You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 241 - 260 of 459 results.
Best practices for event logging and threat detection News
Aug 22, 2024 - Today we have released new event logging guidance, alongside our international partners, that defines the baseline for logging best practices to mitigate malicious cyber threats.
IoT Secure by Design guidance for manufacturers Publication
Sep 21, 2023 - This guidance has been produced for manufacturers in order to help them implement thirteen Secure by Design principles.
Widespread outages relating to CrowdStrike software update Alert
Jul 21, 2024 - A CrowdStrike software update has led to outages impacting Windows systems.
Guidelines for gateways Advice
Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.
Malicious insiders Threat
Jun 23, 2020 - Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cyber security at risk or spill data.
Log4j: What Boards and Directors Need to Know Advisory
Jan 7, 2022 - Log4j is a software library used as a building block found in a wide variety of Java applications. The Log4j vulnerability – otherwise known as Log4Shell – is trivial to exploit, and represents a significant business continuity risk. This publication outlines what Boards and Directors need to know in order to protect their businesses.
COVID-19 malicious cyber activity Alert
May 22, 2020 - Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme.
Content credentials: Strengthening multimedia integrity in the generative AI era Publication
Jan 30, 2025 - This cyber security information sheet discusses how Content Credentials (especially Durable ones) can be valuable to protect the provenance of media, raises awareness of the state of this solution, provides recommended practices to ensure the preservation of provenance, and discusses the importance of widespread adoption across the information ecosystem.
Delivering the goods in cyber security resilience to the transport and logistics sector News
Oct 27, 2022 - National Cyber Security Exercise Series: Australia’s transport and logistics sector – May to August 2023
FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability Alert
Jan 15, 2025 - Fortinet has released information regarding an identified vulnerability in FortiOS version 7.0 and FortiProxy versions 7.0 and 7.2 instances. ASD’s ACSC recommends customers follow the advice contained in Fortinet’s notification.
CISA, FBI, NSA, and international partners issue advisory on demonstrated threats and capabilities of Russian state-sponsored and cyber criminal actors News
Apr 22, 2022 - Since Russia’s invasion of Ukraine in February, the risk of malicious cyber operations by Russian state-sponsored and criminal cyber actors has increased. The threats to critical infrastructure could impact organisations both within and beyond Ukraine.
Guidelines for system hardening Advice
Mar 17, 2026 - This chapter of the Information security manual (ISM) provides guidance on system hardening.
Foundations for OT cybersecurity: Asset inventory guidance for owners and operators Publication
Aug 14, 2025 - This guidance outlines how OT owners and operators can create and maintain an asset inventory and OT taxonomy, to protect their most vital assets. It includes steps for defining scope and objectives for the inventory, identifying assets, collecting attributes, creating a taxonomy, managing data, and implementing asset life cycle management.
OS Command Injection Vulnerability in GlobalProtect Gateway Alert
May 3, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-3400) that enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud computing security for cloud service providers Publication
Jan 18, 2024 - This publication is designed to assist cloud service providers (CSPs) in offering secure cloud services. It can also assist assessors in validating the security posture of a cloud service, which is often verified through an Infosec Registered Assessors Program (IRAP) assessment of the CSP services.
Securing customer personal data Guidance
Jul 23, 2025 - This guide is focused specifically on the protection of customers’ personal data. Guidance on general cyber security for businesses can be found in the Small business cyber security guide and the Strategies to mitigate cyber security incidents published by ASD’s ACSC.
Joint advisory on top cyber vulnerabilities News
Jul 28, 2021 - The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.
Exercise in a Box is here News
Nov 17, 2022 - This service provides an all in one platform that your organisation can use to assess and improve its cyber security practices in your own time, in a safe environment, and as many times as you want.
Multiple key vulnerabilities identified in Microsoft products Alert
Oct 13, 2021 - Multiple key vulnerabilities were identified in Microsoft’s 12 October 2021 patch release. While all vulnerabilities addressed in this release are important to mitigate the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) wishes to highlight several vulnerabilities for priority consideration.
Quantum technology primer: Communications Publication
Mar 18, 2026 - Learn about quantum communications, their cyber security impacts, current limitations, and the potential risks organisations should consider.
