Search

Guidelines for enterprise mobility   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on enterprise mobility.

Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457)   Alert

Apr 4, 2025 - Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD’s ACSC recommends customers follow the advice contained in Ivanti’s Security Advisory and assess their environments for malicious activity.

Remote access to operational technology environments   Publication

Mar 28, 2023 - Many critical infrastructure providers are moving to support remote working arrangements. In doing so, modifying cybersecurity defences for operational technology environments (OTE) is not a decision that should be taken lightly.

Planning for post-quantum cryptography   Publication

Sep 22, 2025 - A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography insecure, thus making ubiquitous secure communications based on current public key cryptography technology infeasible. As the creation of a CRQC presents new cyber security risks, organisations are encouraged to consider anticipating future requirements and dependencies of vulnerable systems during the transition to post-quantum cryptography (PQC) standards.

Secure your mobile phone   Guidance

Nov 12, 2024 - The security of your mobile phone can be as crucial as your computer. Follow these steps to protect your phone or tablet from cybercriminals.

Vulnerability planning  

Sep 3, 2025 - Resources to help organisations plan for, and manage, critical vulnerabilities effectively.

Cyber Security Awareness Month 2024   News

Oct 1, 2024 - October is Cyber Security Awareness Month, a time for all Australians to talk about cyber security and take action to protect their devices and accounts.

Vulnerability Disclosure Program   News

Nov 23, 2022 - New ACSC publication released to help organisations implement a Vulnerability Disclosure Program.

DDoS threats being made against Australian organisations   Alert

May 25, 2020 - Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.

Critical Vulnerability affecting Fortinet’s FortiClientEMS   Alert

Mar 22, 2024 - ASD’s ACSC is aware of a critical vulnerability (CVE-2023-48788) affecting Fortinet’s FortiClientEMS. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.

Summary of Tactics, Techniques and Procedures Used to Target Australian Networks   Advisory

May 20, 2020 - This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.

Vulnerability in Progress Kemp products   Alert

Feb 22, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-1212) that affects all Progress Kemp LoadMaster releases after 7.2.48.1. Organisations are strongly encouraged to take immediate action to patch relevant systems.

Ransomware targeting Australian aged care and healthcare sectors   Alert

Aug 2, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of increased targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection   Advisory

May 25, 2023 - The People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection joint advisory provides examples of the cyber actor’s commands, along with detection signatures to aid network defenders in hunting for this activity.

Joint statement - attribution to Russia for malicious cyber activity against European networks   News

May 11, 2022 - Australia and international partners shine a light on Russia’s ongoing unacceptable activity in cyberspace.

Cyber Safety and Security in Sport   News

Jun 8, 2023 - Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is partnering with Sport Integrity Australia and the Office of the e-Safety Commissioner to deliver the Cyber Safety and Security in Sport course. The course is part of the ASD’s ACSC's commitment to work with industry and government to strengthen Australia’s cyber security posture.

Engaging with artificial intelligence   Publication

Jan 24, 2024 - The purpose of this paper is to provide organisations with guidance on how to use artificial intelligence (AI) systems securely. The paper summarises some important threats related to AI systems and includes cybersecurity mitigation strategies to aid organisations in engaging with AI while managing risk. It provides mitigations to assist both organisations that maintain their own AI systems and organisations that use third-party AI systems.

Malicious actors deploying Gootkit Loader on Australian Networks   Alert

Aug 27, 2021 - Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed an increase of Gootkit JavaScript (JS) Loaders on Australian networks.

Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway products   Alert

Jan 18, 2024 - ASD’s ACSC is aware of multiple vulnerabilities (CVE-2023-6548 and CVE-2023-6549) in Citrix NetScaler products (NetScaler ADC and NetScaler Gateway). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.

Critical vulnerability identified in Apple iOS and macOS   Alert

Feb 12, 2022 - A Remote Code Execution vulnerability has been identified in certain versions of Apple WebKit, affecting iOS and macOS devices. Affected users of these devices should update their devices as soon as possible.

Multiple vulnerabilities in Jenkins products   Alert

Jan 30, 2024 - ASD’s ACSC is aware of multiple vulnerabilities impacting Jenkins products including CVE 2024-23897 (Critical) & CVE-2024-23898 (High). Organisations using Jenkins products are strongly advised to follow the mitigation advice provided by Jenkins and patch affected versions.

Ransomware Playbook   Guidance

Oct 10, 2024 - This interactive guide is here to assist you with taking all of the appropriate steps to prepare for, respond to and recover from a ransomware incident.

View all content  

Nov 3, 2022 -

Critical severity vulnerability in Fortinet FortiOS SSL-VPN   Alert

Dec 13, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a heap-based buffer overflow vulnerability in FortiOS SSL-VPN. All Australian organisations should apply the available patch immediately.

Privacy Awareness Week 2023   News

Apr 28, 2023 - The Australian Cyber Security Centre (ACSC) is supporting with the Office of the Australian Information Commissioner (OAIC) to support Privacy Awareness Week.

Potential Accellion File Transfer Appliance compromise   Alert

Feb 25, 2021 - The ACSC has identified Australian organisations that may have been impacted by the Accellion File Transfer Appliance vulnerability and have provided mitigation recommendations.

Active exploitation of vulnerable Sitecore Experience Platform content management systems   Alert

Nov 5, 2021 - There is active exploitation of a vulnerability occurring in certain versions of Sitecore Experience Platform systems. Affected Australian organisation should apply the available security update.

Delivering the goods in cyber security resilience to the transport and logistics sector   News

Oct 27, 2022 - National Cyber Security Exercise Series: Australia’s transport and logistics sector – May to August 2023

Act now to defend against vicious cybercriminals   News

Jul 20, 2021 - Cybercriminals are targeting Australians at an unprecedented level to steal sensitive information and money, including through business email compromise and ransomware attacks.

COVID-19 malicious cyber activity   Alert

May 22, 2020 - Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme.