Search

Safe Software Deployment   Publication

Oct 25, 2024 - It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements.

Guidelines for database systems   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on database systems.

SVR cyber actors adapt tactics for initial cloud access   Advisory

Feb 27, 2024 - How SVR-attributed actors are adapting to the move of government and corporations to cloud infrastructure.

Update your devices  

Jan 25, 2023 - Updates are new, improved, or fixed versions of software. Regular updates are critical in maintaining a secure system. It's important to check for any updates and make sure that automatic updates are switched on. 

Recovering a compromised online account   Guidance

Nov 10, 2023 - Online accounts are important for our day-to-day activities and often store sensitive information about us. This can make them useful for cybercriminals looking to gain access to our resources or identities.

Reports and statistics  

Nov 3, 2022 - Find the latest cyber security reports and statistics

COVID-19 themed malicious cyber activity   Advisory

Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

Social media terms of use  

May 7, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) uses a number of social media services as part of its communications activities. These services include Facebook, Twitter, LinkedIn, Vimeo and YouTube. 

Incident response  

Apr 12, 2024 - This page lists publications on preparing for and responding to cybersecurity incidents.

2021-003: Ongoing campaign using Avaddon Ransomware   Advisory

May 8, 2021 - The Australian Cyber Security Centre (ACSC) is aware of an ongoing ransomware campaign utilising the Avaddon Ransomware malware. This campaign is actively targeting Australian organisations in a variety of sectors. This advisory provides details of Avaddon threat actors, dark web activity, targeted countries and sectors, the malware infection chain, and known Techniques, Tools, and Procedures (TTPs). If activity is identified relating to this advisory please report any findings to the ACSC.

2023 top routinely exploited vulnerabilities   Advisory

Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.

Fundamentals of Cross Domain Solutions   Publication

Oct 6, 2021 - This publication introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains.

Threat update: COVID-19 malicious cyber activity 27 March 2020   Advisory

Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances   Publication

Feb 5, 2025 - This guidance has been developed with contributions from partnering agencies and is included in a series of publications aiming to draw attention to the importance of edge device cyber security measures.

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities   Advisory

Nov 22, 2021 - Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organisations.

Cyber Security Awareness Month 2024  

Sep 30, 2024 - October is Cyber Security Awareness Month and an annual reminder for all Australians to stay secure online.

Small business  

Jun 15, 2023 - Basic steps to protect your business and staff from cyberthreats. Our guide has information and resources to help you and your staff prepare for cyberattacks.

ASD’s role in cybersecurity: For legal practitioners   Guidance

Dec 11, 2024 - During a cybersecurity incident, or suspected cybersecurity incident, our goal is to work with impacted organisations, their legal representation, and any external vendors engaged to investigate an incident on behalf of the organisation.

The Commonwealth Cyber Security Posture in 2024   Reports and statistics

Dec 5, 2024 - The Commonwealth Cyber Security Posture in 2024 informs the Australian Parliament on cybersecurity measures implemented across the Australian Government for the 2023–24 financial year.

Choosing secure and verifiable technologies   Publication

Dec 5, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and international partners have provided recommendations in this guide as a roadmap for choosing secure and verifiable technologies.

Summary of Tactics, Techniques and Procedures Used to Target Australian Networks   Advisory

May 20, 2020 - This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.

Deploying AI Systems Securely   Publication

Apr 16, 2024 - AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection   Advisory

May 25, 2023 - The People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection joint advisory provides examples of the cyber actor’s commands, along with detection signatures to aid network defenders in hunting for this activity.

View all content  

Nov 3, 2022 -

How to manage your security when engaging a Managed Service Provider   Publication

Oct 6, 2021 - Understand the actions organisations can take to manage the security risks posed by engaging and authorising network access for managed service providers.

Gateway security guidance package: Gateway technology guides   Publication

Jul 29, 2022 - This guidance is one part of a package of documents that forms the Gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the Gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.

Remote access to operational technology environments   Publication

Mar 28, 2023 - Many critical infrastructure providers are moving to support remote working arrangements. In doing so, modifying cybersecurity defences for operational technology environments (OTE) is not a decision that should be taken lightly.

Malicious cyber actors using spyware to target individuals’ personal data   News

Apr 9, 2025 - New joint advisory on BADBAZAAR and MOONSHINE spyware.

BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors   Advisory

Apr 9, 2025 - This advisory is jointly produced by government agencies from the UK, Australia, Canada, Germany, New Zealand, and the US and is supported by members of the NCSC’s Cyber League. Its purpose is to raise awareness about the growing threat that malicious cyber actors pose to individuals connected to topics including Taiwan, Tibet, Xinjiang Uyghur Autonomous Region, democracy movements and the Falun Gong.

Planning for critical vulnerabilities: What the board of directors needs to know   Publication

Dec 14, 2023 - This publication provides information on why it is important that the board of directors is aware of and plan for critical vulnerabilities that have the potential to cause major cybersecurity incidents.