Search

First Nations business resources   Guidance

Jan 5, 2023 - Cybercriminals are finding new ways to target First Nations businesses all the time. There are a few simple things you can do to keep yourself and your business secure online.

Enhanced visibility and hardening guidance for communications infrastructure   Advisory

Dec 4, 2024 - This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.

Questions to ask managed service providers   Publication

Oct 6, 2021 - Asking the right questions to managed service providers can help organisations better understand the cybersecurity of their systems and the services they provide.

Vulnerability planning  

Sep 3, 2025 - Resources to help organisations plan for, and manage, critical vulnerabilities effectively.

Cyber skills framework   Publication

Sep 10, 2020 - The Cyber Skills Framework enables targeted recruitment of cyber specialists, provides a development pathway for current and future cyber staff, and aligns skills, knowledge and attributes with national and international industry standards.

Exploitation of vulnerabilities affecting Cisco firewall platforms   Alert

Apr 25, 2024 - This alert has been written for the IT teams of organisations and government. Entities are strongly encouraged to take immediate action to ensure affected devices are patched and investigate for potential compromise.

Cloud computing security for cloud service providers   Publication

Jan 18, 2024 - This publication is designed to assist cloud service providers (CSPs) in offering secure cloud services. It can also assist assessors in validating the security posture of a cloud service, which is often verified through an Infosec Registered Assessors Program (IRAP) assessment of the CSP services.

Secure your website   Guidance

Jul 29, 2024 - Small business account for over 95% of all businesses in Australia and 72% of them have a website. However, in a world in which websites are increasingly being targeted by cyber criminals, only 36% check for updates every week. For those small businesses with a website, or that are considering one, these three quick wins will help you protect your money, data and reputation.

Vulnerability Affecting BlackBerry QNX RTOS   Alert

Aug 18, 2021 - BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.

Safer Internet Day 2021   News

Feb 9, 2021 - Safer Internet Day on 9 February 2021 aims to raise awareness of emerging online issues and share strategies everyone can use for staying secure online.

Multiple vulnerabilities affecting NetScaler ADC and NetScaler Gateway devices   Alert

Aug 27, 2025 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of multiple vulnerabilities (CVE-2025-7775, CVE-2025-7776 & CVE-2025-8424) affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products.

OS Command Injection Vulnerability in GlobalProtect Gateway   Alert

May 3, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-3400) that enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Ransomware Playbook   Guidance

Oct 10, 2024 - This interactive guide is here to assist you with taking all of the appropriate steps to prepare for, respond to and recover from a ransomware incident.

Potential SolarWinds Orion compromise   Alert

Jan 25, 2021 - FireEye identifies global campaign leveraging malicious updates to SolarWinds software.

Critical Vulnerability in FortiOS   Alert

Feb 9, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is aware of a critical (9.6) vulnerability (CVE-2024-21762) in Fortinet FortiOS devices.

Barracuda Email Security Gateway (ESG) malicious activity – additional Indicators of Compromise released   Alert

Dec 25, 2023 - Update: ASD's ACSC is aware of active exploitation of a third party library, Spreadsheet::ParseExcel, leading to potential Arbitrary Code Execution in Barracuda ESG appliances (CVE-2023-7101 and CVE-2023-7102).

Australia’s second ever cyber sanction imposed   News

May 8, 2024 - Today the Australian Government, along with our international partners, has imposed a targeted financial sanction and travel ban on Russian citizen Dmitriy Khoroshev, for his leadership role in the notorious LockBit ransomware group.

Security configuration guide: Viasat Mobile Dynamic Defense   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Viasat MDD devices and the security requirements that need to be met to allow them to handle classified data.

Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances   Publication

Feb 5, 2025 - This guidance has been developed with contributions from partnering agencies and is included in a series of publications aiming to draw attention to the importance of edge device cyber security measures.

Google Releases Security Updates for Chrome Browser   Alert

Jun 21, 2021 - On June 17 2021, Google released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. The patch notes for this version can be viewed at Chrome Release Note.

Managing cyber supply chains  

Dec 3, 2020 - This page lists publications on cyber supply chain risk management.

Security configuration guide: Samsung Galaxy S10, S20 and Note 20 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Samsung Galaxy and Samsung Note devices and the security requirements that need to be met to allow them to handle classified data.

Exploitation of existing Fortinet Vulnerabilities    Alert

Apr 11, 2025 - Fortinet has released information regarding exploitation of previously known vulnerabilities affecting Fortinet devices.
ASD’s ACSC recommends customers follow the advice contained in Fortinet’s advisory page.

Vulnerability in Ivanti Endpoint Manager Mobile (EPMM)   Alert

Jul 25, 2023 - This Alert is relevant to Australians who are running Ivanti EPMM. This alert is intended to be understood by slightly more technical users. Users are encouraged to immediately apply any available patches.

Assessment and evaluation programs  

Sep 3, 2025 - ASD's ACSC's programs and resources to support the assessment and evaluation of information security and critical infrastructure.

Back to school with cyber secure devices   News

Feb 4, 2022 - As children return to school, Australian parents are urged to make devices like mobile phones and laptop computers more cyber secure and to teach their children about cyber security, with 2022 set to be another year of hybrid learning for most families.

Cyber Security Awareness Month 2022   News

Sep 30, 2022 - October is Cyber Security Awareness Month and this year the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) theme is Have you been hacked?

Microsoft Releases Security Updates for Microsoft Edge Browser   Alert

Jun 30, 2021 - On June 24 2021, Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.

Medibank Private Cyber Security Incident   Alert

Dec 1, 2022 - ASD’s Australian Cyber Security Centre is working closely with Medibank Private following the recent incident.

Guidelines for procurement and outsourcing   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on procurement and outsourcing activities.