Search

Gateway security guidance package: Gateway technology guides   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.

The Commonwealth Cyber Security Posture in 2022   Reports and statistics

Dec 16, 2022 - The Commonwealth Cyber Security Posture in 2022 (the report) informs Parliament on the implementation of cybersecurity measures across the Commonwealth government, for the period January 2021 to June 2022. As of June 2022, the Commonwealth comprised 97 non-corporate Commonwealth entities (NCCEs), 71 corporate Commonwealth entities (CCEs) and 17 Commonwealth companies (CCs).

Advice, guidance and publications  

Nov 3, 2022 - Find the latest cyber security advice, guidance and publications

Guidelines for system hardening   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system hardening.

View all content  

Nov 3, 2022 -

Page not found  

Jun 14, 2020 - Page not found for error 404

Supply chain compromise of 3CX DesktopApp   Alert

Mar 31, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a reported supply chain compromise affecting the 3CX DesktopApp, allowing malicious actors to conduct multi-stage attacks against users of the legitimate software. Australian users of affected versions of 3CX DesktopApp should immediately follow the vendor’s advice and investigate for signs of malicious activity.

Update your small business cyber security   News

Jun 12, 2024 - Resources to help protect small businesses from cyber threats.

Critical vulnerability in Microsoft Windows Server Update Service (WSUS)   Alert

Oct 25, 2025 - Critical vulnerability impacting Microsoft Windows Server Update Service – CVE-2025-59287. ASD’s ACSC recommends organisations update affected products to the latest versions and follow the advice detailed in the Microsoft Security Update guide.

Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities   Alert

Nov 29, 2023 - A malicious actor can exploit the vulnerability to execute code remotely without authentication. Organisations using Citrix products NetScaler ADC and NetScaler Gateway, possibly including Government and medium to large organisations. Ensure the latest release of NetScaler ADC and NetScaler Gateway have been installed.

Using the Information security manual   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on using the ISM.

#StopRansomware: BianLian Ransomware Group   Advisory

Nov 21, 2024 - The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ASD's ACSC investigations as of March 2023.

Preventing Web Application Access Control Abuse   Advisory

Jul 28, 2023 - The Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

Defending against the malicious use of the Tor network   Publication

Oct 6, 2021 - The Tor network is a system that conceals a user’s IP address. It allows anonymous – and often malicious – communication. This guidance shares advice on how to detect and prevent traffic from the Tor network.

APT40 Advisory   Advisory

Jul 9, 2024 - This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre and international partners, outlines a People’s Republic of China (PRC) state-sponsored cyber group and their current threat to Australian networks.

Programs  

Nov 3, 2022 - Find relevant cyber security programs

2023-01: ASD's ACSC Ransomware Profile - Royal   Advisory

Jan 24, 2023 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.

Managing the risks of legacy IT: Practitioner guidance   Publication

Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.

2020 Health Sector Snapshot   Reports and statistics

Feb 22, 2021 - This Sector Snapshot is designed to enhance awareness of key cyber security threats in the health sector and advise executives and cyber security professionals within the health sector on what they can do to protect their organisation from cyber threats. This report provides a high-level overview of the cyber security environment within the health sector over a twelve month period (1 January to 31 December 2020).

Report and recover  

Respond to cyber threats and take steps to protect yourself from further harm.