Search

Report and recover from ransomware   Guidance

Jul 14, 2023 - Learn where to get help from a ransomware attack, and steps to protect yourself against future incidents.

ABC Radio interview with Head of ACSC   News

Mar 31, 2021 - Abigail Bradshaw CSC, Head of Australian Cyber Security Centre, interview with Fran Kelly on ABC Radio National, 31 March 2021.

Update your devices  

Jan 25, 2023 - Updates are new, improved, or fixed versions of software. Regular updates are critical in maintaining a secure system. It's important to check for any updates and make sure that automatic updates are switched on. 

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities   Advisory

Dec 23, 2021 - Malicious cyber actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited. This joint Cybersecurity Advisory is to provide mitigation guidance on addressing vulnerabilities.

Cyber security incident response  

Apr 12, 2024 - This page lists publications on preparing for and responding to cyber security incidents.

Report and recover from a data breach   Guidance

Jul 14, 2023 - A data breach occurs when sensitive or personal information is accessed, disclosed or exposed to unauthorised people.

Preparing for and responding to denial-of-service attacks   Publication

Mar 17, 2025 - Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.

New guidance for small businesses to protect your devices and accounts   News

Jul 9, 2025 - Follow a list of step-by-step actions to help protect your Apple, Google and Microsoft devices and accounts.

Critical vulnerability in Ivanti CSA 4.6 (Cloud Services Appliance)   Alert

Sep 20, 2024 - Ivanti has released a security advisory addressing a critical vulnerability affecting Ivanti CSA 4.6 (Cloud Services Appliance). The vulnerability affects Ivanti CSA 4.6 before Patch 519.

Preventing Web Application Access Control Abuse   Advisory

Jul 28, 2023 - The Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

Secure your social media   Guidance

Jul 29, 2024 - Keep your social media secure by using these tips. Learn how to protect your accounts, privacy and information.

Secure your Wi-Fi and router   Guidance

Oct 29, 2024 - How to make your software, devices and networks harder to access and more resilient to attack.

Cloud computing security for executives   Publication

Jan 18, 2024 - This publication is designed to provide executives from organisations looking to utilise cloud computing services an overview of the components that make up ‘cloud’ and help understand the security risks to be considered when using cloud computing.

Windows event logging and forwarding   Publication

Oct 6, 2021 - This publication has been developed as a guide to the setup and configuration of Microsoft Windows event logging and forwarding.

Set up and perform regular backups  

Nov 9, 2022 - Backing up and having backups mean you can restore your files if something goes wrong. It is a precautionary measure so that your data is accessible in case something happens to your computer.

Kaseya VSA Supply-Chain Ransomware Attack   Alert

Jul 12, 2021 - Patch now available for Kaseya VSA platform.

Guidelines for system hardening   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system hardening.

SonicWall Breach   Alert

Feb 4, 2021 - SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.

High Assurance Evaluation Program   Program page

Aug 18, 2022 - The Australian Signals Directorate’s High Assurance Evaluation Program involves rigorous analysis and testing to search for any security vulnerabilities in products.

Critical vulnerabilities in GitLab Products   Alert

Jan 15, 2024 - The Australian Signals Directorate’s (ASD's) Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting GitLab Community Edition (CE) and Enterprise Edition (EE). Customers should update to a patched version immediately and enable multi-factor authentication for all GitLab accounts.

Supply chain compromise of 3CX DesktopApp   Alert

Mar 31, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a reported supply chain compromise affecting the 3CX DesktopApp, allowing malicious actors to conduct multi-stage attacks against users of the legitimate software. Australian users of affected versions of 3CX DesktopApp should immediately follow the vendor’s advice and investigate for signs of malicious activity.

Antivirus software   Guidance

Apr 11, 2023 - The consequences of viruses, spyware and other malicious software can be serious and far reaching. Follow our guidance about using antivirus software.

Small business cloud security guides: Executive overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

How to combat fake emails   Publication

Oct 6, 2021 - Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration. Using DMARC with DomainKeys Identified Mail (DKIM) to sign emails provides further safety against fake emails. Likewise, organisations can better protect their users against fake emails by ensuring their email systems use and apply SPF, DKIM and DMARC policies on inbound email.

Report and recover from scams   Guidance

Apr 11, 2023 - If someone has stolen your money or personal information, find out what to do and who to contact. We also provide advice on how to avoid scams in future.

Home  

Sep 30, 2025 - Welcome to the Australian Cyber Security Centre website - cyber.gov.au

Guidelines for database systems   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on database systems.

How to use the internet securely: A guide for seniors   Guidance

Oct 1, 2021 - Some basic cyber security practices that you can use to protect yourself when accessing the internet.

Serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket   Alert

Dec 7, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about serious vulnerabilities in certain Atlassian products (CVE-2023-22522, CVE-2023-22523 and CVE-2022-1471) which are fixed by recent patches. Operators are urged to review Atlassian’s advice and implement recommended mitigations before exploitation begins.

User education  

Apr 11, 2023 - This page lists publications on cybersecurity that relate to the behaviour of people and virtual communities of people.