Search

INC Ransom Affiliate Model Enabling Targeting of Critical Networks   Advisory

Mar 6, 2026 - This advisory outlines the activity of ransomware group INC Ransom and their affiliate network, and the threat their operations currently pose to networks hosted in Australia, New Zealand, and the Pacific island states.

Identifying and Mitigating Living Off the Land Techniques   Advisory

Feb 8, 2024 - This Guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies (hereafter referred to as the authoring agencies), provides information on common living off the land (LOTL) techniques and common gaps in cyber defense capabilities.

ASD's ACSC Threat Report 2015   Reports and statistics

Jul 15, 2015 - This report describes the range of cyber adversaries targeting Australian networks, their motives, and the type of malicious activities they are conducting and their impact on Australian networks during 2014. It also offers mitigation advice on how organisations can defend against these activities.

Secure-by-Design Foundations   News

Jul 31, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released updated guidance to help technology manufacturers and those who use their digital product or service to adopt secure-by-design principles.

New zero trust guidance – seeking industry feedback   News

Feb 10, 2025 - Have your say on new Foundations for modern defensible architectures, including zero trust and secure-by-design principles.

Quantum technology primer: Overview   Publication

Feb 19, 2025 - Learn about quantum technologies, the principles that enable their unique capabilities, and how organisations can prepare.

Detecting socially engineered messages   Publication

Oct 6, 2021 - Socially engineered messages pose a significant threat to organisations. They can have a big impact, helping malicious actors access accounts, systems or sensitive information. Learn how to spot a socially engineered message, including through email, SMS, social media or messaging apps.

Modern defensible architecture   Publication

Oct 23, 2025 - Modern defensible architecture is the first step in Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC)’s push to ensure that secure architecture and design are being considered and applied by organisations in their cyber security and resilience planning.

Engaging with artificial intelligence   Publication

Jan 24, 2024 - The purpose of this paper is to provide organisations with guidance on how to use artificial intelligence (AI) systems securely. The paper summarises some important threats related to AI systems and includes cyber security mitigation strategies to aid organisations in engaging with AI while managing risk. It provides mitigations to assist both organisations that maintain their own AI systems and organisations that use third-party AI systems.

Launch of the Annual Threat Report   News

Nov 4, 2022 - The Annual Cyber Threat Report is ACSC’s flagship unclassified publication. The Report provides an overview of key cyber threats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online.

Guidelines for system monitoring   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system monitoring.

Critical vulnerability in Microsoft Windows Server Update Service (WSUS)   Alert

Oct 25, 2025 - Critical vulnerability impacting Microsoft Windows Server Update Service – CVE-2025-59287. ASD’s ACSC recommends organisations update affected products to the latest versions and follow the advice detailed in the Microsoft Security Update guide.

Remote access to operational technology environments   Publication

Mar 28, 2023 - Many critical infrastructure providers are moving to support remote working arrangements. In doing so, modifying cyber security defences for operational technology environments (OTE) is not a decision that should be taken lightly.

Guidelines for personnel security   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.

Exploitation of existing Fortinet Vulnerabilities    Alert

Apr 11, 2025 - Fortinet has released information regarding exploitation of previously known vulnerabilities affecting Fortinet devices.
ASD’s ACSC recommends customers follow the advice contained in Fortinet’s advisory page.

Fast Flux: A national security threat   Advisory

Apr 4, 2025 - This advisory is for network defenders and explains how Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection. It highlights the importance of using a reputable Protective DNS (PDNS) provider that detects and blocks fast flux.

Guidelines for data transfers   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on data transfers.

Critical vulnerabilities in multiple Fortinet products - FortiCloud SSO Login Authentication Bypass   Alert

Dec 10, 2025 - Critical vulnerabilities in Multiple Fortinet Products - FortiCloud SSO Login Authentication Bypass CVE-2025-59718 & CVE-2025-59719. ASD’s ACSC recommends organisations update affected products to the latest versions and follow the advice detailed in the Fortinet Advisory.

Scammers impersonating the ASD's ACSC   Alert

Jun 13, 2025 - Scammers are impersonating the ASD's ACSC sending out phishing emails to the public with the email content suggesting to download a malicious antivirus program.

Medibank Private Cyber Security Incident   Alert

Dec 1, 2022 - ASD’s Australian Cyber Security Centre is working closely with Medibank Private following the recent incident.