You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 151 - 180 of 257 results.
Multiple key vulnerabilities identified in Microsoft products Alert
Oct 13, 2021 - Multiple key vulnerabilities were identified in Microsoft’s 12 October 2021 patch release. While all vulnerabilities addressed in this release are important to mitigate the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) wishes to highlight several vulnerabilities for priority consideration.
Security configuration guide: Apple iOS 14 devices Publication
Oct 6, 2021 - ASD has developed this guide to assist Australians to understand risks when deploying iOS 14 devices and the security requirements that need to be met to allow them to handle classified data.
Ten things to know about data security Publication
May 16, 2024 - This publication has been developed to assist business owners and information technology managers, particularly those unfamiliar with cybersecurity, with ten things they should know about data security.
Australian organisations encouraged to urgently adopt an enhanced cyber security posture Alert
Mar 28, 2022 - Australian organisations are encouraged to urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.
For business and government
Resources for business and government on cyber security.
Guidelines for secure AI system development Publication
Nov 27, 2023 - This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. This document is aimed primarily at providers of AI systems who are using models hosted by an organisation, or are using external application programming interfaces (APIs).
Privacy
Oct 24, 2022 - The cyber.gov.au website, including the cyber incident reporting portal (ReportCyber), is operated by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC). The ASD's ACSC is part of the Australian Signals Directorate (ASD), an Australian Government agency.
Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services Advisory
May 8, 2020 - The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:
Marketing and filtering email service providers Publication
Oct 6, 2021 - This publication provides high level guidance on how to use email service providers (ESPs) in particular deployment scenarios. The considerations and controls described in that publication also apply to ESPs sending email on other organisations’ behalf.
End of support for Microsoft Windows and Microsoft Windows server Publication
Sep 4, 2025 - Support for Microsoft Windows and Microsoft Windows Server users following the expiration of the specified servicing timeline.
2021-006: ASD's ACSC Ransomware Profile - Lockbit 2.0 Advisory
Aug 5, 2021 - The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.
Deploying AI systems securely Publication
Apr 16, 2024 - AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.
Safe software deployment: How software manufacturers can ensure reliability for customers Publication
Oct 25, 2024 - It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements.
2023-01: ASD's ACSC Ransomware Profile - Royal Advisory
Jan 24, 2023 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.
Updates to ASD’s Blueprint for Secure Cloud News
Mar 18, 2025 - We have updated the Blueprint to reflect recent changes to Microsoft Purview.
Cyber Security Awareness Month 2025
Sep 30, 2024 - Take action to protect your networks and digital infrastructure now and into the future.
2023-03: ASD's ACSC Ransomware Profile – Lockbit 3.0 Advisory
Jun 15, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of Lockbit 3.0 which is the newest version of Lockbit ransomware. It is used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes as other variants such as encrypting their data, and extorting a ransom to return access to the sensitive files.
Iranian cyber actors’ brute force and credential access activity compromises critical infrastructure Advisory
Oct 17, 2024 - The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn network defenders on Iranian cyber actors’ compromising, frequently using brute force attacks, organizations across multiple critical infrastructure sectors, including the healthcare and public health (HPH), government, information technology, engineering, and energy sectors. The actors likely aim to obtain credentials and information describing the victim’s network that can then be sold to enable access to cybercriminals.
Guidelines for system hardening Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system hardening.
Essential Eight Maturity Model Update News
Nov 27, 2023 - The Australian Signals Directorate has updated the Essential Eight Maturity Model (E8MM).
Vulnerability in Progress Kemp products Alert
Feb 22, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-1212) that affects all Progress Kemp LoadMaster releases after 7.2.48.1. Organisations are strongly encouraged to take immediate action to patch relevant systems.
ABC Radio interview with Head of ACSC News
Mar 31, 2021 - Abigail Bradshaw CSC, Head of Australian Cyber Security Centre, interview with Fran Kelly on ABC Radio National, 31 March 2021.
Critical security vulnerability affecting Apache Struts2 below 6.4.0. Alert
Dec 13, 2024 - ASD’s ACSC is aware of a critical vulnerability impacting Apache Struts2 below 6.4.0 (CVE-2024-53677).
Update your small business cyber security News
Jun 12, 2024 - Resources to help protect small businesses from cyber threats.
Do you purchase technology for your organisation? News
Dec 5, 2024 - Updated guidance and new guidance for executives now available for Choosing secure and verifiable technologies.
New Secure-by-Design publication released in collaboration with international partners News
May 15, 2024 - Today, the Australian Signals Directorate has released a new Secure-by-Design advisory, Choosing Secure and Verifiable Technologies, developed and co-sealed with our Five Eyes partners.
New joint advisory on PRC botnet operations released News
Sep 19, 2024 - Protect your organisation and yourself from botnet operations.
Multiple high severity vulnerabilities discovered in the Exim mail server Alert
May 10, 2021 - Exim vulnerabilities could enable a malicious cyber actor to compromise vulnerable Exim servers. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) strongly recommends applying available patches.
Multiple vulnerabilities in Jenkins products Alert
Jan 30, 2024 - ASD’s ACSC is aware of multiple vulnerabilities impacting Jenkins products including CVE 2024-23897 (Critical) & CVE-2024-23898 (High). Organisations using Jenkins products are strongly advised to follow the mitigation advice provided by Jenkins and patch affected versions.
Phone and email scammers impersonating the ASD's ACSC Alert
Jan 19, 2022 - The Australian government will NEVER phone you to request access to your computer, or request you to purchase cryptocurrencies or gift cards. If you receive a suspicious phone call, take the caller's details, hang up and contact the company they claim to represent via official communication channels listed on their website. Never call a number provided by the scammer.
