Search

Microsoft's investment in Australia’s cyber security   News

Oct 24, 2023 - The Prime Minister has announced Microsoft’s $5 billion commitment to building Australia’s cyber defence.

Protect yourself: Updates   Guidance

Oct 14, 2022 - Cybercriminals are always looking for easy paths to get onto your devices.

Choosing secure and verifiable technologies: Executive guidance   Publication

Dec 5, 2024 - This guide supports senior leaders to enable their organisations to understand their threat environment and make better-informed assessments and decisions to procure secure technologies.

Russian GRU targeting Western logistics entities and technology companies   News

May 22, 2025 - We have released a joint advisory outlining the tactics, techniques and procedures of a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies.

Head of ACSC talks cyber security with Natarsha Belling in podcast special   News

Nov 29, 2021 - Ms Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), recently sat down with journalist Natarsha Belling to discuss the common cyber threats affecting Australians today.

PRC state-sponsored cyber group APT40’s expanding tradecraft and tactics    News

Jul 9, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released a new joint advisory with international partners on the People’s Republic of China (PRC) Ministry of State Security (MSS) tradecraft in action.

Secure mobility  

Feb 4, 2021 - This page lists publications on mobile device management and usage.

Governance  

May 16, 2024 - This page lists publications on governance strategies that can be applied to improve cybersecurity within organisations.

Artificial intelligence  

Apr 12, 2024 - This page lists publications on the governance and use of artificial intelligence.

PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure   Advisory

Feb 8, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

Australia joins US and UK to warn of 2021 Ransomware trends   News

Feb 10, 2022 - Ransomware continues to be a global threat, and cybercriminals using ransomware pose a significant risk to Australian organisations and households.

The ASD's ACSC asks, ‘Have you been hacked?’   News

Aug 16, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has launched a new online tool to help people who may be a victim of a cyber attack – Have you been hacked?

Information Security Registered Assessor Program (IRAP)   News

Dec 15, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is further enhancing cyber security assessment and training, improving cyber skills, and creating new cyber careers for Australians through the Information Security Registered Assessor Program (IRAP).

Translated information  

Apr 4, 2024 - We have developed easy-to-follow cybersecurity information and resources to support people from non-English speaking backgrounds to be more cyber secure.

#StopRansomware: Play ransomware   Advisory

Dec 19, 2023 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Enhanced visibility and hardening guidance for communications infrastructure   Advisory

Dec 4, 2024 - This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.

Protect yourself from scams  

Feb 3, 2025 - Protect your accounts by recognising and reporting scams.

Security considerations for edge devices   Publication

Feb 5, 2025 - Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.

Preparing for and responding to denial-of-service attacks   Publication

Mar 17, 2025 - Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways   Advisory

Feb 28, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC), and the UK’s National Cyber Security Centre (NCSC), are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893—multiple vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure gateways.

Resources library  

Nov 21, 2024 - Resources for individuals, families and small businesses

Remote access to operational technology environments   Publication

Mar 28, 2023 - Many critical infrastructure providers are moving to support remote working arrangements. In doing so, modifying cybersecurity defences for operational technology environments (OTE) is not a decision that should be taken lightly.

Are you protected against ‘fast flux’?   News

Apr 4, 2025 - Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection by network defenders and law enforcement agencies.

FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability   Alert

Jan 15, 2025 - Fortinet has released information regarding an identified vulnerability in FortiOS version 7.0 and FortiProxy versions 7.0 and 7.2 instances. ASD’s ACSC recommends customers follow the advice contained in Fortinet’s notification.

Revised patch released to disable mitigation against Spectre variant 2   Advisory

Jan 29, 2020 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.

Protect yourself from ransomware   Guidance

Feb 12, 2025 - A ransomware attack could block you from accessing your device or the information on it. Take some time to consider how a ransomware attack might affect you.

APT exploitation of Fortinet Vulnerabilities   Alert

Apr 3, 2021 - Advanced Persistent Threat (APT) actors targeting historic Fortinet vulnerabilities.

How to secure your devices  

Nov 29, 2024 - Protect your sensitive data and accounts. Learn how to secure your devices such as your computer, mobile phone and Internet of Things devices.

Critical Infrastructure  

Jul 22, 2024 - Technical advice and non-regulatory guidance for critical infrastructure.

Information security manual  

Sep 26, 2024 - The Information security manual (ISM) is a cybersecurity framework that an organisation can apply, using their risk management framework, to protect their information technology and operational technology systems, applications and data from cyberthreats.