Search

Security considerations for edge devices   Publication

Feb 5, 2025 - Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.

Easy steps to secure yourself online   Guidance

Apr 7, 2021 - Reduce the risk of being targeted by cybercriminals by following these easy steps.

Personal cyber security: Next steps guide   Guidance

Jun 16, 2023 - The second of three cyber security guides in the personal cyber security series is designed to help everyday Australians understand a moderate level of cyber security and how to take action to protect themselves from cyber threats.

#StopRansomware: Play ransomware   Advisory

Jun 5, 2025 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Cyber security for charities and not-for-profits   Guidance

Sep 30, 2025 - How to avoid common cyber threats and protect your mission .

Report and recover from ransomware   Guidance

Jul 14, 2023 - Learn where to get help from a ransomware attack, and steps to protect yourself against future incidents.

Fast Flux: A national security threat   Advisory

Apr 4, 2025 - This advisory is for network defenders and explains how Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection. It highlights the importance of using a reputable Protective DNS (PDNS) provider that detects and blocks fast flux.

PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure   Advisory

Feb 8, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

New guidance for small businesses to protect your devices and accounts   News

Jul 9, 2025 - Follow a list of step-by-step actions to help protect your Apple, Google and Microsoft devices and accounts.

Cryptomining   Threat

Jun 23, 2020 - Cryptocurrency mining (cryptomining) uses the processing power of computers to solve complex mathematical problems and verify cybercurrency transactions. The miners are then rewarded with a small amount of cybercurrency.

ASD's ACSC Annual Cyber Threat Report, July 2021 to June 2022   Reports and statistics

Nov 4, 2022 - The Annual Cyber Threat Report is the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) flagship unclassified publication. The Report provides an overview of key cyberthreats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online.

Glossary  

List of glossary terms used on cyber.gov.au website

Web conferencing security   Publication

Oct 6, 2021 - Web conferencing tools are essential for meeting with colleagues and clients online. This guide provides tips on how to choose a secure web conference provider, and what risks to be aware of.

Protect yourself from scams  

Feb 3, 2025 - Protect your accounts by recognising and reporting scams.

Cloud computing security for cloud service providers   Publication

Jan 18, 2024 - This publication is designed to assist cloud service providers (CSPs) in offering secure cloud services. It can also assist assessors in validating the security posture of a cloud service, which is often verified through an Infosec Registered Assessors Program (IRAP) assessment of the CSP services.

Small business cloud security guides: Executive overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

2023 top routinely exploited vulnerabilities   Advisory

Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.

Report and recover  

Respond to cyber threats and take steps to protect yourself from further harm.

IRAP assessors list   Program page

Aug 1, 2025 - ASD's IRAP endorses qualified security professionals to provide information security services.

Further cyber sanctions in response to Medibank Private cyberattack   News

Feb 12, 2025 - Today Australia has imposed targeted financial and travel sanctions on a cyber infrastructure entity – ZServers – and five of its Russian employees for their roles in providing infrastructure to host and disseminate data stolen from Medibank Private in 2022.

Enhanced visibility and hardening guidance for communications infrastructure   Advisory

Dec 4, 2024 - This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.

DDoS threats being made against Australian organisations   Alert

May 25, 2020 - Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.

Australian Information Security Evaluation Program (AISEP)   Program page

Jul 2, 2025 - The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyberthreats. These evaluation activities are certified by the Australian Certification Authority (ACA).

Mitigating cyber security incidents  

Aug 30, 2023 - The Australian Signals Directorate has developed prioritised mitigation strategies to help organisations mitigate cyber security incidents caused by various cyber threats.

Update your small business cyber security   News

Jun 12, 2024 - Resources to help protect small businesses from cyber threats.

ABC Radio interview with Head of ACSC   News

Mar 31, 2021 - Abigail Bradshaw CSC, Head of Australian Cyber Security Centre, interview with Fran Kelly on ABC Radio National, 31 March 2021.

System hardening  

Oct 31, 2025 - This page lists publications on the hardening of applications and IT equipment.

Practical cyber security tips for business leaders   News

Jan 17, 2024 - Business leaders are at higher risk of a cyber incident due to the information they have access to, the people they interact with and the influence they have.

High Severity vulnerability present in OpenSSL version 3.x   Alert

Nov 2, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a buffer overrun and buffer overflow vulnerability in OpenSSL versions above to 3.0. All Australian organisations using version 3.x should apply the available patch immediately.

Secure-by-Design Foundations   News

Jul 31, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released updated guidance to help technology manufacturers and those who use their digital product or service to adopt secure-by-design principles.