Search

IRAP assessment feedback form   Service

Feb 1, 2021 - IRAP Assessment feedback form for IRAP assessments

Guidelines for communications systems   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications systems.

Vulnerability in Microsoft Office SharePoint Server products   Alert

Jul 20, 2025 - ASD’s ACSC is aware of a vulnerability (CVE-2025-53770) affecting instances of Microsoft Office SharePoint Server products. Organisations are strongly encouraged to take immediate action to mitigate and detect compromise on relevant systems.

Guidelines for cryptography   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on cryptography.

日本語 (Japanese)   Guidance

Apr 19, 2024 - The information and resources available are intended to increase your safety online and have been translated into Japanese.

Mandatory Incident Reporting   News

Apr 11, 2022 - New measures to enhance the cyber security of Australia’s critical infrastructure.

हिंदी (Hindi)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Hindi.

中文简体 (Simplified Chinese)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Chinese Simplified.

한국어 (Korean)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Korean.

中文繁體 (Traditional Chinese)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Chinese Traditional.

العربية (Arabic)    Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Arabic.

ਪੰਜਾਬੀ (Punjabi)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Punjabi.

ไทย (Thai)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into ไทย.

Account compromise   Threat

Nov 10, 2023 - Account compromise is when criminals get unauthorised access to your email, banking, or other accounts.

Password managers   Guidance

May 12, 2025 - Learn how to create and store passwords in a secure location for your important accounts.

System administration  

Dec 3, 2020 - This page lists publications on securely administering systems.

Network hardening  

Apr 11, 2023 - This page lists publications on the hardening of network infrastructure.

Data breaches   Threat

Aug 30, 2023 - Sometimes personal information is released to unauthorised people by accident or as the result of a security breach. For example, an email with personal information can be sent to the wrong person, or a computer system can be hacked and personal information stolen. These are known as data breaches or data spills.

Business resources  

Apr 11, 2023 - Protecting your business from cybercriminals is vital in keeping your people and systems secure. Learn how to protect your business from cyberthreats.

Email hardening  

Apr 11, 2023 - This page lists publications on the hardening of message exchange via electronic mail.

Next.js authentication bypass vulnerability (CVE-2025-29927)   Alert

Mar 25, 2025 - An authentication bypass in the middleware layer of Next.js can allow a remote attacker to bypass security checks. Customers should update to the patched version immediately.

Increase in denial-of-service (DoS) attacks against Australian organisations   Advisory

Mar 17, 2025 - ASD's ACSC is aware of an increase in denial-of-service (DoS) attacks, where malicious actors flood websites with internet traffic, making it difficult for legitimate users to access them.

Critical vulnerabilities in Ingress-NGINX Controller for Kubernetes   Alert

Mar 26, 2025 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting Ingress-NGINX Controller for Kubernetes. Customers should update to the latest patched version immediately.

Multiple Vulnerabilities In Ivanti Endpoint Manager Mobile (Ivanti EPMM)   Alert

May 14, 2025 - The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware of two vulnerabilities, one medium and one high severity, in Ivanti Endpoint Manager Mobile (EPMM). The ASD’s ACSC recommends organisations patch to the latest version of Ivanti EPMM, available through Ivanti’s download portal, and investigate whether their systems have been compromised.

Vulnerability in Fortinet’s FortiManager   Alert

Oct 24, 2024 - The ASD’s ACSC is aware of a vulnerability affecting all versions of Fortinet's FortiManager device that enables an unauthorised actor access to the FortiManager console (CVE-2024-47575). FortiManager devices provide centralised management of Fortinet devices from a single console.

Critical vulnerability in Ivanti CSA 4.6 (Cloud Services Appliance)   Alert

Sep 20, 2024 - Ivanti has released a security advisory addressing a critical vulnerability affecting Ivanti CSA 4.6 (Cloud Services Appliance). The vulnerability affects Ivanti CSA 4.6 before Patch 519.

CVE-2024-24919 - Check Point Security Gateway Information Disclosure   Alert

May 31, 2024 - The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor.

Widespread outages relating to CrowdStrike software update   Alert

Jul 21, 2024 - A CrowdStrike software update has led to outages impacting Windows systems.

Vulnerability in Progress Kemp products   Alert

Feb 22, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-1212) that affects all Progress Kemp LoadMaster releases after 7.2.48.1. Organisations are strongly encouraged to take immediate action to patch relevant systems.

Critical Vulnerability in FortiOS   Alert

Feb 9, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is aware of a critical (9.6) vulnerability (CVE-2024-21762) in Fortinet FortiOS devices.