Search

Safer Internet Day 2021   News

Feb 9, 2021 - Safer Internet Day on 9 February 2021 aims to raise awareness of emerging online issues and share strategies everyone can use for staying secure online.

Multiple vulnerabilities affecting Cisco ASA 5500-X Series devices   Alert

Sep 26, 2025 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is aware of multiple vulnerabilities impacting Cisco Secure Firewall Adaptive Security Appliance (ASA) 5500-X Series models that are running Cisco ASA Software or Cisco Secure Firewall Threat Defense (FTD) Software.

Cisco reports active exploitation of these vulnerabilities globally. ASD’s ACSC has also observed targeting in Australia.

Guidelines for physical security   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on physical security.

Managing cryptographic keys and secrets   Publication

Aug 26, 2025 - This guide has been developed to help organisational personnel in understanding the threat environment and the value of implementing secure keys and secrets management to make better informed decisions.

Quantum technology primer: Communications   Publication

Mar 18, 2026 - Learn about quantum communications, their cyber security impacts, current limitations, and the potential risks organisations should consider.

Safe software deployment: How software manufacturers can ensure reliability for customers   Publication

Oct 25, 2024 - It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements.

Hardening Microsoft Windows 10 workstations   Publication

Sep 4, 2025 - This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 22H2.

Choosing secure and verifiable technologies: Executive guidance   Publication

Dec 5, 2024 - This guide supports senior leaders to enable their organisations to understand their threat environment and make better-informed assessments and decisions to procure secure technologies.

Secure by Design foundations   Publication

Jul 30, 2024 - ASD’s ACSC's Secure by Design foundations represent a first step in a new approach to assist technology manufacturers and customers to adopt Secure by Design. While the foundations are primarily designed to foster discussion within technology manufacturers on how to best approach Secure by Design, they contain relevant information and actions for technology customers.

PRC State-Sponsored Cyber Activity   Advisory

Mar 20, 2024 - This fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of
China (PRC) state-sponsored cyber actors known as "Volt Typhoon."

Strategies to mitigate cyber security incidents   Publication

Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

New Secure-by-Design publication released in collaboration with international partners   News

May 15, 2024 - Today, the Australian Signals Directorate has released a new Secure-by-Design advisory, Choosing Secure and Verifiable Technologies, developed and co-sealed with our Five Eyes partners.

Meltdown and Spectre patches unsuitable for some security products   Advisory

Jan 11, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of reporting that a variety of security products (e.g. antivirus solutions) are incompatible with Microsoft's patches for the Meltdown and Spectre vulnerabilities.

Secure administration   Publication

Oct 6, 2021 - Privileged access allows administrators to perform their duties, and is often seen as the ‘keys to the kingdom’. This publication provides guidance on how to implement secure administration techniques as part of the management of privileged access.

Serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket   Alert

Dec 7, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about serious vulnerabilities in certain Atlassian products (CVE-2023-22522, CVE-2023-22523 and CVE-2022-1471) which are fixed by recent patches. Operators are urged to review Atlassian’s advice and implement recommended mitigations before exploitation begins.

Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)   Advisory

Sep 22, 2020 - The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.

IRAP application form   Program

May 7, 2024 - IRAP application form

Limited use obligation is now law   News

Dec 10, 2024 - On 29 November 2024, the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 became law.

Remote Code Execution Vulnerability In Cisco Unified Communications Products   Alert

Jan 26, 2024 - ASD’s ACSC is aware of a vulnerability in Cisco Unified Communications Products (CVE 2024-20253).

Organisations using Cisco Unified Communication products are strongly advised to follow the mitigation advice provided by Cisco if they are vulnerable.

Microsoft introduces Exchange Emergency Mitigation service   News

Oct 1, 2021 - Microsoft has launched a new optional protection for Microsoft Exchange servers.