Fundamentals of Cross Domain Solutions
This guidance introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains. It explains the purpose of a Cross Domain Solution (CDS) and promotes a data-centric approach to a CDS system implementation based on architectural principles and risk management. This guidance also covers a broad range of fundamental concepts relating to a CDS, which should be accessible to readers who have some familiarity with the field of cyber security. Organisations with complex information sharing requirements are encouraged to refer to this guidance in the planning, analysis, design and implementation of CDS systems.
The Commonwealth Cyber Security Posture in 2020
Reports and statistics
The Commonwealth Cyber Security Posture in 2020 report informs the Parliament of the status of the Commonwealth’s cyber security posture. Overall, the report found that Commonwealth entities continued to improve their cyber security in 2020. Ongoing effort is required to maintain the currency and effectiveness of cyber security measures.
Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware that Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities.
U.S., U.K., and Australia Issue Joint Cybersecurity Advisory
Cyber Agencies Share Top Routinely Exploited Vulnerabilities
Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks
This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Cyber Security Centre’s (ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.
Strategies to Mitigate Cyber Security Incidents – Mitigation Details
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
Become an ACSC partner
The ACSC Partnership Program is open to industry, the research community and government agencies.
Advisory 2020-004: Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors
This advisory is focused around the targeting of CVE-2019-18935 but has significant overlap to the previously released ACSC 2019-126 advisory.
Advisory 2020-017: Resumption of Emotet malware campaign
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed the resumption of an ongoing and widespread campaign of malicious emails designed to spread the Emotet malware across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.
Become an ACSC Government Partner
Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services
The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:
Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.
ACSC Advisory 2019-125: Targeting of Microsoft SharePoint CVE-2019-0604
This ACSC advisory provides recommendations for securing Microsoft SharePoint and advice on identifying potential successful exploitation of this vulnerability.
Head ACSC Address to AISA Cyber Conference 2021
'The Future of Cyber Security in Australia’ – Address by Abigail Bradshaw CSC, on 15 March 2021 Canberra Convention Centre.
Summary of Tactics, Techniques and Procedures Used to Target Australian Networks
This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.
Page not found
Page not found for error 404
View all content
This page outlines all of the content types on the site so you can navigate and filter on content
ACSC social media community
Facebook, Twitter and YouTube channels for ACSC, ASD and Stay Smart Online
Anatomy of a Cloud Assessment and Authorisation
The Anatomy of a Cloud Assessment and Authorisation is co-designed with industry to support the secure adoption of cloud services across government and industry.
Web shell malware
Malicious web shells are a type of software uploaded to a compromised web server to enable remote access by an attacker. While web shells may be benign, their use by cyber adversaries is becoming more frequent due to the increasing use of web-facing services by organisations across the world.
Unacceptable malicious cyber activity
As Australians and the international community band together to respond to COVID-19, the Australian Government is concerned that malicious cyber actors are seeking to exploit the pandemic for their own gain.
View all content - Government
This page lists all of the content tagged for a government audience.
View all content - Large organisations and infrastructure
This page lists all of the content tagged for the large organisations and infrastructure audience.
View all content - Individuals and families
This page lists all of the content for the individuals and families audience group
View all content - Small and medium businesses
This page lists all the content types for small and medium businesses audience
Joint advisory on top cyber vulnerabilities
The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Cyber Security Centre (ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.
ACSC program enters its next phase through JCSCs
The ACSC Partnership Program is increasingly bringing industry, academia, law enforcement and government agencies together in collaborative work spaces, enabling information-sharing and network-hardening across the economy. This is being enabled through the network of Joint Cyber Security Centres (JCSCs) around Australia.
Register for products and services - small and medium businesses
Are you interested in being connected or receiving tailored communications for your business? There are a range of ways the ACSC is supporting you and your business.
COVID-19 cyber scams mount against Australians
Cybercriminals continue to target Australians through a range of COVID-19 themed scams, fraud attempts and deceptive email schemes, the Australian Cyber Security Centre (ACSC) has warned in a new threat update.
Introduction to Cross Domain Solutions
This document introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.
Australian Cyber Security Hotline
1300 CYBER1(1300 292 371)