Search

Technical example: Configure macro settings   Publication

Dec 16, 2022 - Configuring macro settings protects an organisation’s systems from malicious macros. Macros are powerful tools. They were introduced to improve productivity however their functionality can also be used by cyber criminals to compromise a user’s system.

Priority logs for SIEM ingestion: Practitioner guidance   Publication

May 27, 2025 - This document is again intended for cyber security practitioners and provides detailed, technical guidance on the logs that should be prioritised for SIEM ingestion. It covers log sources including Endpoint Detection and Response tools, Windows/Linux operating systems, and Cloud and Network Devices.

Critical vulnerability in certain versions of Apache HTTP Server   Alert

Oct 8, 2021 - A vulnerability exists in Apache HTTP Server 2.4.49. A cyber actor could exploit this vulnerability to execute arbitrary code. Initial information also indicates that the vulnerability could also be used perform remote code execution under certain configurations. Affected Australian organisations should apply the available patch.

2021-007: Log4j vulnerability – advice and mitigations   Advisory

Dec 29, 2021 - On 10 December 2021, ASD's ACSC released an alert relating to a serious vulnerability in versions of the Log4j Java logging library. Malicious cyber actors are using this vulnerability to target and compromise systems globally and in Australia. The ASD's ACSC is working with a significant number of victims and affected vendors across all sectors of the economy.

Remote code execution vulnerability present in Atlassian Confluence Server and Data Center   Alert

Jun 5, 2022 - A critical unauthenticated remote code execution vulnerability (CVE-2022-26134) has been identified in all supported versions of Atlassian Confluence Server and Data Center. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends organisations restrict internet access to and from affected devices.

Remote code execution vulnerability present in Samba versions prior to 4.13.17   Alert

Feb 4, 2022 - A vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Exploitation of this vulnerability could allow a malicious cyber actor to perform privileged remote code execution. Affected Australian organisations should apply the available patch, including affected software vendors.

Serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket   Alert

Dec 7, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about serious vulnerabilities in certain Atlassian products (CVE-2023-22522, CVE-2023-22523 and CVE-2022-1471) which are fixed by recent patches. Operators are urged to review Atlassian’s advice and implement recommended mitigations before exploitation begins.

Critical vulnerabilities in GitLab Products   Alert

Jan 15, 2024 - The Australian Signals Directorate’s (ASD's) Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting GitLab Community Edition (CE) and Enterprise Edition (EE). Customers should update to a patched version immediately and enable multi-factor authentication for all GitLab accounts.

Multiple vulnerabilities present in the Spring Framework for Java   Alert

Apr 4, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of media reporting relating to multiple potential vulnerabilities, including the so-called SpringShell vulnerability, in the Java Spring framework and its execution environments. These vulnerabilities pose a threat to organisations running applications on the web which contain components using the Java Spring framework.

Cloud services   Program page

Feb 24, 2023 - The Cloud Services Certification Program (CSCP) ceased on 2 March 2020. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) ceased the Certified Cloud Services List (CCSL) on 27 July 2020 and concurrently released the Cloud Security Guidance package.

Remote code execution vulnerability present in Fortinet devices   Alert

Oct 13, 2022 - A vulnerability (CVE-2022-40684) has been identified in several Fortinet products running certain versions from 7.0.0 onwards, that could allow a malicious cyber actor to bypass authentication and perform unauthorised actions. Affected Australian organisations should apply the available patch and follow Fortinet’s mitigation advice.

Critical Vulnerability in popular Java framework Apache Struts2   Alert

Dec 14, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about a critical Remote Code Execution (RCE) vulnerability in Apache Struts2. This primarily affects Java applications which use this framework. Apache Struts2 is widely used in enterprise and bespoke Java applications.

Identifying and Mitigating Living Off the Land Techniques   Advisory

Feb 8, 2024 - This Guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies (hereafter referred to as the authoring agencies), provides information on common living off the land (LOTL) techniques and common gaps in cyber defense capabilities.

Understanding Ransomware Threat Actors: LockBit   Advisory

May 8, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) alongside international partners have released a joint advisory on the ransomware variant LockBit. It functions as an affiliate-based Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure.

Gootkit Loader continues to be used on multiple Australian networks   Advisory

Dec 23, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) continues to observe instances of Gootkit JavaScript (JS) Loaders on multiple Australian networks in 2022. Open source reporting also indicates continued Gootkit activity.

ForgeRock Open AM critical vulnerability   Alert

Jul 7, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ASD’s ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.

TMUI remote code execution vulnerability - CVE-2020-5902   Alert

Jul 6, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

Multiple Vulnerabilities In Ivanti Endpoint Manager Mobile (Ivanti EPMM)   Alert

May 14, 2025 - The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware of two vulnerabilities, one medium and one high severity, in Ivanti Endpoint Manager Mobile (EPMM). The ASD’s ACSC recommends organisations patch to the latest version of Ivanti EPMM, available through Ivanti’s download portal, and investigate whether their systems have been compromised.

Critical vulnerabilities in ‘ownCloud’ file share   Alert

Nov 29, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of multiple critical vulnerabilities affecting the file sync and sharing software ‘ownCloud’. This primarily impacts self-hosted instances of the open-source product. Those impacted should apply the patches available and consider the workarounds made available by the vendor.

Supply chain compromise of 3CX DesktopApp   Alert

Mar 31, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a reported supply chain compromise affecting the 3CX DesktopApp, allowing malicious actors to conduct multi-stage attacks against users of the legitimate software. Australian users of affected versions of 3CX DesktopApp should immediately follow the vendor’s advice and investigate for signs of malicious activity.

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities   Advisory

Dec 23, 2021 - Malicious cyber actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited. This joint Cybersecurity Advisory is to provide mitigation guidance on addressing vulnerabilities.

#StopRansomware: BianLian Ransomware Group   Advisory

Nov 21, 2024 - The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ASD's ACSC investigations as of March 2023.

New Secure-by-Design publication about memory safety released    News

Jun 27, 2024 - Today, we jointly released a new Secure-by-Design publication, Exploring Memory Safety in Critical Open Source Projects, co-authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Canadian Centre for Cyber Security (CCCS).

Small business cloud security guides: Executive overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)   Alert

Feb 25, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.

Educational pack for small businesses   Guidance

Jun 15, 2023 - This educational pack provides engaging content to help small business owners learn how to stay cyber secure. Includes practical activities for staff.

ASD's ACSC Threat Report 2016   Reports and statistics

Oct 15, 2016 - This is the second Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) Threat Report. It continues to reflect on the experience, focus, and mandates of the ASD's ACSC’s member organisations. The report provides an insight into what the Centre has been seeing, learning, and responding to, focusing on specific areas of change or new knowledge obtained.

PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure   Advisory

Feb 8, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

Malicious insiders   Threat

Jun 23, 2020 - Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cyber security at risk or spill data.

JCSC virtual presentations on Log4j2 vulnerability – Friday 17 December   News

Dec 16, 2021 - A critical alert and advisory has been published on the Log4j2 vulnerability. On Friday 17 December 2021, ASD's ACSC’s Joint Cyber Security Centres (JCSCs) will facilitate a series of virtual awareness and advice sessions about this vulnerability. Australians are urged to act now to secure their computer systems against this critical software vulnerability.