Search

2021 Trends Show Increased Globalized Threat of Ransomware   Advisory

Feb 10, 2022 - This joint Cybersecurity Advisory—authored by cybersecurity authorities in the United States, Australia, and the United Kingdom—provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

Fast Flux: A national security threat   Advisory

Apr 4, 2025 - This advisory is for network defenders and explains how Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection. It highlights the importance of using a reputable Protective DNS (PDNS) provider that detects and blocks fast flux.

Cybersecurity Research Report   Reports and statistics

Dec 15, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) commissioned exploratory research to better understand audience awareness of cybersecurity threats and practices.

Publications  

Nov 3, 2022 - Find the latest cybersecurity publications.

Protecting against business email compromise   Publication

Oct 6, 2021 - Business email compromise is when malicious actors use email to abuse trust in business processes to scam organisations out of money or goods. Malicious actors can impersonate business representatives using similar names, domains or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.

Increased Global Ransomware Threats   Alert

Feb 10, 2022 - In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.

Gateway security guidance package: Gateway operations and management   Publication

Jul 29, 2022 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

Joint Cybersecurity Guide to increase cyber security of products globally   News

Apr 14, 2023 - This guide provides a roadmap for technology manufacturers to ensure security of their products.

How to become an IRAP Assessor   Program page

Aug 15, 2024 - IRAP Assessors are ASD-endorsed ICT professionals from across Australia who have the necessary experience and qualifications in ICT security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.

Cybercrime - getting help   Guidance

Apr 11, 2023 - If something has knocked you offline, check out the following information to help you get back up and running!

Choosing secure and verifiable technologies   Publication

Dec 5, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and international partners have provided recommendations in this guide as a roadmap for choosing secure and verifiable technologies.

New ASD’s ACSC guidance released to help Australians avoid risks related to social media and messaging applications   News

Jul 14, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has today released updated guidance to help all Australians better understand how social media and messaging apps can pose a risk to the security and privacy of individuals and organisations.

Guidelines for communications infrastructure   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications infrastructure.

Cyber security is essential when preparing for COVID-19   Advisory

Mar 13, 2020 - In light of the COVID-19 pandemic, organisations are developing strategies to protect staff and vulnerable members of our community.

ASD's ACSC Annual Cyber Threat Report, July 2019 to June 2020   Reports and statistics

Sep 3, 2020 - This report has been jointly produced by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the ACIC and the AFP, and is the first unclassified annual threat report since the ASD's ACSC became part of the ASD in July 2018. The report identifies and describes key cybersecurity threats targeting Australian systems and networks, and provides a range of examples and real-world case studies of malicious activity targeting Australian networks, between July 2019 and June 2020. It provides mitigation advice that all Australians and organisations can take to defend against these threats.

Essential Eight Assessment Course   Program page

Jul 3, 2023 - The Essential Eight Assessment Course will help you understand the intent and application of the Essential Eight, learn to use ASD designed tools, and accurately test the implementation of the Essential Eight.

Who are ASD's training providers?   Program page

Mar 23, 2021 - ASD endorses ICT training providers to develop and facilitate IRAP New Starter Training.

Copyright  

Information about the site's copyright

Mitigation strategies for edge devices: Practitioner guidance   Publication

Feb 4, 2025 - This publication expands on Mitigation strategies for edge devices: executive guidance. It provides IT practitioners with a list of mitigation strategies for the most common types of edge devices and appliances across enterprise networks and large organisations.

Guidelines for gateways   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.

Cybersecurity terminology   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity terminology.

Exploitation of existing Fortinet Vulnerabilities    Alert

Apr 11, 2025 - Fortinet has released information regarding exploitation of previously known vulnerabilities affecting Fortinet devices.
ASD’s ACSC recommends customers follow the advice contained in Fortinet’s advisory page.

Vulnerability Affecting BlackBerry QNX RTOS   Alert

Aug 18, 2021 - BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.

Essential Eight Maturity Model Update   News

Nov 27, 2023 - The Australian Signals Directorate has updated the Essential Eight Maturity Model (E8MM).

Managing the risks of legacy IT: Executive guidance   Publication

Jun 12, 2024 - This publication provides high-level and strategic guidance for an organisation’s executive seeking to manage the risks of legacy IT.

Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457)   Alert

Apr 4, 2025 - Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD’s ACSC recommends customers follow the advice contained in Ivanti’s Security Advisory and assess their environments for malicious activity.

U.S., U.K., and Australia Issue Joint Cybersecurity Advisory   News

Jul 28, 2021 - Cyber Agencies Share Top Routinely Exploited Vulnerabilities

New advice on implementing SIEM/SOAR platforms in your organisation   News

May 27, 2025 - ASD has published a publication series about Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms in collaboration with our international partners.

An introduction to artificial intelligence   Publication

Nov 24, 2023 - Artificial intelligence (AI) is an emerging technology that will play an increasingly influential role in the everyday life of Australians.

Guidelines for communications systems   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications systems.