Skip to main content
Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam

Report

Contact us

Portal login

  • About us

    About us

    Learn about who we are and what we do.

    About us
    • About ASD's ACSC
      • Who we are
      • Alerts and advisories
      • News
      • Reports and statistics
      • Contact us
  • Learn the basics

    Learn the basics

    Interactive tools and advice to boost your online safety.

    Learn cyber security Sign up for alerts
    • Explore the basics
      • Recognise and report scams
      • Set secure passphrases
      • Set up and perform regular backups
      • Turn on multi-factor authentication
      • Update your devices
      • Watch out for threats
      • Small business
      • Seniors
    • View resources
      • Glossary
      • Quiz library
      • Resources library
      • Translated Information
  • Protect yourself

    Protect yourself

    Advice and information about how to protect yourself online.

    Protect yourself Easy steps to secure yourself online Sign up for alerts
    • Securing your accounts
      • Multi-factor authentication
      • Passphrases
      • Passkeys
    • Securing your devices
      • How to secure your devices
      • How to back up your files and devices
      • How to update your device and software
    • Securing your email
      • Email security
    • Staying secure online
      • Connecting with others online
      • Protect yourself from scams
      • Online shopping
      • Connecting to public Wi-Fi and hotspots
      • Secure your Wi-Fi and router
      • Cybersecurity for charities and not-for-profits
    • Resources to protect yourself
      • Protecting your family
      • Personal cyber security guides
  • Threats

    Threats

    Common online security risks and advice on what you can do to protect yourself.

    Threats Report a cybercrime Sign up for alerts
    • Types of threats
      • Account compromise
      • Business email compromise
      • Cryptomining
      • Data breaches
      • Hacking
      • Identity theft
      • Information stealer
      • Malicious insiders
      • Malware
      • Phishing
      • Quishing
      • Ransomware
      • Scams
      • Social engineering
  • Report and recover

    Report and recover

    Respond to cyber threats and take steps to protect yourself from further harm.

    Report and recover Make a report Sign up for alerts
    • Report
      • Report a cybercrime, incident or vulnerability
      • Cybercrime - getting help
      • Single Reporting Portal
    • How we help during a cybersecurity incident
      • ASD’s role in cybersecurity: For legal practitioners
      • Supporting Australian organisations through a cybersecurity incident
      • Limited Use
    • Recover from
      • Account compromise
      • Business email compromise
      • Data breaches
      • Hacking
      • Identity theft
      • Malware
      • Ransomware
      • Scams
  • Resources for Business and Government

    Resources for business and government

    Resources for business and government agencies on cyber security.

    Resources for business and government Become an ASD partner Alerts and advisories Exercise in a Box
    • Essential cybersecurity
      • Critical Infrastructure
      • Essential Eight
      • Information security manual
      • Protecting your business and employees
      • Publications
      • Small business cyber security
      • Strategies to mitigate cyber security incidents
    • Maintaining devices and systems
      • Operational technology environments
      • ASD's Blueprint for Secure Cloud
      • Cloud security guidance
      • Outsourcing and procurement
      • Remote working and secure mobility
      • System hardening and administration
    • Governance and user education
      • Governance
      • User education
      • Artificial intelligence
      • Incident response
      • Modern defensible architecture
      • Secure by Design
    • Assessment and evaluation programs
      • Australian Information Security Evaluation Program (AISEP)
      • Critical Infrastructure Uplift Program (CI-UP)
      • Emanation Security Program
      • High Assurance Evaluation Program
      • Infosec Registered Assessors Program (IRAP)
      • Essential Eight Assessment Course
  • Contact us
  • Report a cybercrime or cyber security incident
  • Portal login
Australian Cyber
Security Hotline
1300 CYBER1 (1300 292 371)

Search

Filter results by

Content type

  • Advice and guidance
  • Alerts and advisories
  • News and media releases
  • Programs
  • Publications
  • Reports and statistics
  • Threats

Audience

  • Individuals & families
  • Small & medium businesses
  • Organisations & Critical Infrastructure
  • Government

Displaying search results for
Displaying 31 - 60 of 567 results.

Applied filters
Clear all filters

/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/gateway-hardening/gateway-security-guidance-package-overview

Gateway security guidance package: Overview   Publication

Jul 29, 2025 - This page provides an overview of ASD’s Gateway security guidance package.

Government
/resources-business-and-government/essential-cybersecurity/ism/cybersecurity-guidelines/guidelines-gateways

Guidelines for gateways   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.

Organisations & Critical Infrastructure
Government
/about-us/alerts/remote-code-execution-vulnerability-present-fortinet-devices

Remote code execution vulnerability present in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component   Alert

Nov 11, 2021 - A vulnerability has been identified in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component. Affected Australian organisations should apply the available update as soon as possible.

Organisations & Critical Infrastructure
Government
/resources-business-and-government/governance-and-user-education/incident-response/planning-critical-vulnerabilities-what-board-directors-needs-know

Planning for critical vulnerabilities: What the board of directors needs to know   Publication

Dec 14, 2023 - This publication provides information on why it is important that the board of directors is aware of and plan for critical vulnerabilities that have the potential to cause major cybersecurity incidents.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/learn-basics/explore-basics/small-business

Small business  

Jun 15, 2023 - Basic steps to protect your business and staff from cyberthreats. Our guide has information and resources to help you and your staff prepare for cyberattacks.

/about-us/view-all-content/alerts-and-advisories/2023-top-routinely-exploited-vulnerabilities

2023 top routinely exploited vulnerabilities   Advisory

Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/view-all-content/alerts-and-advisories/exploitation-vulnerabilities-affecting-cisco-firewall-platforms

Exploitation of vulnerabilities affecting Cisco firewall platforms   Alert

Apr 25, 2024 - This alert has been written for the IT teams of organisations and government. Entities are strongly encouraged to take immediate action to ensure affected devices are patched and investigate for potential compromise.

Organisations & Critical Infrastructure
Government
/about-us/advisories/2021-top-routinely-exploited-vulnerabilities

2021 Top Routinely Exploited Vulnerabilities   Advisory

Apr 28, 2022 - This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/network-hardening/securing-edge-devices/guidance-on-digital-forensics-and-protective-monitoring-specifications-for-producers-of-network-devices-and-appl

Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances   Publication

Feb 5, 2025 - This guidance has been developed with contributions from partnering agencies and is included in a series of publications aiming to draw attention to the importance of edge device cyber security measures.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/alerts/critical-vulnerability-sap-netweaver-application-server-cve-2020-6287

Critical vulnerability for SAP NetWeaver Application Server (CVE-2020-6287)   Alert

Jul 14, 2020 - On 13 July 2020 (United States EST), enterprise resource planning provider SAP released a security patch for a critical vulnerability affecting the Java component LM Configuration Wizard within the SAP NetWeaver Application Server.

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/advisories/2020-011-critical-vulnerability-sap-netweaver-application-server-cve-2020-6287

2020-011: Critical Vulnerability in SAP NetWeaver Application Server (CVE-2020-6287)   Advisory

Jul 14, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends users of these products urgently apply available security patches to prevent an adversary from exploiting this vulnerability.

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/view-all-content/alerts-and-advisories/critical-vulnerability-in-popular-java-framework-apache-struts-2

Critical Vulnerability in popular Java framework Apache Struts2   Alert

Dec 14, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about a critical Remote Code Execution (RCE) vulnerability in Apache Struts2. This primarily affects Java applications which use this framework. Apache Struts2 is widely used in enterprise and bespoke Java applications.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/advisories/iranian-government-sponsored-apt-cyber-actors-exploiting-microsoft-exchange-and-fortinet-vulnerabilities-furtherance-malicious-activities

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities   Advisory

Nov 22, 2021 - Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organisations.

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/news/joint-cybersecurity-advisory-released-2021s-top-routinely-exploited-vulnerabilities

Joint cybersecurity advisory released on 2021's top routinely exploited vulnerabilities   News

Apr 28, 2022 - Malicious cyber actors are aggressively targeting newly-disclosed and dated critical software vulnerabilities against a broad range of targets, including public and private sector organisations worldwide.

Organisations & Critical Infrastructure
Government
/about-us/view-all-content/alerts-and-advisories/2022-top-routinely-exploited-vulnerabilities

2022 Top Routinely Exploited Vulnerabilities   Advisory

Aug 4, 2023 - This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/media-releases/joint-statement-digital-transformation-agency-and-australian-signals-directorate-secure-internet-gateways-update

Joint statement - Digital Transformation Agency and Australian Signals Directorate - Secure Internet Gateways update   News

Nov 1, 2021 - The Australian Government is further strengthening the ICT systems of Government entities by enhancing its Secure Internet Gateway (SIG) policy and through the Cyber Hubs initiative. The Digital Transformation Agency (DTA) is working on these initiatives with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).

