You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 121 - 150 of 235 results.
IoT Secure by Design guidance for manufacturers Publication
Sep 21, 2023 - This guidance has been produced for manufacturers in order to help them implement thirteen Secure by Design principles.
Are your organisation’s edge devices secure? News
Feb 5, 2025 - New publication series for executives and IT practitioners on how to secure edge devices.
Cybersecurity guidelines
Jun 13, 2024 - Practical guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyberthreats.
Gateway security guidance package: Overview Publication
Jul 29, 2022 - This page provides an overview of ASD’s Gateway security guidance package.
2022-004: ASD's ACSC Ransomware Profile – ALPHV (aka BlackCat) Advisory
Apr 14, 2022 - ALPHV (aka BlackCat, Noberus) is a ransomware variant first observed in late 2021, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia.
Fast Flux: A national security threat Advisory
Apr 4, 2025 - This advisory is for network defenders and explains how Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection. It highlights the importance of using a reputable Protective DNS (PDNS) provider that detects and blocks fast flux.
2023 top routinely exploited vulnerabilities Advisory
Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets. The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.
Security configuration guide: Samsung Galaxy S10, S20 and Note 20 devices Publication
Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Samsung Galaxy and Samsung Note devices and the security requirements that need to be met to allow them to handle classified data.
Implementing certificates, TLS, HTTPS and opportunistic TLS Publication
Oct 6, 2021 - Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information.
Annual Cyber Threat Report 2023-2024 Reports and statistics
Nov 20, 2024 - ASD’s Annual Cyber Threat Report 2023–24 provides an overview of the key cyber threats impacting Australia, how ASD’s ACSC is responding and cyber security advice for Australian individuals, organisations and government to protect themselves online.
Securing edge devices
Feb 4, 2025 - Malicious actors often target internet-facing edge devices to gain unauthorised access to enterprise networks. Learn how to secure edge devices such as routers, firewalls and VPN concentrators.
Infosec Registered Assessors Program (IRAP) Program page
Aug 15, 2024 - The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.
Guidelines for personnel security Advice
Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.
Remote access to operational technology environments Publication
Mar 28, 2023 - Many critical infrastructure providers are moving to support remote working arrangements. In doing so, modifying cybersecurity defences for operational technology environments (OTE) is not a decision that should be taken lightly.
Travelling with mobile devices Publication
Mar 26, 2024 - Learn how to keep mobile devices secure when travelling. This guidance provides advice from both an individual and organisational perspective.
Best practices for event logging and threat detection Publication
Aug 22, 2024 - This publication defines a baseline for event logging best practices to mitigate cyberthreats.
Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services Alert
May 8, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is aware that Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities.
Industrial control systems: Remote access protocol Publication
Oct 6, 2021 - External parties may need to connect remotely to critical infrastructure control networks. This access is to allow the manufacturers of equipment used in Australia’s critical infrastructure the ability to maintain the equipment, when a fault is experienced that cannot be fixed in the required timeframe any other method.
Marketing and filtering email service providers Publication
Oct 6, 2021 - This publication provides high level guidance on how to use email service providers (ESPs) in particular deployment scenarios. The considerations and controls described in that publication also apply to ESPs sending email on other organisations’ behalf.
#StopRansomware: Play ransomware Advisory
Jun 5, 2025 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
How to combat fake emails Publication
Oct 6, 2021 - Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration. Using DMARC with DomainKeys Identified Mail (DKIM) to sign emails provides further safety against fake emails. Likewise, organisations can better protect their users against fake emails by ensuring their email systems use and apply SPF, DKIM and DMARC policies on inbound email.
Antivirus software Guidance
Apr 11, 2023 - The consequences of viruses, spyware and other malicious software can be serious and far reaching. Follow our guidance about using antivirus software.
Secure your Microsoft Windows device Guidance
Nov 29, 2024 - Your Microsoft Windows device often holds your most important data. Use these simple steps to protect your device from cyberattacks.
2021 Top Routinely Exploited Vulnerabilities Advisory
Apr 28, 2022 - This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
COVID-19 themed malicious cyber activity Advisory
Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.
Malicious email mitigation strategies Publication
Oct 6, 2021 - Socially engineered emails containing malicious attachments and embedded links are routinely used in targeted cyber intrusions against organisations. This publication has been developed to provide mitigation strategies for the security risks posed by these malicious emails.
The Case for Memory Safe Roadmaps Publication
Dec 7, 2023 - This guidance provides manufacturers with steps to create memory safe roadmaps and implement changes to eliminate memory safety vulnerabilities from their products.
Threat update: COVID-19 malicious cyber activity 27 March 2020 Advisory
2022 Top Routinely Exploited Vulnerabilities Advisory
Aug 4, 2023 - This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).
ASD Cyber Threat Report 2022-2023 Reports and statistics
Nov 14, 2023 - The ASD's Cyber Threat Report is ACSC’s flagship unclassified publication. The Report provides an overview of key cyberthreats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online
