Search

System hardening and administration   

Apr 11, 2023 - It is important for all organisations to maintain the cybersecurity of their systems and data.

Preparing for and responding to denial-of-service attacks   Publication

Mar 17, 2025 - Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.

Incident response  

Apr 12, 2024 - This page lists publications on preparing for and responding to cybersecurity incidents.

FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability   Alert

Jan 15, 2025 - Fortinet has released information regarding an identified vulnerability in FortiOS version 7.0 and FortiProxy versions 7.0 and 7.2 instances. ASD’s ACSC recommends customers follow the advice contained in Fortinet’s notification.

Cloud security guidance  

Jan 18, 2024 - This page lists publications on securing the use of cloud computing services.

Essential Eight  

Nov 27, 2023 - While no set of mitigation strategies are guaranteed to protect against all cyberthreats, organisations are recommended to implement eight essential mitigation strategies from the Strategies to mitigate cybersecurity incidents  as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

ISM OSCAL releases  

Mar 2, 2023 - List of current and previous ISM releases in the OSCAL format.

System hardening  

Dec 2, 2020 - This page lists publications on the hardening of applications and IT equipment.

Protect yourself from ransomware   Guidance

Feb 12, 2025 - A ransomware attack could block you from accessing your device or the information on it. Take some time to consider how a ransomware attack might affect you.

Network hardening  

Apr 11, 2023 - This page lists publications on the hardening of network infrastructure.

Email hardening  

Apr 11, 2023 - This page lists publications on the hardening of message exchange via electronic mail.

Revised patch released to disable mitigation against Spectre variant 2   Advisory

Jan 29, 2020 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.

Email security  

Jul 29, 2024 - Protect yourself, your employees and business from an email security incident before it's too late.

IRAP resources   Program page

Jun 16, 2025 - IRAP resources

APT exploitation of Fortinet Vulnerabilities   Alert

Apr 3, 2021 - Advanced Persistent Threat (APT) actors targeting historic Fortinet vulnerabilities.

Cyber supply chains  

Dec 3, 2020 - This page lists publications on cyber supply chain risk management.

Security tips for social media and messaging apps   Publication

Jul 14, 2022 - It's a great way to stay in touch and share content online. This guide covers the risks of using social media and messaging apps and what to look out for. It also covers ways to help keep accounts safe for business and personal use.

People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations   Advisory

Sep 19, 2024 - Cyber actors may have used botnet to compromise thousands of Internet-connected devices.

Remote working  

Jul 30, 2024 - This page lists publications on working securely when away from the office environment.

Connecting with others online   

Jul 30, 2024 - It is easier than ever to stay in contact with people online. However, using popular online apps and tools can make you more susceptible to cybercriminals.

User education  

Apr 11, 2023 - This page lists publications on cybersecurity that relate to the behaviour of people and virtual communities of people.

End of support   Guidance

Jul 29, 2024 - ‘End of support’ is when software is no longer support by the product developer that makes it. It will no longer receive security updates, general software updates or technical support.

Secure by Design  

Jul 22, 2024 - Secure by Design is a proactive, security-focused approach to the development of digital products and services that necessitates a strategic alignment of an organisation’s cybersecurity goals. Secure by Design requires cyberthreats to be considered from the outset to enable mitigations through thoughtful design, architecture and security measures. Its core value is to protect consumer privacy and data through designing, building, and delivering products with fewer vulnerabilities.

Legacy IT management  

Apr 11, 2024 - This page lists publications on managing the risks posed by legacy IT.

System administration  

Dec 3, 2020 - This page lists publications on securely administering systems.

Managed services  

Apr 11, 2023 - This page lists publications on the provision and use of managed services.

Consider your cyber hygiene in light of global events   News

Jul 1, 2025 - Around the world, geopolitical tensions remain complex as nations navigate diplomatic, economic, and military challenges. ASD’s ACSC recommends that organisations continue to review their current cyber security posture and maintain sufficient monitoring for cyber threats.

Passphrases  

Protect your accounts from cybercriminals with a secure password or passphrase.

Identity theft   Threat

Nov 14, 2024 - Learn about how identity theft can affect you and how to keep your personal information secure.

Essential Eight maturity model FAQ   Publication

Oct 28, 2024 - This publication provides answers to frequency asked questions on how to implement the Essential Eight.