Search

Resources for business and government  

Resources for business and government on cybersecurity.

Malicious insiders   Threat

Jun 23, 2020 - Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cybersecurity at risk or spill data.

Enhanced visibility and hardening guidance for communications infrastructure   Advisory

Dec 4, 2024 - This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.

Email security  

Jul 29, 2024 - Protect yourself, your employees and business from an email security incident before it's too late.

Essential Eight explained   Publication

Nov 27, 2023 - This publication provides an overview of the Essential Eight.

Exercise in a Box is here   News

Nov 17, 2022 - This service provides an all in one platform that your organisation can use to assess and improve its cyber security practices in your own time, in a safe environment, and as many times as you want.

Protecting your family   Guidance

May 2, 2023 - Advice and guidance for parents and guardians to help children have secure experiences online.

Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances   Publication

Feb 5, 2025 - This guidance has been developed with contributions from partnering agencies and is included in a series of publications aiming to draw attention to the importance of edge device cyber security measures.

Cloud computing security for cloud service providers   Publication

Jan 18, 2024 - This publication is designed to assist cloud service providers (CSPs) in offering secure cloud services. It can also assist assessors in validating the security posture of a cloud service, which is often verified through an Infosec Registered Assessors Program (IRAP) assessment of the CSP services.

ForgeRock Open AM critical vulnerability   Alert

Jul 7, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ASD’s ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.

Secure your website   Guidance

Jul 29, 2024 - Small business account for over 95% of all businesses in Australia and 72% of them have a website. However, in a world in which websites are increasingly being targeted by cyber criminals, only 36% check for updates every week. For those small businesses with a website, or that are considering one, these three quick wins will help you protect your money, data and reputation.

Hunting Russian Intelligence “Snake” Malware   Advisory

May 10, 2023 - This Cybersecurity Advisory (CSA) provides background on Snake’s attribution to the FSB and detailed technical descriptions of the implant’s host architecture and network communications.

Ransomware Playbook   Guidance

Oct 10, 2024 - This interactive guide is here to assist you with taking all of the appropriate steps to prepare for, respond to and recover from a ransomware incident.

Exploitation of vulnerabilities affecting Cisco firewall platforms   Alert

Apr 25, 2024 - This alert has been written for the IT teams of organisations and government. Entities are strongly encouraged to take immediate action to ensure affected devices are patched and investigate for potential compromise.

Safer Internet Day 2021   News

Feb 9, 2021 - Safer Internet Day on 9 February 2021 aims to raise awareness of emerging online issues and share strategies everyone can use for staying secure online.

Modern defensible architecture   Publication

Feb 10, 2025 - Modern defensible architecture is the first step in Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC)’s push to ensure that secure architecture and design are being considered and applied by organisations in their cybersecurity and resilience planning.

Cyber Security Awareness Month 2024  

Sep 30, 2024 - October is Cyber Security Awareness Month and an annual reminder for all Australians to stay secure online.

Educational pack for small businesses   Guidance

Jun 15, 2023 - This educational pack provides engaging content to help small business owners learn how to stay cyber secure. Includes practical activities for staff.

Suspected user credentials stolen from FortiNet devices leaked online   Alert

Sep 10, 2021 - A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.

OS Command Injection Vulnerability in GlobalProtect Gateway   Alert

May 3, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-3400) that enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cybersecurity terminology   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity terminology.

Protect yourself online: A guide to cybersecurity for young people   Guidance

May 2, 2024 - The steps in this guide can help you navigate the online world with confidence.

Potential SolarWinds Orion compromise   Alert

Jan 25, 2021 - FireEye identifies global campaign leveraging malicious updates to SolarWinds software.

Australia’s second ever cyber sanction imposed   News

May 8, 2024 - Today the Australian Government, along with our international partners, has imposed a targeted financial sanction and travel ban on Russian citizen Dmitriy Khoroshev, for his leadership role in the notorious LockBit ransomware group.

Connecting to public Wi-Fi and hotspots   Guidance

Apr 11, 2023 - Public Wi-Fi hotspots are found everywhere in places like your local shops, cafes, hotels and even at some parks. They can be a convenient way to access the internet when you are out, have poor reception or are travelling overseas. Learn more about connecting to public Wi-Fi and hotspots securely.

Secure by Design  

Jul 22, 2024 - Secure by Design is a proactive, security-focused approach to the development of digital products and services that necessitates a strategic alignment of an organisation’s cybersecurity goals. Secure by Design requires cyberthreats to be considered from the outset to enable mitigations through thoughtful design, architecture and security measures. Its core value is to protect consumer privacy and data through designing, building, and delivering products with fewer vulnerabilities.

Cybersecurity for charities and not-for-profits   Guidance

Mar 12, 2024 - How to avoid common cyberthreats and protect your mission .

Guidelines for personnel security   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.

Vulnerability Affecting BlackBerry QNX RTOS   Alert

Aug 18, 2021 - BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.

Guidelines for networking   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on networking.