Search

U.S., U.K., and Australia Issue Joint Cyber security Advisory   News

Jul 28, 2021 - Cyber Agencies Share Top Routinely Exploited Vulnerabilities

Cloud computing security for executives   Publication

Jan 18, 2024 - This publication is designed to provide executives from organisations looking to utilise cloud computing services an overview of the components that make up ‘cloud’ and help understand the security risks to be considered when using cloud computing.

Domain Name System security for domain resolvers   Publication

Oct 6, 2021 - This publication explores DNS security for recursive resolution servers. It also shares helpful strategies to reduce the risk of DNS resolver subversion or compromise.

Practical cybersecurity tips for business leaders   Publication

Jan 17, 2024 - Business leaders can be appealing targets for malicious actors due to the sensitive information they can access, the important people they interact with and the influence they hold. This publication includes a checklist of practical tips business leaders can implement to improve their cybersecurity. The checklist is followed by a brief explanation of each tip and why it is recommended.

Network hardening  

Apr 11, 2023 - This page lists publications on the hardening of network infrastructure.

Principles of operational technology cybersecurity   Publication

Oct 2, 2024 - Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cybersecurity and safety of their OT.

Quiz library   Guidance

Test your knowledge about cybersecurity practices and threats through our quizzes.

Domain Name System security for domain owners   Publication

Oct 6, 2021 - This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

Strategies to mitigate cyber security incidents  

Aug 30, 2023 - The Australian Signals Directorate has developed prioritised mitigation strategies to help organisations mitigate cyber security incidents caused by various cyber threats.

Introduction to Cross Domain Solutions   Publication

Oct 6, 2021 - This publication introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.

Alerts and advisories  

Jan 30, 2023 - Find the latest in cybersecurity alerts and advisories

Privacy  

Oct 24, 2022 - The cyber.gov.au website, including the cyber incident reporting portal (ReportCyber), is operated by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC). The ASD's ACSC is part of the Australian Signals Directorate (ASD), an Australian Government agency.

OS Command Injection Vulnerability in GlobalProtect Gateway   Alert

May 3, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-3400) that enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud assessment and authorisation   Publication

Jan 18, 2024 - This publication is co-designed with industry to support the secure adoption of cloud services across government and industry.

Cyber resources for small businesses   News

Feb 11, 2022 - Last December, the Council of Small Business Organisations Australia (COSBOA) co-hosted an Act Now, Stay Secure breakfast at the National Portrait Gallery, along with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the Department of Home Affairs.

People’s Republic of China (PRC) State-Sponsored Cyber Actor Living Off the Land to Evade Detection   Alert

May 25, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC), in conjunction with the United States (US) National Security Agency (NSA) its international partners, has released a Cybersecurity Advisory regarding a PRC state-sponsored cyber actor conducting activity impacting US critical infrastructure (CI) sectors. Because of the potential risk to CI sectors outside the US, all organisations are encouraged to review the published Advisory and report any malicious activity to the ASD's ACSC.

User education  

Apr 11, 2023 - This page lists publications on cybersecurity that relate to the behaviour of people and virtual communities of people.

Exploitation of existing Fortinet Vulnerabilities    Alert

Apr 11, 2025 - Fortinet has released information regarding exploitation of previously known vulnerabilities affecting Fortinet devices.
ASD’s ACSC recommends customers follow the advice contained in Fortinet’s advisory page.

APT exploitation of Fortinet Vulnerabilities   Alert

Apr 3, 2021 - Advanced Persistent Threat (APT) actors targeting historic Fortinet vulnerabilities.

Microsoft Exchange ProxyShell Targeting in Australia   Alert

Aug 19, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.

Critical security vulnerability affecting Apache Struts2 below 6.4.0.   Alert

Dec 13, 2024 - ASD’s ACSC is aware of a critical vulnerability impacting Apache Struts2 below 6.4.0 (CVE-2024-53677).

Cyber Incident Management Arrangements for Australian Governments   Publication

Sep 18, 2023 - The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.

Ten things to know about data security   Publication

May 16, 2024 - This publication has been developed to assist business owners and information technology managers, particularly those unfamiliar with cybersecurity, with ten things they should know about data security.

Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)   Advisory

Sep 22, 2020 - The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.

Joint advisory released for Managed Service Providers and Customers to mitigate cybersecurity risks   News

May 12, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has today joined with international cyber security agency partners, to warn Managed Service Providers (MSP) of pressing cyber risks and provide guidance on suitable mitigations for them and their customers.

Hardening Microsoft Windows 10 and Windows 11 workstations   Publication

Jul 16, 2024 - This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 and Windows 11. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 22H2 and Windows 11 version 23H2.

Essential Eight maturity model changes   Publication

Nov 27, 2023 - This publication provides an overview of the changes for the November 2023 release.

2021-007: Log4j vulnerability – advice and mitigations   Advisory

Dec 29, 2021 - On 10 December 2021, ASD's ACSC released an alert relating to a serious vulnerability in versions of the Log4j Java logging library. Malicious cyber actors are using this vulnerability to target and compromise systems globally and in Australia. The ASD's ACSC is working with a significant number of victims and affected vendors across all sectors of the economy.

Managing the risks of legacy IT: Practitioner guidance   Publication

Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.

Security considerations for edge devices   Publication

Feb 5, 2025 - Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.