Search

Secure by Design foundations   Publication

Jul 30, 2024 - ASD’s ACSC's Secure by Design foundations represent a first step in a new approach to assist technology manufacturers and customers to adopt Secure by Design. While the foundations are primarily designed to foster discussion within technology manufacturers on how to best approach Secure by Design, they contain relevant information and actions for technology customers.

Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services   Advisory

May 8, 2020 - The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:

Protect yourself: Updates   Guidance

Oct 14, 2022 - Cybercriminals are always looking for easy paths to get onto your devices.

Update your small business cyber security   News

Jun 12, 2024 - Resources to help protect small businesses from cyber threats.

Essential Eight Maturity Model Update   News

Nov 27, 2023 - The Australian Signals Directorate has updated the Essential Eight Maturity Model (E8MM).

New guidance for software and service manufacturers deploying system updates   News

Oct 25, 2024 - Implementing a safe software deployment program is vital for maintaining customer trust.

How to update your device and software   Guidance

Jul 30, 2024 - Cybercriminals are always looking for easy paths to get onto your device. Updating your device and software is the easiest way reduce the risk of being a victim of cybercrime.

Important Vulnerabilities in Microsoft’s October 2023 Security Update   Alert

Oct 13, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s October 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Important Vulnerabilities in Microsoft’s August 2023 Security Update   Alert

Aug 10, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s August 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Widespread outages relating to CrowdStrike software update   Alert

Jul 21, 2024 - A CrowdStrike software update has led to outages impacting Windows systems.

Mandatory Incident Reporting   News

Apr 11, 2022 - New measures to enhance the cyber security of Australia’s critical infrastructure.

Important Vulnerabilities in Microsoft’s July 2023 Security Update   Alert

Jul 13, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s July 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Important Vulnerabilities in Microsoft’s June 2023 Security Update   Alert

Jun 15, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s June 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Important Vulnerabilities in Microsoft’s May 2023 Security Update   Alert

May 11, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is concerned about vulnerabilities disclosed in Microsoft’s May 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations.

Update your devices to keep cybercriminals out   News

May 3, 2021 - Updating the software on electronic devices is one of the easiest and most important ways all Australians can defend against cybercriminals and be protected from online threats.

Seeking industry feedback on new ASD Foundations for Secure-by-Design   News

Nov 2, 2023 - Have your say on how Secure-by-Design practices should look.

Threat update: COVID-19 malicious cyber activity 20 April 2020   Advisory

Apr 20, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) continues to receive reports from individuals, businesses and government departments about a range of different COVID-19 themed scams, online frauds and phishing campaigns. This threat update is about raising awareness of the evolving nature of COVID-19 related malicious cyber activity impacting Australians.

Threat update: COVID-19 malicious cyber activity 27 March 2020   Advisory

Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

Recommendations to mitigate DDoS threats being made against Australian organisations   Advisory

Feb 25, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.

Google Releases Security Updates for Chrome Browser   Alert

Jun 21, 2021 - On June 17 2021, Google released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. The patch notes for this version can be viewed at Chrome Release Note.

Microsoft Releases Security Updates for Microsoft Edge Browser   Alert

Jun 30, 2021 - On June 24 2021, Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.

Head of ACSC talks cyber security with Natarsha Belling in podcast special   News

Nov 29, 2021 - Ms Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), recently sat down with journalist Natarsha Belling to discuss the common cyber threats affecting Australians today.

Joint statement - Digital Transformation Agency and Australian Signals Directorate - Secure Internet Gateways update   News

Nov 1, 2021 - The Australian Government is further strengthening the ICT systems of Government entities by enhancing its Secure Internet Gateway (SIG) policy and through the Cyber Hubs initiative. The Digital Transformation Agency (DTA) is working on these initiatives with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).

Strategies to mitigate cybersecurity incidents: Mitigation details   Publication

Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cybersecurity professionals in all organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

Cisco Catalyst 8000V Edge (C8000V) running IOS-XE 17.15  

May 8, 2025 - Cisco Catalyst 8000V Edge (C8000V) running IOS-XE 17.15

Potential exploitation of Click Studio’s PasswordState software   Alert

Apr 27, 2021 - On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.

Information stealer malware   Guidance

Jul 15, 2025 - Information stealer malware is a type of malware designed to steal sensitive data from devices. This can include user credentials, browser data and more.

Secure your NAS device   Guidance

Nov 29, 2024 - Protect your network-attached storage (NAS) device and the important data it holds with this guide.

Malicious insiders   Threat

Jun 23, 2020 - Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cyber security at risk or spill data.

How to secure your devices  

Nov 29, 2024 - Protect your sensitive data and accounts. Learn how to secure your devices such as your computer, mobile phone and Internet of Things devices.