You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 301 - 330 of 681 results.
2020-011: Critical Vulnerability in SAP NetWeaver Application Server (CVE-2020-6287) Advisory
Jul 14, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends users of these products urgently apply available security patches to prevent an adversary from exploiting this vulnerability.
Multiple vulnerabilities in Jenkins products Alert
Jan 30, 2024 - ASD’s ACSC is aware of multiple vulnerabilities impacting Jenkins products including CVE 2024-23897 (Critical) & CVE-2024-23898 (High). Organisations using Jenkins products are strongly advised to follow the mitigation advice provided by Jenkins and patch affected versions.
Cyber supply chains
Dec 3, 2020 - This page lists publications on cyber supply chain risk management.
Protecting your family Guidance
May 2, 2023 - Advice and guidance for parents and guardians to help children have secure experiences online.
Gateway security guidance package: Gateway security principles Publication
Jul 29, 2022 - Guidance written for audiences responsible for the procurement, operation and management of gateways.
Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway products Alert
Jan 18, 2024 - ASD’s ACSC is aware of multiple vulnerabilities (CVE-2023-6548 and CVE-2023-6549) in Citrix NetScaler products (NetScaler ADC and NetScaler Gateway). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.
New Secure by Demand guidance available for operational technology owners and operators News
Jan 14, 2025 - To protect your systems from threat actors targeting your operational technology components, select products from manufacturers who are Secure-by-Design. Find out which security elements to prioritise.
Iranian Government-Sponsored APT Cyber Actors Alert
Nov 17, 2021 - FBI and CISA have observed an Iranian government-sponsored APT group that are exploiting vulnerabilities to gain access to systems. The APT group has exploited the same Microsoft Exchange vulnerability in Australia.
Joint advisory on top cyber vulnerabilities News
Jul 28, 2021 - The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.
Cloud computing security for executives Publication
Jan 18, 2024 - This publication is designed to provide executives from organisations looking to utilise cloud computing services an overview of the components that make up ‘cloud’ and help understand the security risks to be considered when using cloud computing.
Phone scams impersonating Australian businesses and government agencies Alert
Aug 13, 2020 - Cybercriminals are spoofing Australian mobile numbers and pretending to be from an Australian Government agency, delivery company or business, manipulating the individual to gain access to their device.
Cybersecurity incident response planning: Practitioner guidance Publication
Dec 12, 2024 - ASD defines a cybersecurity incident as an unwanted or unexpected cybersecurity event, or a series of such events, that has either compromised business operations or has a significant probability of compromising business operations.
Cloud assessment and authorisation FAQ Publication
Jan 18, 2024 - This publication provides answers to frequently asked questions on the Australian Signals Directorate (ASD)’s assessment and authorisation framework for cloud service providers (CSPs) and their cloud services.
Secure your Wi-Fi and router Guidance
Oct 29, 2024 - How to make your software, devices and networks harder to access and more resilient to attack.
Be Ready - auDA Domain Name Changes News
Mar 23, 2022 - The new domain name category could leave your business or organisation open to fraudulent cyber activity, such as business email compromise.
Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns Advisory
Dec 8, 2023 - The Russia-based actor is targeting organisations and individuals in the UK and other geographical areas of interest.
ForgeRock Open AM critical vulnerability Alert
Jul 7, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ASD’s ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.
Are you ready for Australian domain name changes? Alert
Aug 8, 2022 - Australians have until 20 September 2022 to seek priority allocation of an .au direct domain name that matches their existing domain name.
Introduction to Cross Domain Solutions Publication
Oct 6, 2021 - This publication introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.
Small business cloud security guides
Apr 2, 2024 - ASD's ACSC has released a series of guides designed to help small businesses secure their cloud environment.
Securing PowerShell in the enterprise Publication
Oct 6, 2021 - This publication describes a maturity framework for PowerShell, balancing the security and business requirements of organisations. This framework enables organisations to take incremental steps towards securing PowerShell across their environment.
Disclaimer
Jan 8, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) publishes this website to distribute information to the public and government ICT security professionals. We regularly review and update the information provided.
Artificial intelligence
Apr 12, 2024 - This page lists publications on the governance and use of artificial intelligence.
Essential Eight maturity model and ISM mapping Publication
Oct 2, 2024 - This publication provides a mapping between the Essential Eight and the controls within the Information security manual (ISM).
Cyber Security for Operational Technology News
Oct 2, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released new guidance to help critical infrastructure protect their systems and online supply chains.
Australian Signals Directorate unveils new facility News
Mar 23, 2022 - The Australian Signals Directorate (ASD) has unveiled a new world-class cyber and foreign intelligence facility, as the agency prepares to mark 75 years defending Australia from global threats.
Planning for critical vulnerabilities: What the board of directors needs to know Publication
Dec 14, 2023 - This publication provides information on why it is important that the board of directors is aware of and plan for critical vulnerabilities that have the potential to cause major cybersecurity incidents.
Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure Advisory
Sep 6, 2024 - The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.
Secure administration Publication
Oct 6, 2021 - Privileged access allows administrators to perform their duties, and is often seen as the ‘keys to the kingdom’. This publication provides guidance on how to implement secure administration techniques as part of the management of privileged access.
Suspected user credentials stolen from FortiNet devices leaked online Alert
Sep 10, 2021 - A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.
