Search

Security tips for online gaming   Guidance

Mar 1, 2024 - The world of online gaming is a popular target for scammers and cybercriminals. Gaming accounts can provide access to game licenses and linked payment methods making them highly valuable.

Vulnerability disclosure programs explained   Publication

Dec 12, 2024 - A vulnerability disclosure program (VDP) is a collection of processes and procedures designed to identify, verify, resolve and report on vulnerabilities disclosed by people who may be internal or external to organisations. The importance of developing, implementing and maintaining a well thought-out VDP cannot be underestimated. It is an integral part of professional organisations’ business operations.

Securing customer personal data   Guidance

Jul 23, 2025 - This guide is focused specifically on the protection of customers’ personal data. Guidance on general cyber security for businesses can be found in the Small business cyber security guide and the Strategies to mitigate cyber security incidents published by ASD’s ACSC.

Technical example: Restrict administrative privileges   Publication

Dec 16, 2022 - Privileged account credentials are prized by cybercriminals because they provide extensive access to high value assets within a network. Restricting privileged access to only users with a demonstrated business need is essential to protecting your environment.

Cyber security priorities for boards of directors 2025-26   Publication

Oct 30, 2025 - This advice outlines questions boards can ask of management and their organisation to understand its cyber security posture in the current cyber threat environment.

Internet of Things devices   Guidance

Apr 11, 2023 - IoT devices can include smart televisions, security cameras and fridges. Learn how to buy and use IoT devices securely.

Planning for critical vulnerabilities: What the board of directors needs to know   Publication

Dec 14, 2023 - This publication provides information on why it is important that the board of directors is aware of and plan for critical vulnerabilities that have the potential to cause major cybersecurity incidents.

Industrial control systems: Remote access protocol   Publication

Oct 6, 2021 - External parties may need to connect remotely to critical infrastructure control networks. This access is to allow the manufacturers of equipment used in Australia’s critical infrastructure the ability to maintain the equipment, when a fault is experienced that cannot be fixed in the required timeframe any other method.

Implementing network segmentation and segregation   Publication

Oct 6, 2021 - Learn about practical strategies to make it harder for malicious actors to access sensitive data. This guidance is for those responsible for an organisation’s network architecture and design.

Defending against the malicious use of the Tor network   Publication

Oct 6, 2021 - The Tor network is a system that conceals a user’s IP address. It allows anonymous – and often malicious – communication. This guidance shares advice on how to detect and prevent traffic from the Tor network.

IoT Secure by Design guidance for manufacturers   Publication

Sep 21, 2023 - This guidance has been produced for manufacturers in order to help them implement thirteen Secure by Design principles.

Essential Eight maturity model changes   Publication

Nov 27, 2023 - This publication provides an overview of the changes for the November 2023 release.

Critical vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS)   Alert

Feb 1, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure, and Ivanti Policy Secure (IPS) gateways. The vulnerabilities affect all supported versions and configurations of the products. Customers should apply the mitigations made available by Ivanti and implement patches as they become available.

2023-03: ASD's ACSC Ransomware Profile – Lockbit 3.0   Advisory

Jun 15, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of Lockbit 3.0 which is the newest version of Lockbit ransomware. It is used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes as other variants such as encrypting their data, and extorting a ransom to return access to the sensitive files.

2021 Trends Show Increased Globalized Threat of Ransomware   Advisory

Feb 10, 2022 - This joint Cybersecurity Advisory—authored by cybersecurity authorities in the United States, Australia, and the United Kingdom—provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

Risk management of enterprise mobility (including Bring Your Own Device)   Publication

Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.

Connecting to public Wi-Fi and hotspots   Guidance

Apr 11, 2023 - Public Wi-Fi hotspots are found everywhere in places like your local shops, cafes, hotels and even at some parks. They can be a convenient way to access the internet when you are out, have poor reception or are travelling overseas. Learn more about connecting to public Wi-Fi and hotspots securely.

Technical example: Patch applications   Publication

Mar 1, 2023 - Patching applications is one of the most effective controls an organisation can implement to prevent cyber criminals from gaining access to their devices and sensitive information. Patches improve the security of applications by fixing known vulnerabilities.

Malicious email mitigation strategies   Publication

Oct 6, 2021 - Socially engineered emails containing malicious attachments and embedded links are routinely used in targeted cyber intrusions against organisations. This publication has been developed to provide mitigation strategies for the security risks posed by these malicious emails.

Report and recover from malware   Guidance

Nov 10, 2023 - If you’ve fallen victim to a malware attack, find out what to do and who to contact.