Search

Resources library  

Nov 21, 2024 - Resources for individuals, families and small businesses

Exchange server critical vulnerabilities   Alert

Apr 15, 2021 - On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling access to email accounts and to enable further compromise of the Exchange server and associated networks.

Securing edge devices  

Feb 4, 2025 - Malicious actors often target internet-facing edge devices to gain unauthorised access to enterprise networks. Learn how to secure edge devices such as routers, firewalls and VPN concentrators.

Junos OS 22.3R1 for EX4400-24T, EX4400-24P, EX4400-24MP, EX4400-48T, EX4400-48P, EX4400-48MP, EX4400-48F, QFX5120-48YM and ACX5448-M  

Nov 29, 2022 - Product evaluation of a series of network appliance models from the EX4400 Series and QFX5120-48YM and ACX5448-M switches.

Personal cybersecurity: First steps guide   Guidance

Apr 14, 2023 - The first of three cybersecurity guides in the personal cybersecurity series is designed to help everyday Australians understand a basic level of cybersecurity and how to take action to protect themselves from cyberthreats.

Secure by Design  

Jul 22, 2024 - Secure by Design is a proactive, security-focused approach to the development of digital products and services that necessitates a strategic alignment of an organisation’s cybersecurity goals. Secure by Design requires cyberthreats to be considered from the outset to enable mitigations through thoughtful design, architecture and security measures. Its core value is to protect consumer privacy and data through designing, building, and delivering products with fewer vulnerabilities.

Quiz library   Guidance

Test your knowledge about cybersecurity practices and threats through our quizzes.

Archived reports and statistics  

Feb 13, 2025 - Search archived report and statistics

#StopRansomware: Play ransomware   Advisory

Jun 5, 2025 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Strategies to mitigate cybersecurity incidents: Mitigation details   Publication

Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cybersecurity professionals in all organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

Reports and statistics  

Nov 3, 2022 - Find the latest cyber security reports and statistics

BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors   Advisory

Apr 9, 2025 - This advisory is jointly produced by government agencies from the UK, Australia, Canada, Germany, New Zealand, and the US and is supported by members of the NCSC’s Cyber League. Its purpose is to raise awareness about the growing threat that malicious cyber actors pose to individuals connected to topics including Taiwan, Tibet, Xinjiang Uyghur Autonomous Region, democracy movements and the Falun Gong.

2021 Top Routinely Exploited Vulnerabilities   Advisory

Apr 28, 2022 - This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

Personal cybersecurity: Next steps guide   Guidance

Jun 16, 2023 - The second of three cybersecurity guides in the pesonal cybersecurity series is designed to help everyday Australians understand a moderate level of cybersecurity and how to take action to protect themselves from cyberthreats.

Personal cybersecurity: Advanced steps guide   Guidance

Mar 23, 2023 - The third and final cybersecurity guide in the personal cybersecurity series is designed to help everyday Australians understand an advanced level of cybersecurity and how to take action to protect themselves from cyberthreats.

Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange.   Alert

Oct 10, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Servers 2013, 2016 and 2019 (Exchange).

2022 Top Routinely Exploited Vulnerabilities   Advisory

Aug 4, 2023 - This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).

Protect yourself  

Jul 30, 2024 - Advice and information about how to protect yourself online.

Resources for business and government  

Resources for business and government on cybersecurity.

Alerts and advisories  

Jan 30, 2023 - Find the latest in cybersecurity alerts and advisories

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations   Advisory

Sep 15, 2022 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has joined with international cyber security agency partners to co-author an advisory on continued Iranian state-sponsored cyber threats. Organisations are encouraged to apply the recommended mitigations to protect themselves online.

Potential SolarWinds Orion compromise   Alert

Jan 25, 2021 - FireEye identifies global campaign leveraging malicious updates to SolarWinds software.

Australian Information Security Evaluation Program (AISEP)   Program page

Mar 5, 2025 - The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyberthreats. These evaluation activities are certified by the Australian Certification Authority (ACA).

Archived Alerts and Advisories  

Jan 23, 2025 - Search archived cyber security alerts and advice

The Commonwealth Cyber Security Posture in 2024   Reports and statistics

Dec 5, 2024 - The Commonwealth Cyber Security Posture in 2024 informs the Australian Parliament on cybersecurity measures implemented across the Australian Government for the 2023–24 financial year.

Secure your mobile phone   Guidance

Nov 12, 2024 - The security of your mobile phone can be as crucial as your computer. Follow these steps to protect your phone or tablet from cybercriminals.

ISM OSCAL releases  

Mar 2, 2023 - List of current and previous ISM releases in the OSCAL format.

Educational pack for seniors   Guidance

Jun 23, 2023 - This educational pack provides engaging content to help seniors learn how to stay cyber secure. Practical steps and topics range from a basic to advanced level.

Secure your social media   Guidance

Jul 29, 2024 - Keep your social media secure by using these tips. Learn how to protect your accounts, privacy and information.

Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks   Advisory

Sep 16, 2020 - This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.