Search

Scams   Threat

Apr 21, 2023 - Online scams cost Australians millions of dollars each year and anyone can be targeted. Cybercriminals often use familiar brands and logos to make themselves seem reliable.

Travelling with mobile devices   Publication

Mar 26, 2024 - Learn how to keep mobile devices secure when travelling. This guidance provides advice from both an individual and organisational perspective.

Essential Eight maturity model changes   Publication

Nov 27, 2023 - This publication provides an overview of the changes for the November 2023 release.

Next.js authentication bypass vulnerability (CVE-2025-29927)   Alert

Mar 25, 2025 - An authentication bypass in the middleware layer of Next.js can allow a remote attacker to bypass security checks. Customers should update to the patched version immediately.

Small Business Cloud Security Guides: Introduction   Publication

Dec 16, 2022 - Securing your business can be a complex task. Among the numerous security priorities and configuration options, it can be difficult to know where to begin. These guides adapt ASD's ACSC’s Essential Eight mitigation strategies and outline an example of how each can be implemented to secure Microsoft 365 capabilities. The technical examples are designed to offer significant protection against cybersecurity incidents while remaining accessible to organisations with limited resources and cybersecurity expertise.

Critical vulnerabilities in Ingress-NGINX Controller for Kubernetes   Alert

Mar 26, 2025 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting Ingress-NGINX Controller for Kubernetes. Customers should update to the latest patched version immediately.

Fundamentals of Cross Domain Solutions   Publication

Oct 6, 2021 - This publication introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains.

Guidelines for information technology equipment   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on information technology equipment.

Critical remote code execution vulnerability found in the Log4j library   Alert

Dec 21, 2021 - A vulnerability (CVE-2021-44228) exists in certain versions of the Log4j library. A malicious cyber actor could exploit this vulnerability to execute arbitrary code. Australian organisations should apply latest patches immediately where Log4j is known to be used.

Critical Infrastructure Uplift Program (CI-UP)   Program page

Apr 16, 2024 - The Critical Infrastructure Uplift Program (CI-UP) offers a range of services that assist critical infrastructure (CI) partners to improve their resilience against cyberattacks.

Security tips for social media and messaging apps   Publication

Jul 14, 2022 - It's a great way to stay in touch and share content online. This guide covers the risks of using social media and messaging apps and what to look out for. It also covers ways to help keep accounts safe for business and personal use.

Small Business Cloud Security Guides   News

Dec 16, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released a series of guides designed to help small businesses secure their cloud environment.

2023 top routinely exploited vulnerabilities   Advisory

Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.

ASD's ACSC and partners alert organisations to top 2021 malware strains   News

Aug 5, 2022 - The top types of malicious software – or malware – seen by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and international partners through 2021 have been detailed, along with advice on how to counter them.

2023-03: ASD's ACSC Ransomware Profile – Lockbit 3.0   Advisory

Jun 15, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of Lockbit 3.0 which is the newest version of Lockbit ransomware. It is used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes as other variants such as encrypting their data, and extorting a ransom to return access to the sensitive files.

Spotting scams   Guidance

Learn how to identify phishing messages to stay safe and protect your personal information.

The silent heist: cybercriminals use information stealer malware to compromise corporate networks   Advisory

Sep 2, 2024 - Information stealer malware steals user login credentials and system information that cyber threat actors exploit, predominantly for monetary gain. Information stealers have been observed in attacks against multiple organisations and sectors worldwide, including Australia. This advisory provides readers with cyber security guidance on information stealers, including threat activity and mitigation advice for individuals and organisations.

An introduction to securing smart places   Publication

Nov 21, 2022 - Smart places, also known as smart cities, are places designed to provide enhanced services to citizens using a collection of smart information technology (IT)-enabled systems and devices that capture, communicate and analyse data. To achieve this purpose, previously discrete technologies and systems are interconnected to allow for large-scale coordination, real-time decision making, and increased visibility and situational awareness of the smart place’s status.

#StopRansomware: Play ransomware   Advisory

Jun 5, 2025 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Social engineering   Threat

May 29, 2025 - Social engineering is a significant threat to individuals and organisations, enabling malicious actors to compromise accounts, devices, systems or sensitive information.

Content Credentials: Strengthening Multimedia Integrity in the Generative AI Era   Publication

Jan 30, 2025 - This cybersecurity information sheet discusses how Content Credentials (especially Durable ones) can be valuable to protect the provenance of media, raises awareness of the state of this solution, provides recommended practices to ensure the preservation of provenance, and discusses the importance of widespread adoption across the information ecosystem.

Security configuration guide: Samsung Galaxy S10, S20 and Note 20 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Samsung Galaxy and Samsung Note devices and the security requirements that need to be met to allow them to handle classified data.

Cryptomining   Threat

Jun 23, 2020 - Cryptocurrency mining (cryptomining) uses the processing power of computers to solve complex mathematical problems and verify cybercurrency transactions. The miners are then rewarded with a small amount of cybercurrency.

Vulnerability in Fortinet’s FortiManager   Alert

Oct 24, 2024 - The ASD’s ACSC is aware of a vulnerability affecting all versions of Fortinet's FortiManager device that enables an unauthorised actor access to the FortiManager console (CVE-2024-47575). FortiManager devices provide centralised management of Fortinet devices from a single console.

Partner hub   Hub item

The Australian Signals Directorate’s Australian Cyber Security (ASD’s ACSC) Partnership Program enables Australian organisations and individuals to engage with the ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.

Page not found  

Jun 14, 2020 - Page not found for error 404

Incident response  

Apr 12, 2024 - This page lists publications on preparing for and responding to cybersecurity incidents.

Cybersecurity guidelines  

Jun 13, 2024 - Practical guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyberthreats.

Cyber Security for Operational Technology   News

Oct 2, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released new guidance to help critical infrastructure protect their systems and online supply chains.

FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability   Alert

Jan 15, 2025 - Fortinet has released information regarding an identified vulnerability in FortiOS version 7.0 and FortiProxy versions 7.0 and 7.2 instances. ASD’s ACSC recommends customers follow the advice contained in Fortinet’s notification.