Search

Vulnerability Disclosure Program   News

Nov 23, 2022 - New ACSC publication released to help organisations implement a Vulnerability Disclosure Program.

New Secure-by-Design publication released in collaboration with international partners   News

May 15, 2024 - Today, the Australian Signals Directorate has released a new Secure-by-Design advisory, Choosing Secure and Verifiable Technologies, developed and co-sealed with our Five Eyes partners.

Secure by Design foundations   Publication

Jul 30, 2024 - ASD’s ACSC's Secure by Design foundations represent a first step in a new approach to assist technology manufacturers and customers to adopt Secure by Design. While the foundations are primarily designed to foster discussion within technology manufacturers on how to best approach Secure by Design, they contain relevant information and actions for technology customers.

An Introduction to Securing Smart Places   News

Nov 21, 2022 - New ASD's ACSC publication released to help organisations secure smart places.

Français (French)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Français.

Seeking industry feedback on new ASD Foundations for Secure-by-Design   News

Nov 2, 2023 - Have your say on how Secure-by-Design practices should look.

Microsoft Releases Security Updates for Microsoft Edge Browser   Alert

Jun 30, 2021 - On June 24 2021, Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.

Google Releases Security Updates for Chrome Browser   Alert

Jun 21, 2021 - On June 17 2021, Google released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. The patch notes for this version can be viewed at Chrome Release Note.

Sextortion campaign - What to do if you receive the email   Advisory

Apr 16, 2020 - In most cases, there is no reason to be concerned. These emails are typically generated in their thousands by online scammers using limited personal details, with the aim of intimidating recipients into paying the ransom.

Essential Eight assessment course   Program page

Jul 3, 2023 - The Essential Eight Assessment Course will help you understand the intent and application of the Essential Eight, learn to use ASD designed tools, and accurately test the implementation of the Essential Eight.

How to combat fake emails   Publication

Oct 6, 2021 - Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration. Using DMARC with DomainKeys Identified Mail (DKIM) to sign emails provides further safety against fake emails. Likewise, organisations can better protect their users against fake emails by ensuring their email systems use and apply SPF, DKIM and DMARC policies on inbound email.

Guidelines for personnel security   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.

Restricting Microsoft Office macros   Publication

Nov 27, 2023 - This publication has been developed to discuss approaches that can be applied by organisations to secure systems against malicious Microsoft Office macros while balancing both their business and security requirements.

Alerts and advisories  

Jan 30, 2023 - Find the latest in cybersecurity alerts and advisories

Filipino (Filipino)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Filipino.

Tok Pisin (New Guinea Pidgin)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into New Guinea Pidgin.

Report and recover from scams   Guidance

Apr 11, 2023 - If someone has stolen your money or personal information, find out what to do and who to contact. We also provide advice on how to avoid scams in future.

Who are ASD's training providers?   Program page

Mar 23, 2021 - ASD endorses ICT training providers to develop and facilitate IRAP New Starter Training.

Protect yourself from ransomware   Guidance

Feb 12, 2025 - A ransomware attack could block you from accessing your device or the information on it. Take some time to consider how a ransomware attack might affect you.

Hunting Russian Intelligence “Snake” Malware   Advisory

May 10, 2023 - This Cybersecurity Advisory (CSA) provides background on Snake’s attribution to the FSB and detailed technical descriptions of the implant’s host architecture and network communications.

Joint advisory released on recent activity by Scattered Spider threat actors   News

Jul 30, 2025 - Read about the tactics, techniques and procedures (TTPs) recently used by Scattered Spider threat actors against the commercial facilities sector and subsectors.

Data breaches   Threat

Aug 30, 2023 - Sometimes personal information is released to unauthorised people by accident or as the result of a security breach. For example, an email with personal information can be sent to the wrong person, or a computer system can be hacked and personal information stolen. These are known as data breaches or data spills.

Security configuration guide: Apple iOS 14 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australians to understand risks when deploying iOS 14 devices and the security requirements that need to be met to allow them to handle classified data.

How to become an IRAP Assessor   Program page

Aug 15, 2024 - IRAP Assessors are ASD-endorsed ICT professionals from across Australia who have the necessary experience and qualifications in ICT security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.

Detecting and mitigating Active Directory compromises   Publication

Jan 22, 2025 - This publication provides an overview of techniques used to compromise Active Directory, and recommended strategies to mitigate these techniques. By implementing the recommendations in this publication, organisations can significantly improve their Active Directory security, and therefore their overall network security posture.

2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway   Advisory

Jan 13, 2020 - On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.

Scattered Spider   Advisory

Jul 30, 2025 - This joint Cybersecurity Advisory is in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors, subsectors, and other sectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as June 2025

Secure your user account   Guidance

Jan 24, 2024 - A user account is the account you use to sign in on your computer at home, school or work. Cybercriminals will target unsecure accounts and take advantage of poor security habits within the home and businesses. Their goal is to get access to your computer and steal your information. There are many ways to improve your account security, keep your accounts safe and avoid being the victim of a cyberattack.

Report and recover from identity theft   Guidance

Nov 14, 2024 - Know where to make a report and get help if someone has stolen your personal or business identity.

Spotting scams   Guidance

Learn how to identify phishing messages to stay safe and protect your personal information.