claiming to be from ICT service desks targeting user multi-factor authentication
The Australian Cyber Security Centre (ACSC) is aware of a phone scam asking staff members of a critical infrastructure organisation to reveal their multifactor authentication credentials.
