Search

Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway products   Alert

Jan 18, 2024 - ASD’s ACSC is aware of multiple vulnerabilities (CVE-2023-6548 and CVE-2023-6549) in Citrix NetScaler products (NetScaler ADC and NetScaler Gateway). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.

The Commonwealth Cyber Security Posture in 2022   Reports and statistics

Dec 16, 2022 - The Commonwealth Cyber Security Posture in 2022 (the report) informs Parliament on the implementation of cybersecurity measures across the Commonwealth government, for the period January 2021 to June 2022. As of June 2022, the Commonwealth comprised 97 non-corporate Commonwealth entities (NCCEs), 71 corporate Commonwealth entities (CCEs) and 17 Commonwealth companies (CCs).

Exploitation of vulnerabilities affecting Cisco firewall platforms   Alert

Apr 25, 2024 - This alert has been written for the IT teams of organisations and government. Entities are strongly encouraged to take immediate action to ensure affected devices are patched and investigate for potential compromise.

Domain Name System security for domain owners   Publication

Oct 6, 2021 - This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

Gateway security guidance package: Gateway technology guides   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.

Critical vulnerability in Microsoft Windows Server Update Service (WSUS)   Alert

Oct 25, 2025 - Critical vulnerability impacting Microsoft Windows Server Update Service – CVE-2025-59287. ASD’s ACSC recommends organisations update affected products to the latest versions and follow the advice detailed in the Microsoft Security Update guide.

"Bulletproof" hosting providers   Publication

Jan 22, 2025 - Bulletproof hosting (BPH) providers lease cybercriminals a virtual and/or physical infrastructure from which to operate. BPH providers are a specific class of internet infrastructure service that enables malicious actors (including cybercriminals) to host illicit content and run operations on the internet.

Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities   Alert

Nov 29, 2023 - A malicious actor can exploit the vulnerability to execute code remotely without authentication. Organisations using Citrix products NetScaler ADC and NetScaler Gateway, possibly including Government and medium to large organisations. Ensure the latest release of NetScaler ADC and NetScaler Gateway have been installed.

Programs  

Nov 3, 2022 - Find relevant cyber security programs

Update your small business cyber security   News

Jun 12, 2024 - Resources to help protect small businesses from cyber threats.

Supply chain compromise of 3CX DesktopApp   Alert

Mar 31, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a reported supply chain compromise affecting the 3CX DesktopApp, allowing malicious actors to conduct multi-stage attacks against users of the legitimate software. Australian users of affected versions of 3CX DesktopApp should immediately follow the vendor’s advice and investigate for signs of malicious activity.

Using the Information security manual   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on using the ISM.

#StopRansomware: BianLian Ransomware Group   Advisory

Nov 21, 2024 - The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ASD's ACSC investigations as of March 2023.

Preventing Web Application Access Control Abuse   Advisory

Jul 28, 2023 - The Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

Defending against the malicious use of the Tor network   Publication

Oct 6, 2021 - The Tor network is a system that conceals a user’s IP address. It allows anonymous – and often malicious – communication. This guidance shares advice on how to detect and prevent traffic from the Tor network.

APT40 Advisory   Advisory

Jul 9, 2024 - This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre and international partners, outlines a People’s Republic of China (PRC) state-sponsored cyber group and their current threat to Australian networks.

Detecting and mitigating Active Directory compromises   Publication

Jan 22, 2025 - This publication provides an overview of techniques used to compromise Active Directory, and recommended strategies to mitigate these techniques. By implementing the recommendations in this publication, organisations can significantly improve their Active Directory security, and therefore their overall network security posture.

Gateway security guidance package: Gateway operations and management   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

Report and recover  

Respond to cyber threats and take steps to protect yourself from further harm.

Managing the risks of legacy IT: Practitioner guidance   Publication

Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.