You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 301 - 330 of 397 results.
Multiple Vulnerabilities in Atlassian Confluence Data Center and Server Alert
Nov 1, 2023 - ASD’s ACSC has received information on multiple vulnerabilities in Atlassian’s Confluence Data Center and Server (CVE-2023-22515 & CVE-2023-22518). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.
Secure by Demand Publication
Jan 14, 2025 - This Secure by Demand guide, authored by CISA with contributions from the following partners, describes how OT owners and operators should integrate security into their procurement process when purchasing industrial automation and control systems as well as other OT products.
Suspected user credentials stolen from FortiNet devices leaked online Alert
Sep 10, 2021 - A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.
Joint advisory on top cyber vulnerabilities News
Jul 28, 2021 - The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.
Critical vulnerabilities in ‘ownCloud’ file share Alert
Nov 29, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of multiple critical vulnerabilities affecting the file sync and sharing software ‘ownCloud’. This primarily impacts self-hosted instances of the open-source product. Those impacted should apply the patches available and consider the workarounds made available by the vendor.
Home
Sep 30, 2025 - Welcome to the Australian Cyber Security Centre website - cyber.gov.au
Use of Log4j vulnerabilities in ransomware activity Alert
Dec 23, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) expects an increase in ransomware activity using Log4j as an exploit vector. Malicious actors may take advantage of trivial exploits to impact Australian organisations.
Iranian Government-Sponsored APT Cyber Actors Alert
Nov 17, 2021 - FBI and CISA have observed an Iranian government-sponsored APT group that are exploiting vulnerabilities to gain access to systems. The APT group has exploited the same Microsoft Exchange vulnerability in Australia.
National cyber security exercises for Australia’s electricity industry News
Apr 30, 2020 - In November 2019, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) coordinated a national cyber security exercise series in partnership with Australia’s electricity industry and government agencies.
Personal cyber security: Next steps guide Guidance
Jun 16, 2023 - The second of three cyber security guides in the personal cyber security series is designed to help everyday Australians understand a moderate level of cyber security and how to take action to protect themselves from cyber threats.
Recovering compromised bank accounts and online payment accounts Guidance
Nov 10, 2023 - Bank accounts are among the most important accounts to us and the most prized accounts to cybercriminals.
Potential SolarWinds Orion compromise Alert
Jan 25, 2021 - FireEye identifies global campaign leveraging malicious updates to SolarWinds software.
2020-011: Critical Vulnerability in SAP NetWeaver Application Server (CVE-2020-6287) Advisory
Jul 14, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends users of these products urgently apply available security patches to prevent an adversary from exploiting this vulnerability.
About us
Feb 25, 2023 - Contact ASD's ACSC for general enquiries and media enquiries.
Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016 Publication
Jul 24, 2023 - Workstations are often targeted by malicious actors using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening applications on workstations is an important part of reducing this risk.
How to become an IRAP Assessor Program page
Aug 15, 2024 - IRAP Assessors are ASD-endorsed ICT professionals from across Australia who have the necessary experience and qualifications in ICT security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.
Australian organisations encouraged to urgently adopt an enhanced cyber security posture Alert
Mar 28, 2022 - Australian organisations are encouraged to urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.
Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks Advisory
Sep 16, 2020 - This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.
Security configuration guide: Viasat Mobile Dynamic Defense Publication
Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Viasat MDD devices and the security requirements that need to be met to allow them to handle classified data.
Questions to ask managed service providers Publication
Oct 6, 2021 - Asking the right questions to managed service providers can help organisations better understand the cybersecurity of their systems and the services they provide.
Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities Alert
Nov 29, 2023 - A malicious actor can exploit the vulnerability to execute code remotely without authentication. Organisations using Citrix products NetScaler ADC and NetScaler Gateway, possibly including Government and medium to large organisations. Ensure the latest release of NetScaler ADC and NetScaler Gateway have been installed.
Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) Advisory
Sep 22, 2020 - The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.
2020-013 Ransomware targeting Australian aged care and healthcare sectors Advisory
Aug 2, 2020 - Recently there has been a significant increase in healthcare or COVID-19 themed malicious cyber activity, including targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the ‘Maze’ ransomware.
Australian Information Security Evaluation Program (AISEP) Program page
Jul 2, 2025 - The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyberthreats. These evaluation activities are certified by the Australian Certification Authority (ACA).
Fundamentals of Cross Domain Solutions Publication
Oct 6, 2021 - This publication introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains.
2023-03: ASD's ACSC Ransomware Profile – Lockbit 3.0 Advisory
Jun 15, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of Lockbit 3.0 which is the newest version of Lockbit ransomware. It is used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes as other variants such as encrypting their data, and extorting a ransom to return access to the sensitive files.
Bring Your Own Device for executives Publication
Oct 6, 2021 - Bring Your Own Device (BYOD) scenarios enable organisations to take advantage of new technologies faster. It also has the potential to reduce hardware costs and improve organisational productivity and flexibility. However, BYOD also introduces new risks to an organisation’s business and the security of its information, which need to be carefully considered before implementation.
Set secure passphrases
Jul 30, 2024 - Where multi-factor authentication is not available, a strong passphrase is your best defence.
2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway Advisory
Jan 13, 2020 - On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.
