Search

Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks   Advisory

Sep 16, 2020 - This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.

Report and recover from identity theft   Guidance

Nov 14, 2024 - Know where to make a report and get help if someone has stolen your personal or business identity.

2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway   Advisory

Jan 13, 2020 - On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.

Learn the basics  

Aug 30, 2023 - Interactive tools and advice to boost your cyber security when online.

Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure   Advisory

Sep 6, 2024 - The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.

Small business cybersecurity guide   Publication

Jun 16, 2023 - This guide includes basic security measures to help protect your business against common cyberthreats.

Guidelines for software development   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on software development.

Protect yourself: Updates   Guidance

Oct 14, 2022 - Cybercriminals are always looking for easy paths to get onto your devices.

How to dispose of your device securely   Guidance

May 18, 2022 - You should consider that any devices you dispose of could be accessed by strangers.

Protect yourself: Multi-factor authentication   Guidance

Oct 14, 2022 - Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity.

Summary of Tactics, Techniques and Procedures Used to Target Australian Networks   Advisory

May 20, 2020 - This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.

Protecting your family   Guidance

May 2, 2023 - Advice and guidance for parents and guardians to help children have secure experiences online.

Microsoft Exchange ProxyShell Targeting in Australia   Alert

Aug 19, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.

Small business cyber security  

Jul 18, 2023 - How to protect your small business from common cyber threats.

Infamous Chisel   Advisory

Aug 31, 2023 - Malware Analysis Report.
A collection of components designed to enable remote access and exfiltrate information from Android phones.

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities   Advisory

Nov 22, 2021 - Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organisations.

Protect yourself from scams  

Feb 3, 2025 - Protect your accounts by recognising and reporting scams.

News  

Nov 3, 2022 - Find the latest in cyber security news

Managed service providers: How to manage risk to customer networks   Publication

Oct 6, 2021 - There are several mitigation strategies that managed service providers can implement to protect their own networks and manage the security risks posed to their customers’ networks.

Russian GRU targeting Western logistics entities and technology companies   News

May 22, 2025 - We have released a joint advisory outlining the tactics, techniques and procedures of a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies.

Domain Name System security for domain resolvers   Publication

Oct 6, 2021 - This publication explores DNS security for recursive resolution servers. It also shares helpful strategies to reduce the risk of DNS resolver subversion or compromise.

APT exploitation of Fortinet Vulnerabilities   Alert

Apr 3, 2021 - Advanced Persistent Threat (APT) actors targeting historic Fortinet vulnerabilities.

Windows event logging and forwarding   Publication

Oct 6, 2021 - This publication has been developed as a guide to the setup and configuration of Microsoft Windows event logging and forwarding.

AI Data Security   Publication

May 23, 2025 - This publication provides essential data security guidance for organisations that develop and/or use AI systems, including businesses, government and critical infrastructure. It highlights the importance of data security in ensuring the accuracy and integrity of AI outcomes, and presents an in-depth examination of 3 areas of data security risks in AI systems: data supply chain, maliciously modified (poisoned) data, and data drift.

Head ACSC Address to AISA Cyber Conference 2021   News

Mar 17, 2021 - The Future of Cyber Security in Australia’ – Address by Abigail Bradshaw CSC, on 15 March 2021 Canberra Convention Centre.

COVID-19 themed malicious cyber activity   Advisory

Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

Mitigation strategies for edge devices: Practitioner guidance   Publication

Feb 4, 2025 - This publication expands on Mitigation strategies for edge devices: executive guidance. It provides IT practitioners with a list of mitigation strategies for the most common types of edge devices and appliances across enterprise networks and large organisations.

Educational pack for small businesses   Guidance

Jun 15, 2023 - This educational pack provides engaging content to help small business owners learn how to stay cyber secure. Includes practical activities for staff.

New joint advisory on PRC botnet operations released   News

Sep 19, 2024 - Protect your organisation and yourself from botnet operations.

Exploitation of vulnerabilities affecting Cisco firewall platforms   Alert

Apr 25, 2024 - This alert has been written for the IT teams of organisations and government. Entities are strongly encouraged to take immediate action to ensure affected devices are patched and investigate for potential compromise.