Search

High Severity vulnerability present in OpenSSL version 3.x   Alert

Nov 2, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a buffer overrun and buffer overflow vulnerability in OpenSSL versions above to 3.0. All Australian organisations using version 3.x should apply the available patch immediately.

An introduction to artificial intelligence   Publication

Nov 24, 2023 - Artificial intelligence (AI) is an emerging technology that will play an increasingly influential role in the everyday life of Australians.

Avaddon Ransomware   Alert

May 8, 2021 - Increase in Avaddon ransomware attacks in Australia.

Act now to defend against vicious cybercriminals   News

Jul 20, 2021 - Cybercriminals are targeting Australians at an unprecedented level to steal sensitive information and money, including through business email compromise and ransomware attacks.

Active exploitation of vulnerable MobileIron products   Alert

Sep 18, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.

Restricting administrative privileges   Publication

Nov 27, 2023 - Learn how to restrict the use of administrative privileges. Restricting administrative privileges forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents.

Remote code execution vulnerability present in Atlassian Confluence Server and Data Center   Alert

Jun 5, 2022 - A critical unauthenticated remote code execution vulnerability (CVE-2022-26134) has been identified in all supported versions of Atlassian Confluence Server and Data Center. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends organisations restrict internet access to and from affected devices.

Secure your NAS device   Guidance

Nov 29, 2024 - Protect your network-attached storage (NAS) device and the important data it holds with this guide.

Remote code execution vulnerability present in certain versions of Atlassian Confluence   Alert

Sep 1, 2021 - A vulnerability exists in certain self-hosted versions of Atlassian Confluence which could allow a malicious cyber actor to execute arbitrary code. Affected organisations should apply the available patch to mitigate this vulnerability.

VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)   Alert

Feb 25, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.

Secure your Apple macOS device   Guidance

Nov 29, 2024 - Your Apple macOS device often holds your most important data. Use these simple steps to protect your device from cyberattacks.

Joint statement - Digital Transformation Agency and Australian Signals Directorate - Secure Internet Gateways update   News

Nov 1, 2021 - The Australian Government is further strengthening the ICT systems of Government entities by enhancing its Secure Internet Gateway (SIG) policy and through the Cyber Hubs initiative. The Digital Transformation Agency (DTA) is working on these initiatives with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).

Malware targeting Centreon software   Alert

Feb 16, 2021 - ANSSI identifies campaign targeting Centreon system monitoring software.

Exploitation of Pulse Connect Secure Vulnerabilities   Alert

Apr 21, 2021 - New advice for mitigating Pulse Connect Secure Virtual Private Network (VPN) vulnerabilities.

Business Continuity in a Box   News

Nov 13, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in collaboration with the US Cybersecurity and Infrastructure Security Agency (CISA), has published a new tool, Business Continuity in a Box, to help businesses continue basic operations during or after a cyber incident.

Important Vulnerabilities in Microsoft’s August 2023 Security Update   Alert

Aug 10, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s August 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Important Vulnerabilities in Microsoft’s July 2023 Security Update   Alert

Jul 13, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s July 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Revised patch released to disable mitigation against Spectre variant 2   Advisory

Jan 29, 2020 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.

Essential Eight Maturity Model Update   News

Nov 27, 2023 - The Australian Signals Directorate has updated the Essential Eight Maturity Model (E8MM).

Password managers   Guidance

Jul 10, 2024 - Learn how to create and store passwords in a secure location for your important accounts.

Serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket   Alert

Dec 7, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about serious vulnerabilities in certain Atlassian products (CVE-2023-22522, CVE-2023-22523 and CVE-2022-1471) which are fixed by recent patches. Operators are urged to review Atlassian’s advice and implement recommended mitigations before exploitation begins.

IRAP Consumer Guide   Program page

Dec 15, 2020 - An IRAP Assessor will assist you by helping you to understand and implement security controls and recommendations to protect your systems and data.

End of support for Microsoft Windows and Microsoft Windows Server   Publication

Mar 20, 2024 - Support for Microsoft Windows and Microsoft Windows Server users following the expiration of the specified servicing timeline.

Microsoft's investment in Australia’s cyber security   News

Oct 24, 2023 - The Prime Minister has announced Microsoft’s $5 billion commitment to building Australia’s cyber defence.

Introduction of legislative change for Limited Use obligation    News

Oct 31, 2024 - On 9 October 2024, the Australian Government introduced the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024 into Parliament. The Bill amends the Intelligence Services Act 2001 to legislate a Limited Use obligation for the Australian Signals Directorate (ASD).

Internet of Things devices   Guidance

Apr 11, 2023 - IoT devices can include smart televisions, security cameras and fridges. Learn how to buy and use IoT devices securely.

Cyber security for charities and not-for-profit organisations   News

Mar 18, 2024 - With cyber-attacks continuing to increase in frequency and severity across all sectors, the Australian Signals Directorate is encouraging charities and not-for-profit organisations to take action to protect their online systems.

Protect yourself: Multi-factor authentication   Guidance

Oct 14, 2022 - Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity.

The Case for Memory Safe Roadmaps – Joint Cyber Security Guide   News

Dec 7, 2023 - In partnership with our international partners we released a joint cyber security guidance on Secure-by-Design memory safe roadmaps.

2020-002: Critical Vulnerabilities for Microsoft Windows, Patch Urgently   Advisory

Jan 15, 2020 - If you or your organisation uses any of the affected products, the ACSC recommends that you apply the patches urgently.