Search

New guidance for mitigating risks from bulletproof hosting providers   News

Nov 20, 2025 - Get recommendations for ISPs and network defenders to counter cybercriminal activity enabled by bulletproof hosting providers without disrupting legitimate services.

CVE-2024-24919 - Check Point Security Gateway Information Disclosure   Alert

May 31, 2024 - The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor.

Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457)   Alert

Apr 4, 2025 - Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD’s ACSC recommends customers follow the advice contained in Ivanti’s Security Advisory and assess their environments for malicious activity.

Exploitation of existing Fortinet Vulnerabilities    Alert

Apr 11, 2025 - Fortinet has released information regarding exploitation of previously known vulnerabilities affecting Fortinet devices.
ASD’s ACSC recommends customers follow the advice contained in Fortinet’s advisory page.

Next.js authentication bypass vulnerability (CVE-2025-29927)   Alert

Mar 25, 2025 - An authentication bypass in the middleware layer of Next.js can allow a remote attacker to bypass security checks. Customers should update to the patched version immediately.

Creating Strong Passphrases   Guidance

Oct 6, 2021 - The longer your passphrase, the better. As adversaries can crack a short password with very little effort or time, you can increase the time and effort it takes by using a passphrase instead.

Recovering a compromised email account   Guidance

Nov 10, 2023 - Email accounts are valuable targets for cybercriminals. Not just because they store sensitive messages, but also because they can be used to impersonate the account owner, to spread scams, and to perform password resets.

Hacking   Threat

Jan 5, 2023 - Hacking refers to unauthorised access of a system or network, often to exploit a system’s data or manipulate its normal behaviour.

2021 Trends Show Increased Globalized Threat of Ransomware   Advisory

Feb 10, 2022 - This joint Cybersecurity Advisory—authored by cybersecurity authorities in the United States, Australia, and the United Kingdom—provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

Critical vulnerability in Ivanti CSA 4.6 (Cloud Services Appliance)   Alert

Sep 20, 2024 - Ivanti has released a security advisory addressing a critical vulnerability affecting Ivanti CSA 4.6 (Cloud Services Appliance). The vulnerability affects Ivanti CSA 4.6 before Patch 519.

Critical Vulnerability affecting Fortinet’s FortiClientEMS   Alert

Mar 22, 2024 - ASD’s ACSC is aware of a critical vulnerability (CVE-2023-48788) affecting Fortinet’s FortiClientEMS. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.

Secure administration   Publication

Oct 6, 2021 - Privileged access allows administrators to perform their duties, and is often seen as the ‘keys to the kingdom’. This publication provides guidance on how to implement secure administration techniques as part of the management of privileged access.

First Nations business resources   Guidance

Jan 5, 2023 - Cybercriminals are finding new ways to target First Nations businesses all the time. There are a few simple things you can do to keep yourself and your business secure online.

Vulnerability in Progress Kemp products   Alert

Feb 22, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-1212) that affects all Progress Kemp LoadMaster releases after 7.2.48.1. Organisations are strongly encouraged to take immediate action to patch relevant systems.

Remote Code Execution Vulnerability In Cisco Unified Communications Products   Alert

Jan 26, 2024 - ASD’s ACSC is aware of a vulnerability in Cisco Unified Communications Products (CVE 2024-20253).

Organisations using Cisco Unified Communication products are strongly advised to follow the mitigation advice provided by Cisco if they are vulnerable.

New joint advisory on PRC botnet operations released   News

Sep 19, 2024 - Protect your organisation and yourself from botnet operations.

Implementing application control   Publication

Nov 27, 2023 - Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control.

Remote Code Execution Vulnerability In Confluence Data Center and Confluence Server   Alert

Jan 17, 2024 - ASD’s ACSC is aware of a vulnerability in Confluence Data Center and Confluence Server (CVE-2023-22527). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.

Securing PowerShell in the enterprise   Publication

Oct 6, 2021 - This publication describes a maturity framework for PowerShell, balancing the security and business requirements of organisations. This framework enables organisations to take incremental steps towards securing PowerShell across their environment.

Microsoft Office Outlook Remote Code Execution Vulnerability   Alert

Feb 18, 2024 - ASD’s ACSC is aware of a vulnerability in Microsoft Office Outlook (CVE-2024-21413).
Users of Microsoft Office Outlook are strongly advised to follow the mitigation advice provided by Microsoft if they are vulnerable.