You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 571 - 600 of 661 results.
Remote code execution vulnerability present in the Windows Scripting Engine of Microsoft Windows Alert
Sep 16, 2021 - A vulnerability exists in a component of Microsoft Windows. A malicious cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian customers should apply the security update provided by Microsoft.
Critical vulnerability present in certain versions of Microsoft Excel Alert
Nov 11, 2021 - Microsoft has identified active exploitation of a vulnerability in Microsoft Excel. Affected Australian organisations should apply the available security update as soon as possible.
Remote code execution vulnerability present in the MSHTML component of Microsoft Windows Alert
Sep 14, 2021 - A vulnerability exists in a component of Microsoft Windows. A malicious cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. At this current time there is no patch available, affected Australian customers should apply the Microsoft recommended workarounds.
Remote code execution vulnerability present in SonicWall SMA 100 series appliances Alert
Jan 19, 2022 - A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.
Critical vulnerability in certain versions of Apache HTTP Server Alert
Oct 8, 2021 - A vulnerability exists in Apache HTTP Server 2.4.49. A cyber actor could exploit this vulnerability to execute arbitrary code. Initial information also indicates that the vulnerability could also be used perform remote code execution under certain configurations. Affected Australian organisations should apply the available patch.
Secure your Apple macOS device Guidance
Nov 29, 2024 - Your Apple macOS device often holds your most important data. Use these simple steps to protect your device from cyberattacks.
Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services Alert
Sep 16, 2021 - A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.
Sextortion campaign - What to do if you receive the email Advisory
Apr 16, 2020 - In most cases, there is no reason to be concerned. These emails are typically generated in their thousands by online scammers using limited personal details, with the aim of intimidating recipients into paying the ransom.
Critical vulnerabilities present in certain versions of Apple iOS, macOS and Safari Alert
Sep 14, 2021 - Vulnerabilities have been identified in certain versions of Apple iOS, macOS and Safari which could allow an actor to install malware or perform other actions on a vulnerable device or computer.
Remote code execution vulnerability present in Samba versions prior to 4.13.17 Alert
Feb 4, 2022 - A vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Exploitation of this vulnerability could allow a malicious cyber actor to perform privileged remote code execution. Affected Australian organisations should apply the available patch, including affected software vendors.
Guidelines for physical security Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on physical security.
Zoho ManageEngine ServiceDesk Plus & Desktop Central remote code execution vulnerabilities Alert
Dec 8, 2021 - Vulnerabilities have been identified in certain versions of Zoho ManageEngine ServiceDesk Plus and Desktop Central product suites. Australian organisations using vulnerable Zoho ManageEngine products should apply the available patch.
Using the Information security manual Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on using the ISM.
Critical vulnerabilities in ‘ownCloud’ file share Alert
Nov 29, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of multiple critical vulnerabilities affecting the file sync and sharing software ‘ownCloud’. This primarily impacts self-hosted instances of the open-source product. Those impacted should apply the patches available and consider the workarounds made available by the vendor.
Iranian-based cyber actors compromising critical infrastructure networks News
Oct 17, 2024 - Iran-based cyber actors are using brute force attacks such as password spraying to compromise critical infrastructure networks.
New guidance on detecting and mitigating Active Directory compromises News
Sep 26, 2024 - Does your organisation use Microsoft’s Active Directory? Read our latest guidance on Active Directory compromises now.
Data breaches Threat
Aug 30, 2023 - Sometimes personal information is released to unauthorised people by accident or as the result of a security breach. For example, an email with personal information can be sent to the wrong person, or a computer system can be hacked and personal information stolen. These are known as data breaches or data spills.
Business email compromise Threat
Feb 11, 2023 - Learn about email phishing and what to do if you are scammed out of money, goods or information.
2020-002: Critical vulnerabilities for Microsoft Windows Alert
Jan 15, 2020 - On 15 January 2020 (AEDT), Microsoft released security patches for three critical and one important vulnerabilities in the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows operating system. The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network.
Next.js authentication bypass vulnerability (CVE-2025-29927) Alert
Mar 25, 2025 - An authentication bypass in the middleware layer of Next.js can allow a remote attacker to bypass security checks. Customers should update to the patched version immediately.
System hardening and administration
Apr 11, 2023 - It is important for all organisations to maintain the cybersecurity of their systems and data.
Guidelines for media Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on media.
Guidelines for information technology equipment Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on information technology equipment.
Set secure passphrases
Jul 30, 2024 - Where multi-factor authentication is not available, a strong passphrase is your best defence.
Small Business Cloud Security Guides: Technical Example - Regular Backups Publication
Dec 16, 2022 - Implementing regular backups will assist your organisation to recover and maintain its operations in the event of a cybersecurity incident, for example, a ransomware attack.
Infosec Registered Assessors Program (IRAP) Program page
Aug 15, 2024 - The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.
Essential Eight
Nov 27, 2023 - While no set of mitigation strategies are guaranteed to protect against all cyberthreats, organisations are recommended to implement eight essential mitigation strategies from the Strategies to mitigate cybersecurity incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.
While you are shopping Guidance
The best way to avoid being a victim of cybercrime is to be informed. It is really important to know how to secure your device and recognise a fake website or scammer.
Turn on multi-factor authentication
Nov 9, 2022 - Protect your important accounts with extra login steps.
Remote code execution vulnerability in Windows DNS (CVE-2020-1350) Alert
Jul 15, 2020 - On 14 July 2020, Microsoft acknowledged a critical remote code execution vulnerability in Windows Domain Name System (DNS), which could allow an adversary to run arbitrary code.
