Fundamentals of Cross Domain Solutions
This guidance introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains. It explains the purpose of a Cross Domain Solution (CDS) and promotes a data-centric approach to a CDS system implementation based on architectural principles and risk management. This guidance also covers a broad range of fundamental concepts relating to a CDS, which should be accessible to readers who have some familiarity with the field of cyber security. Organisations with complex information sharing requirements are encouraged to refer to this guidance in the planning, analysis, design and implementation of CDS systems.
Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware that Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities.
Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks
This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Cyber Security Centre’s (ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.
Strategies to Mitigate Cyber Security Incidents – Mitigation Details
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
Advisory 2020-004: Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors
This advisory is focused around the targeting of CVE-2019-18935 but has significant overlap to the previously released ACSC 2019-126 advisory.
Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services
The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:
Become an ACSC partner
The ACSC partnership program is open to wide range of industry, the research community and government.
Become an ACSC government partner
The ACSC partnership program is open to a wide range of industry, the research community and government.
ACSC Advisory 2019-125: Targeting of Microsoft SharePoint CVE-2019-0604
This ACSC advisory provides recommendations for securing Microsoft SharePoint and advice on identifying potential successful exploitation of this vulnerability.
Summary of Tactics, Techniques and Procedures Used to Target Australian Networks
This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.
Page not found
Page not found for error 404
View all content
This page outlines all of the content types on the site so you can navigate and filter on content
Web shell malware
Malicious web shells are a type of software uploaded to a compromised web server to enable remote access by an attacker. While web shells may be benign, their use by cyber adversaries is becoming more frequent due to the increasing use of web-facing services by organisations across the world.
Unacceptable malicious cyber activity
As Australians and the international community band together to respond to COVID-19, the Australian Government is concerned that malicious cyber actors are seeking to exploit the pandemic for their own gain.
View all content - Large organisations and infrastructure
This page lists all the content types for the large organisations and infrastructure audience
View all content - Individuals and families
This page lists all of the content for the individuals and families audience group
View all content - Small and medium businesses
This page lists all the content types for small and medium businesses audience
View all content - Government
This page lists all of the content tagged for a government audience
ACSC program enters its next phase through JCSCs
The ACSC Partnership Program is increasingly bringing industry, academia, law enforcement and government agencies together in collaborative work spaces, enabling information-sharing and network-hardening across the economy. This is being enabled through the network of Joint Cyber Security Centres (JCSCs) around Australia.
Register for products and services - small and medium businesses
The ACSC Alert Service is a free service for Australian internet users providing information on recent online threats and how they can be managed.
COVID-19 cyber scams mount against Australians
Cybercriminals continue to target Australians through a range of COVID-19 themed scams, fraud attempts and deceptive email schemes, the Australian Cyber Security Centre (ACSC) has warned in a new threat update.
Introduction to Cross Domain Solutions
This document introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.
APT activity targeting Australian health sector
Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities in Australia. The ACSC issued an advisory on 8 May 2020 with recommendations for the health sector to implement as part of their mitigation strategies.
Exploitation of critical Cisco ASA vulnerability
The ACSC has become aware of a change in the threat situation surrounding the recently announced Cisco ASA critical remote code execution vulnerability. Proof of concept code is now available which results in a denial of service condition on targeted vulnerable devices.
2019-126: Recommendations for mitigation of vulnerable version of Telerik UI
The tools to exploit this vulnerability have been publicly published and require only basic knowledge or skills to use successfully. Any servers currently running a vulnerable version should be considered at risk and remediation steps should be taken.
COVID-19 – Remote access to Operational Technology Environments
This cyber security advice is for critical infrastructure providers who are deploying business continuity plans for Operational Technology Environments (OTE)/Industrial Control Systems (ICS) during the COVID-19 pandemic.
You need to patch to protect your business online
Malicious actors are compromising Australian business Remote Desktop Protocol (RDP) services, also known as Windows Terminal Services or Windows Remote Desktop.
Summary of Tradecraft Trends for 2019-20
The Australian Cyber Security Centre (ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far.
Thirteen high impact IOS vulnerabilities outlined by Cisco
This week Cisco Systems released its semi-annual Software Security Advisory Report detailing a number of vulnerabilities in its IOS and IOS XE switch and router operating software.
Microsoft June 2017 patches for older platforms
Latest Microsoft security updates address multiple critical vulnerabilities in Windows operating systems
Australian Cyber Security Hotline
1300 CYBER1(1300 292 371)