Search

Creating Strong Passphrases   Guidance

Oct 6, 2021 - The longer your passphrase, the better. As adversaries can crack a short password with very little effort or time, you can increase the time and effort it takes by using a passphrase instead.

Advisory 2021-004: Active exploitation of ForgeRock Access Manager / OpenAM servers   Advisory

Jul 9, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has identified targeting and compromise of Australian organisations with vulnerable internet-accessible servers running ForgeRock Access Manager (ForgeRock AM). ForgeRock AM was previously known as OpenAM. The ASD's ACSC has observed malicious actors exploiting the vulnerability in ForgeRock AM/OpenAM to gain initial access to networks in multiple organisations, and facilitate further access within these networks. On 7 July 2021 the ASD's ACSC alerted organisations that this vulnerability was being actively exploited. This ASD's ACSC advisory provides recommendations for securing ForgeRock AM against vulnerability CVE-2021-35464, and advice on identifying potential successful exploitation of this vulnerability.

Exercise Cyber Arrow    News

Nov 14, 2025 - ASD’s delivers national cyber security exercise for the Energy, Communications, and Financial Services and Markets sectors

Introduction to connected vehicles   Guidance

Jun 30, 2025 - Connected vehicles (CVs) carry cyber security risks that vary depending on their level of connectivity. Learn about the risks before buying a CV and how to stay more secure when using these vehicles.

While you are shopping   Guidance

The best way to avoid being a victim of cybercrime is to be informed. It is really important to know how to secure your device and recognise a fake website or scammer.

Building a cyber secure Australia: A fireside chat    News

Oct 29, 2025 - Hear from some of Australia’s top government cyber officials in a fireside chat as part of Cyber Security Awareness Month.

Building stronger supply chains through collaboration: A fireside chat   News

Oct 29, 2025 - Find out how to take action on your supply chain and third party risk by watching our fireside chat with industry cyber professionals.

Cyber Security Awareness Month 2022   News

Sep 30, 2022 - October is Cyber Security Awareness Month and this year the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) theme is Have you been hacked?

ASD/ACSC engagement request  

Jun 8, 2023 - Thank you for your interest in having ASD/ACSC attend or speak at your event. In order for us to identify the most appropriate staff member, we ask that you provide us with some information about your event, the audience and intended outcome of your engagement with ASD/ACSC. Please note we require 8 weeks’ notice to review your request.

Guidelines for enterprise mobility   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on enterprise mobility.

Technical example: Patch operating systems   Publication

Dec 16, 2022 - Patching operating systems is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to their devices and sensitive information. Patches improve the security of operating systems by fixing known vulnerabilities.

ISM feedback form   Service

Mar 2, 2023 - ISM feedback and enquiries.

IRAP community feedback form  

Mar 1, 2021 - IRAP Community feedback form for the community to comment on a range of topics about the course

Report a vulnerability   Service

Report vulnerabilities that are not publicly known, through the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) coordinated vulnerability disclosure service.

New domain name changes could leave your business or organisation at risk   Alert

Mar 23, 2022 - The new domain name category, could leave your business or organisation open to fraudulent cyber activity. Register your .au domain name before it becomes available to the general public.

SDBBot targeting health sector   Alert

Nov 12, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).

Netlogon elevation of privilege vulnerability (CVE-2020-1472)   Alert

Sep 22, 2020 - The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.

Active exploitation of vulnerable MobileIron products   Alert

Sep 18, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.

Increasing reports of myGov-related SMS and email scams targeting Australians   Alert

Jul 16, 2020 - Be on the lookout for myGov-related SMS and email scams asking you to verify your myGov details.

Processors can be exploited by Meltdown and Spectre vulnerabilities   Alert

Jan 29, 2020 - Security researchers have developed methods involving speculative execution to read kernel memory from user space on a variety of processors from a range of vendors produced in the last decade. These methods have been referred to as Meltdown and Spectre.