Search

Report and recover from malware   Guidance

Nov 10, 2023 - If you’ve fallen victim to a malware attack, find out what to do and who to contact.

Gateway security guidance package: Gateway operations and management   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

Technical example: Restrict administrative privileges   Publication

Dec 16, 2022 - Privileged account credentials are prized by cybercriminals because they provide extensive access to high value assets within a network. Restricting privileged access to only users with a demonstrated business need is essential to protecting your environment.

Mitigation strategies for edge devices: Executive guidance   Publication

Feb 4, 2025 - This publication provides a high-level summary of ASD’s existing guidance to manage and secure edge devices effectively. It is intended for executives in large organisations and critical infrastructure providers that are responsible for the deployment, operation, security, and maintenance of enterprise networks. ASD is soon to release a comprehensive technical publication on mitigation strategies for edge devices for practitioners.

Spotting scams   Guidance

Learn how to identify phishing messages to stay safe and protect your personal information.

Hardening Microsoft Windows 10 workstations   Publication

Sep 4, 2025 - This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 22H2.

Secure your mobile phone   Guidance

Nov 12, 2024 - The security of your mobile phone can be as crucial as your computer. Follow these steps to protect your phone or tablet from cybercriminals.

Essential Eight assessment process guide   Publication

Oct 2, 2024 - This publication provides advice on how to assess the implementation of the Essential Eight.

Critical vulnerabilities in GitLab Products   Alert

Jan 15, 2024 - The Australian Signals Directorate’s (ASD's) Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting GitLab Community Edition (CE) and Enterprise Edition (EE). Customers should update to a patched version immediately and enable multi-factor authentication for all GitLab accounts.

Remote access to operational technology environments   Publication

Mar 28, 2023 - Many critical infrastructure providers are moving to support remote working arrangements. In doing so, modifying cyber security defences for operational technology environments (OTE) is not a decision that should be taken lightly.

Business Continuity in a Box   Guidance

Aug 21, 2024 - Business Continuity in a Box assists organisations to swiftly and securely stand up critical business functions during or following a cyber security incident that has affected the availability or trust of existing systems.

Technical example: Patch applications   Publication

Mar 1, 2023 - Patching applications is one of the most effective controls an organisation can implement to prevent cyber criminals from gaining access to their devices and sensitive information. Patches improve the security of applications by fixing known vulnerabilities.

Joint cybersecurity advisory released on 2021's top routinely exploited vulnerabilities   News

Apr 28, 2022 - Malicious cyber actors are aggressively targeting newly-disclosed and dated critical software vulnerabilities against a broad range of targets, including public and private sector organisations worldwide.

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure   Advisory

May 17, 2022 - The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine has altered the geopolitical balance in ways that could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

Guidelines for cyber security documentation   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on cyber security documentation.

Medibank Private Cyber Security Incident   Alert

Dec 1, 2022 - ASD’s Australian Cyber Security Centre is working closely with Medibank Private following the recent incident.

Protect yourself from remote access scams   Advisory

Nov 4, 2020 - NEVER provide your personal and financial details or give a stranger remote access to your device or computer – simply hang up.

Secure your Apple macOS device   Guidance

Nov 29, 2024 - Your Apple macOS device often holds your most important data. Use these simple steps to protect your device from cyber attacks.

Report and recover from scams   Guidance

Apr 11, 2023 - If someone has stolen your money or personal information, find out what to do and who to contact. We also provide advice on how to avoid scams in future.

End of support for Microsoft Windows and Microsoft Windows server   Publication

Sep 4, 2025 - Support for Microsoft Windows and Microsoft Windows Server users following the expiration of the specified servicing timeline.