Government
/about-us/view-all-content/alerts-and-advisories/os-command-injection-vulnerability-in-globalprotect-gateway

OS Command Injection Vulnerability in GlobalProtect Gateway   Alert

May 3, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-3400) that enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Small & medium businesses
Organisations & Critical Infrastructure
/about-us/view-all-content/news-and-media/the-silent-heist-info-stealer-malware-used-to-compromise-corporate-networks

The Silent Heist: Cybercriminals use information stealer malware to compromise corporate networks   News

Sep 2, 2024 - New advisory released on information stealer malware used in cybercrime attacks.

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
/resources-business-and-government/essential-cybersecurity/ism/cybersecurity-guidelines/guidelines-personnel-security

Guidelines for personnel security   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.

Organisations & Critical Infrastructure
Government
/resources-business-and-government/essential-cybersecurity/small-business-cybersecurity/small-business-cloud-security-guide/small-business-cloud-security-guides-executive-overview

Small Business Cloud Security Guides: Executive Overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

Small & medium businesses
/about-us/alerts/remote-code-execution-vulnerability-present-sophos-firewall

Remote code execution vulnerability present in Sophos Firewall   Alert

Mar 30, 2022 - A vulnerability (CVE-2022-1040) has been identified in Sophos Firewall prior to version 18.5 which could allow a malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/view-all-content/news-and-media/cyber-threat-actors-compromising-networks-major-global-telecommunications-providers

Cyber threat actors compromising networks of major global telecommunications providers    News

Dec 4, 2024 - New guidance is available for network defenders of communications infrastructure to strengthen visibility and harden devices against PRC-affiliated and other malicious cyber actors.

Organisations & Critical Infrastructure
Government
/about-us/alerts/multiple-vulnerabilities-present-spring-framework-java

Multiple vulnerabilities present in the Spring Framework for Java   Alert

Apr 4, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of media reporting relating to multiple potential vulnerabilities, including the so-called SpringShell vulnerability, in the Java Spring framework and its execution environments. These vulnerabilities pose a threat to organisations running applications on the web which contain components using the Java Spring framework.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/view-all-content/alerts-and-advisories/critical-vulnerability-connectwises-screenconnect

Critical vulnerability in ConnectWise’s ScreenConnect   Alert

Feb 25, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre ( ASD’s ACSC) is aware of a critical vulnerability affecting ConnectWise’s ScreenConnect. Customers should update to the patched version immediately.

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/alerts/critical-vulnerabilities-citrix-gateway-and-application-delivery-controller-adc-devices

Critical vulnerabilities in Citrix Gateway and Application Delivery Controller (ADC) devices   Alert

Dec 14, 2022 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a critical vulnerability affecting many versions of Citrix Gateway and ADC. All Australian operators should check for indicators of compromise and install the latest updated versions.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/advisories/2020-001-4-remediation-critical-vulnerability-citrix-application-delivery-controller-and-citrix-gateway

2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway   Advisory

Jan 13, 2020 - On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/gateway-hardening/gateway-security-guidance-package-gateway-operations-management

Gateway security guidance package: Gateway operations and management   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

Government
/about-us/alerts/active-exploitation-critical-vulnerability-citrix-application-delivery-controller-and-citrix-gateway

Active exploitation of critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway   Alert

Jan 13, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of ongoing attempts to exploit a critical vulnerability in Citrix Application Delivery Controller (ADC) (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/network-hardening

Network hardening  

Apr 11, 2023 - This page lists publications on the hardening of network infrastructure.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/gateway-hardening/gateway-security-guidance-package-gateway-technology-guides

Gateway security guidance package: Gateway technology guides   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.

Government

Pagination

  • First page « First
  • Previous page ‹‹
  • Page 1
  • Current page 2
  • Page 3
  • Page 4
  • Page 5
  • Page 6
  • Page 7
  • Page 8
  • Page 9
  • …
  • Next page ››
  • Last page Last »
Report a cyber security incident for critical infrastructure
Get alerts on new threats Alert Service
Become an ASD Partner
Report a cybercrime or cyber security incident
Acknowledgement of Country Circle
Acknowledgement of Country

We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities.
We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Australian Cyber Security Hotline 1300 CYBER1 (1300 292 371)
  • Contact us
  • Glossary
  • View all content
  • Copyright
  • Privacy
  • Accessibility
  • Disclaimer
  • Careers
  • Social media terms of use

Popular pages

  • Essential Eight
  • Alerts and advisories
  • Information Security Manual
Authorised by the Australian Government, Canberra