Search

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities   Advisory

Dec 23, 2021 - Malicious cyber actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited. This joint Cybersecurity Advisory is to provide mitigation guidance on addressing vulnerabilities.

Cyber security for charities and not-for-profits   Guidance

Sep 30, 2025 - How to avoid common cyber threats and protect your mission .

Industrial control systems: Remote access protocol   Publication

Oct 6, 2021 - External parties may need to connect remotely to critical infrastructure control networks. This access is to allow the manufacturers of equipment used in Australia’s critical infrastructure the ability to maintain the equipment, when a fault is experienced that cannot be fixed in the required timeframe any other method.

Artificial intelligence and machine learning pose new cyber security risks to supply chains   News

Oct 16, 2025 - New publication for organisations on the importance of AI and ML supply chain security.

Cyber security for business leaders  

May 16, 2024 - This page lists publications on governance strategies that can be applied to improve cybersecurity within organisations.

Australian Signals Directorate releases the Annual Cyber Threat Report 2024-25   News

Oct 14, 2025 - The Annual Cyber Threat Report 2024-25 provides an overview of the key cyber threats impacting Australia, how ASD's ACSC is responding and cyber security advice for Australian individuals, organisations and government to protect themselves online.

Cloud computing security for tenants   Publication

Jan 18, 2024 - This publication is designed to assist an organisation’s cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely.

Stay ahead of the quantum threat with post-quantum cryptography   News

Sep 22, 2025 - Get updated advice to help your organisation plan and prepare for post-quantum cryptography.

Geo-blocking in context: Realities, risks and recommendations   Publication

May 19, 2025 - This guidance is intended for decision makers and cyber security practitioners. It highlights what to be aware of when identifying the source of a threat and the potential implications of geo-blocking in a broader cyber security strategy.

New guidance on integrating a Software Bill of Materials (SBOM)   News

Sep 4, 2025 - Get valuable guidance to inform organisations who procure, produce or operate software about the advantages of integrating a Software Bill of Materials (SBOM) into your security processes.

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability   Advisory

Nov 29, 2023 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Cloud computing security for cloud service providers   Publication

Jan 18, 2024 - This publication is designed to assist cloud service providers (CSPs) in offering secure cloud services. It can also assist assessors in validating the security posture of a cloud service, which is often verified through an Infosec Registered Assessors Program (IRAP) assessment of the CSP services.

Small business cloud security guides: Executive overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

Secure administration   Publication

Oct 6, 2021 - Privileged access allows administrators to perform their duties, and is often seen as the ‘keys to the kingdom’. This publication provides guidance on how to implement secure administration techniques as part of the management of privileged access.

Summary of Tradecraft Trends for 2019-20   Alert

May 20, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far.

Fast Flux: A national security threat   Advisory

Apr 4, 2025 - This advisory is for network defenders and explains how Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection. It highlights the importance of using a reputable Protective DNS (PDNS) provider that detects and blocks fast flux.

Joint Cybersecurity Guide to increase cyber security of products globally   News

Apr 14, 2023 - This guide provides a roadmap for technology manufacturers to ensure security of their products.

Essential Eight Maturity Model Update   News

Nov 27, 2023 - The Australian Signals Directorate has updated the Essential Eight Maturity Model (E8MM).

Iranian cyber actors’ brute force and credential access activity compromises critical infrastructure   Advisory

Oct 17, 2024 - The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn network defenders on Iranian cyber actors’ compromising, frequently using brute force attacks, organizations across multiple critical infrastructure sectors, including the healthcare and public health (HPH), government, information technology, engineering, and energy sectors. The actors likely aim to obtain credentials and information describing the victim’s network that can then be sold to enable access to cybercriminals.

Safeguard your business from cyber threats with the Australian Signals Directorate    News

May 13, 2024 - Australian business owners and organisations can access advice from the Australian Signals Directorate (ASD) to stay secure online.