You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 271 - 300 of 413 results.
Set up and perform regular backups
Nov 9, 2022 - Backing up and having backups mean you can restore your files if something goes wrong. It is a precautionary measure so that your data is accessible in case something happens to your computer.
New zero trust guidance – seeking industry feedback News
Feb 10, 2025 - Have your say on new Foundations for modern defensible architectures, including zero trust and secure-by-design principles.
Windows event logging and forwarding Publication
Oct 6, 2021 - This publication has been developed as a guide to the setup and configuration of Microsoft Windows event logging and forwarding.
Kaseya VSA Supply-Chain Ransomware Attack Alert
Jul 12, 2021 - Patch now available for Kaseya VSA platform.
Preparing for and responding to denial-of-service attacks Publication
Mar 17, 2025 - Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.
Further cyber sanctions in response to Medibank Private cyberattack News
Feb 12, 2025 - Today Australia has imposed targeted financial and travel sanctions on a cyber infrastructure entity – ZServers – and five of its Russian employees for their roles in providing infrastructure to host and disseminate data stolen from Medibank Private in 2022.
How to use the internet securely: A guide for seniors Guidance
Oct 1, 2021 - Some basic cyber security practices that you can use to protect yourself when accessing the internet.
SonicWall Breach Alert
Feb 4, 2021 - SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.
Domain Name System security for domain owners Publication
Oct 6, 2021 - This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.
High Assurance Evaluation Program Program page
Aug 18, 2022 - The Australian Signals Directorate’s High Assurance Evaluation Program involves rigorous analysis and testing to search for any security vulnerabilities in products.
Critical vulnerabilities in GitLab Products Alert
Jan 15, 2024 - The Australian Signals Directorate’s (ASD's) Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting GitLab Community Edition (CE) and Enterprise Edition (EE). Customers should update to a patched version immediately and enable multi-factor authentication for all GitLab accounts.
Supply chain compromise of 3CX DesktopApp Alert
Mar 31, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a reported supply chain compromise affecting the 3CX DesktopApp, allowing malicious actors to conduct multi-stage attacks against users of the legitimate software. Australian users of affected versions of 3CX DesktopApp should immediately follow the vendor’s advice and investigate for signs of malicious activity.
Small Business Cloud Security Guides: Technical Example - Application Control Publication
Dec 16, 2022 - Application control restricts the ability of an application to run or install on a device. Application control makes it harder for users to intentionally or unintentionally install unwanted or malicious software.
Reports and statistics
Nov 3, 2022 - Find the latest cyber security reports and statistics
Cyber Security Awareness Month 2024 News
Oct 1, 2024 - October is Cyber Security Awareness Month, a time for all Australians to talk about cyber security and take action to protect their devices and accounts.
Cyber Security for Operational Technology News
Oct 2, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released new guidance to help critical infrastructure protect their systems and online supply chains.
Serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket Alert
Dec 7, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about serious vulnerabilities in certain Atlassian products (CVE-2023-22522, CVE-2023-22523 and CVE-2022-1471) which are fixed by recent patches. Operators are urged to review Atlassian’s advice and implement recommended mitigations before exploitation begins.
Summary of Tradecraft Trends for 2019-20 Alert
May 20, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far.
Critical security vulnerability affecting Apache Struts2 below 6.4.0. Alert
Dec 13, 2024 - ASD’s ACSC is aware of a critical vulnerability impacting Apache Struts2 below 6.4.0 (CVE-2024-53677).
Do you purchase technology for your organisation? News
Dec 5, 2024 - Updated guidance and new guidance for executives now available for Choosing secure and verifiable technologies.
Improve your cyber security with the Quad Cyber Challenge! News
Apr 6, 2023 - The challenge is aimed at promoting responsible cyber security practices across Australia, India, Japan and the United States.Â
Critical Vulnerability affecting Fortinet’s FortiClientEMS Alert
Mar 22, 2024 - ASD’s ACSC is aware of a critical vulnerability (CVE-2023-48788) affecting Fortinet’s FortiClientEMS. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.
Managing the risks of legacy IT: Practitioner guidance Publication
Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.
New fact sheet for critical infrastructure leaders – actions to mitigate PRC state-sponsored cyber activity News
Mar 20, 2024 - The fact sheet provides guidance for critical infrastructure leadership to protect their infrastructure and critical functions from Volt Typhoon – a state-sponsored cyber actor linked to the People’s Republic of China (PRC).
An introduction to Artificial Intelligence News
Nov 24, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released an introduction to Artificial Intelligence (AI).
COVID-19 themed malicious cyber activity Advisory
Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.
PRC state-sponsored cyber group APT40’s expanding tradecraft and tactics News
Jul 9, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released a new joint advisory with international partners on the People’s Republic of China (PRC) Ministry of State Security (MSS) tradecraft in action.
Guidelines for database systems Advice
Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on database systems.
Ransomware targeting Australian aged care and healthcare sectors Alert
Aug 2, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of increased targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.
How to combat fake emails Publication
Oct 6, 2021 - Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration. Using DMARC with DomainKeys Identified Mail (DKIM) to sign emails provides further safety against fake emails. Likewise, organisations can better protect their users against fake emails by ensuring their email systems use and apply SPF, DKIM and DMARC policies on inbound email.
