Search

Small business cloud security guides: Executive overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

Seniors  

Jun 23, 2023 - This guide provides some simple steps and resources to protect your personal information, accounts and life savings when going online.

Kaseya VSA Supply-Chain Ransomware Attack   Alert

Jul 12, 2021 - Patch now available for Kaseya VSA platform.

Phishing   Threat

Mar 19, 2023 - Learn about phishing attacks and know what to do if you've been targeted.

New advisory – PRC state-sponsored actors compromise networks worldwide to feed global espionage system   News

Aug 28, 2025 - Don’t feed their global espionage systems – read the full advisory for vital insights on threat hunting, indicators of compromise, and mitigation strategies to help your organisation safeguard your networks and assets.

Cyber security principles   Advice

Dec 4, 2025 - Follow the Information security manual (ISM)'s cyber security principles to protect information technology and operational technology systems, applications and data from cyber threats.

Critical vulnerability in certain Hikvision products, IP cameras   Alert

Sep 22, 2021 - A critical vulnerability exists in Hikvision products, including IP cameras, which could allow a cyber actor to take full control of the device. Affected Australian customers should apply an appropriate firmware update provided by Hikvision.

Cyber security incident response planning: Executive guidance   Publication

Dec 12, 2024 - The Australian Signals Directorate (ASD) is responsible for monitoring and responding to cyber threats targeting Australian interests. Reporting cyber security incidents to ASD ensures that timely assistance can be provided, if required. This may be in the form of investigations or remediation advice.

Detecting socially engineered messages   Publication

Oct 6, 2021 - Socially engineered messages pose a significant threat to organisations. They can have a big impact, helping malicious actors access accounts, systems or sensitive information. Learn how to spot a socially engineered message, including through email, SMS, social media or messaging apps.

Restricting administrative privileges   Publication

Nov 27, 2023 - Learn how to restrict the use of administrative privileges. Restricting administrative privileges forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents.

Secure your Microsoft Windows device   Guidance

Nov 29, 2024 - Your Microsoft Windows device often holds your most important data. Use these simple steps to protect your device from cyberattacks.

Gootkit Loader continues to be used on multiple Australian networks   Advisory

Dec 23, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) continues to observe instances of Gootkit JavaScript (JS) Loaders on multiple Australian networks in 2022. Open source reporting also indicates continued Gootkit activity.

Gateway security guidance package: Executive guidance   Publication

Jul 29, 2025 - The purpose of this guidance is to inform decision-makers at the executive level of their responsibilities, the appropriate considerations needed to make informed risk-based decisions, and to meet policy obligations when leading the design or consumption of their organisation’s gateway services.

Principles of operational technology cyber security   Publication

Oct 2, 2024 - Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cybersecurity and safety of their OT.

Cyber security research report   Reports and statistics

Dec 15, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) commissioned exploratory research to better understand audience awareness of cyber security threats and practices.

Security configuration guide: Apple iOS 14 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australians to understand risks when deploying iOS 14 devices and the security requirements that need to be met to allow them to handle classified data.

Head of ACSC talks cyber security with Natarsha Belling in podcast special   News

Nov 29, 2021 - Ms Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), recently sat down with journalist Natarsha Belling to discuss the common cyber threats affecting Australians today.

Malicious email mitigation strategies   Publication

Oct 6, 2021 - Socially engineered emails containing malicious attachments and embedded links are routinely used in targeted cyber intrusions against organisations. This publication has been developed to provide mitigation strategies for the security risks posed by these malicious emails.

Gateway security guidance package: Gateway security principles   Publication

Jul 29, 2025 - Guidance written for audiences responsible for the procurement, operation and management of gateways.

New Secure by Demand guidance available for operational technology owners and operators   News

Jan 14, 2025 - To protect your systems from threat actors targeting your operational technology components, select products from manufacturers who are Secure-by-Design. Find out which security elements to prioritise.