Search

Important Vulnerabilities in Microsoft’s October 2023 Security Update   Alert

Oct 13, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s October 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Cyber sanction imposed on Russian cybercriminal for 2022 Medibank Private compromise   News

Jan 23, 2024 - Today Australia has imposed a cyber sanction under the Autonomous Sanctions Act 2011 on Russian national Aleksandr Ermakov for his role in the compromise of Medibank Private in 2022. This is the first time a sanction has been imposed under the Act.

Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457)   Alert

Apr 4, 2025 - Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD’s ACSC recommends customers follow the advice contained in Ivanti’s Security Advisory and assess their environments for malicious activity.

2022-004: ASD's ACSC Ransomware Profile – ALPHV (aka BlackCat)   Advisory

Apr 14, 2022 - ALPHV (aka BlackCat, Noberus) is a ransomware variant first observed in late 2021, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia.

People’s Republic of China (PRC) State-Sponsored Cyber Actor Living Off the Land to Evade Detection   Alert

May 25, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC), in conjunction with the United States (US) National Security Agency (NSA) its international partners, has released a Cybersecurity Advisory regarding a PRC state-sponsored cyber actor conducting activity impacting US critical infrastructure (CI) sectors. Because of the potential risk to CI sectors outside the US, all organisations are encouraged to review the published Advisory and report any malicious activity to the ASD's ACSC.

An introduction to securing smart places   Publication

Nov 21, 2022 - Smart places, also known as smart cities, are places designed to provide enhanced services to citizens using a collection of smart information technology (IT)-enabled systems and devices that capture, communicate and analyse data. To achieve this purpose, previously discrete technologies and systems are interconnected to allow for large-scale coordination, real-time decision making, and increased visibility and situational awareness of the smart place’s status.

Report and recover from scams   Guidance

Apr 11, 2023 - If someone has stolen your money or personal information, find out what to do and who to contact. We also provide advice on how to avoid scams in future.

Introduction to Cross Domain Solutions   Publication

Oct 6, 2021 - This publication introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.

Patching applications and operating systems   Publication

Nov 27, 2023 - Applying patches to applications and operating systems is critical to keeping systems secure. Patching forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents.

Critical vulnerabilities in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways   Alert

Jan 9, 2025 - Ivanti has identified critical vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways. Customers should update to available patched versions immediately and monitor Ivanti’s Security Advisory for further advice.

Cyber incident management arrangements for Australian governments   Publication

Sep 18, 2023 - The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.

Travelling with mobile devices   Publication

Mar 26, 2024 - Learn how to keep mobile devices secure when travelling. This guidance provides advice from both an individual and organisational perspective.

Update your devices to keep cybercriminals out   News

May 3, 2021 - Updating the software on electronic devices is one of the easiest and most important ways all Australians can defend against cybercriminals and be protected from online threats.

Exploitation of Unitronics Programmable Logic Controllers (PLCs)   Alert

Dec 5, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about global exploitation of Programmable Logic Controllers (PLC) and is aware of reports of compromise of these devices in Australia. These devices are present in a number of critical sectors such as water, energy, fuel and healthcare.

Scammers impersonating police to target victims for cryptocurrency/seed wallet theft   Alert

Nov 13, 2025 - The ASD’s ACSC is aware that criminals are using Australia’s national cybercrime reporting channel and impersonating police to try to scam Australians out of funds from their cryptocurrency or seed wallets.

Mitigation strategies for edge devices: Executive guidance   Publication

Feb 4, 2025 - This publication provides a high-level summary of ASD’s existing guidance to manage and secure edge devices effectively. It is intended for executives in large organisations and critical infrastructure providers that are responsible for the deployment, operation, security, and maintenance of enterprise networks. ASD is soon to release a comprehensive technical publication on mitigation strategies for edge devices for practitioners.

Guidelines for system monitoring   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system monitoring.

Types of scams   Guidance

Learn about the common types of scams, how to identify them and how to recover from them.

Vulnerability Affecting BlackBerry QNX RTOS   Advisory

Aug 17, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a vulnerability affecting the BlackBerry QNX, the world’s most prevalent real time operating system.

Medibank Private Cyber Security Incident   Alert

Dec 1, 2022 - ASD’s Australian Cyber Security Centre is working closely with Medibank Private following the recent incident.