Search

Vulnerability disclosure programs explained   Publication

Dec 12, 2024 - A vulnerability disclosure program (VDP) is a collection of processes and procedures designed to identify, verify, resolve and report on vulnerabilities disclosed by people who may be internal or external to organisations. The importance of developing, implementing and maintaining a well thought-out VDP cannot be underestimated. It is an integral part of professional organisations’ business operations.

Connecting to public Wi-Fi and hotspots   Guidance

Apr 11, 2023 - Public Wi-Fi hotspots are found everywhere in places like your local shops, cafes, hotels and even at some parks. They can be a convenient way to access the internet when you are out, have poor reception or are travelling overseas. Learn more about connecting to public Wi-Fi and hotspots securely.

Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016   Publication

Jul 24, 2023 - Workstations are often targeted by malicious actors using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening applications on workstations is an important part of reducing this risk.

Information stealer malware   Guidance

Jul 15, 2025 - Information stealer malware is a type of malware designed to steal sensitive data from devices. This can include user credentials, browser data and more.

The Commonwealth Cyber Security Posture in 2024   Reports and statistics

Dec 5, 2024 - The Commonwealth Cyber Security Posture in 2024 informs the Australian Parliament on cyber security measures implemented across the Australian Government for the 2023–24 financial year.

Identifying and Mitigating Living Off the Land Techniques   Advisory

Feb 8, 2024 - This Guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies (hereafter referred to as the authoring agencies), provides information on common living off the land (LOTL) techniques and common gaps in cyber defense capabilities.

How to secure your devices  

Nov 29, 2024 - Protect your sensitive data and accounts. Learn how to secure your devices such as your computer, mobile phone and Internet of Things devices.

Using the Information security manual   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on using the ISM.

Exercise in a Box is here   News

Nov 17, 2022 - This service provides an all in one platform that your organisation can use to assess and improve its cyber security practices in your own time, in a safe environment, and as many times as you want.

Russian GRU targeting Western logistics entities and technology companies   Advisory

May 22, 2025 - This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies.

Ransomware Playbook   Guidance

Oct 10, 2024 - This interactive guide is here to assist you with taking all of the appropriate steps to prepare for, respond to and recover from a ransomware incident.

Technical example: User application hardening   Publication

Dec 16, 2022 - User application hardening protects an organisation from a range of threats including malicious websites, advertisements running malicious scripts and exploitation of vulnerabilities in unsupported software. These attacks often take legitimate application functionality and use it for malicious purposes. User application hardening makes it harder for cybercriminals to exploit vulnerabilities or at-risk functionality in your organisation’s applications.

Critical vulnerability in WatchGuard Firebox devices (CVE-2025-14733)   Alert

Dec 22, 2025 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of a critical vulnerability in WatchGuard Firebox devices.

Potential SolarWinds Orion compromise   Alert

Jan 25, 2021 - FireEye identifies global campaign leveraging malicious updates to SolarWinds software.

Secure your email   Guidance

Jul 29, 2024 - How to protect yourself when using email and reduce spam and malicious emails.

Artificial intelligence and machine learning: Supply chain risks and mitigations   Publication

Oct 16, 2025 - This guidance is intended for organisations and staff that deploy or develop AI or ML systems and components.

Questions to ask managed service providers   Publication

Oct 6, 2021 - Asking the right questions to managed service providers can help organisations better understand the cybersecurity of their systems and the services they provide.

New OT connectivity principles set a higher security bar for organisations   News

Jan 15, 2026 - Our latest guidance outlines 8 principles to secure operational technology connectivity, helping organisations reduce exposure, harden boundaries, and strengthen resilience across industrial environments.

Do you purchase technology for your organisation?   News

Dec 5, 2024 - Updated guidance and new guidance for executives now available for Choosing secure and verifiable technologies.

ForgeRock Open AM critical vulnerability   Alert

Jul 7, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ASD’s ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.