Search

Critical vulnerability in ConnectWise’s ScreenConnect   Alert

Feb 25, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre ( ASD’s ACSC) is aware of a critical vulnerability affecting ConnectWise’s ScreenConnect. Customers should update to the patched version immediately.

High Severity vulnerability present in OpenSSL version 3.x   Alert

Nov 2, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a buffer overrun and buffer overflow vulnerability in OpenSSL versions above to 3.0. All Australian organisations using version 3.x should apply the available patch immediately.

Guidelines for personnel security   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.

Vulnerability Affecting BlackBerry QNX RTOS   Alert

Aug 18, 2021 - BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.

Property-related business email compromise scams rising in Australia   Alert

Aug 30, 2021 - Cybercriminals are targeting the property and real estate sector to conduct business email compromise scams. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods.

Manic Menagerie Investigation Report   Reports and statistics

Jan 29, 2019 - This report details technical findings and mitigation advice related to the extensive compromise of at least eight Australian web hosting providers investigated by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in May 2018.

Vulnerability in Ivanti Endpoint Manager Mobile (EPMM)   Alert

Jul 25, 2023 - This Alert is relevant to Australians who are running Ivanti EPMM. This alert is intended to be understood by slightly more technical users. Users are encouraged to immediately apply any available patches.

New joint advisory on PRC botnet operations released   News

Sep 19, 2024 - Protect your organisation and yourself from botnet operations.

Critical vulnerabilities in Ingress-NGINX Controller for Kubernetes   Alert

Mar 26, 2025 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting Ingress-NGINX Controller for Kubernetes. Customers should update to the latest patched version immediately.

Update your devices  

Jan 25, 2023 - Updates are new, improved, or fixed versions of software. Regular updates are critical in maintaining a secure system. It's important to check for any updates and make sure that automatic updates are switched on. 

Cloud shared responsibility model: Guidance for individuals and small and medium businesses    Publication

Oct 20, 2025 - This publication is for individuals and small and medium businesses that use or plan to use a cloud service. It explains what the shared responsibility model (SRM) is, and how responsibility for cloud security is shared between you and the cloud service provider (CSP).

COVID-19 malicious cyber activity   Alert

May 22, 2020 - Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme.

Update your devices to keep cybercriminals out   News

May 3, 2021 - Updating the software on electronic devices is one of the easiest and most important ways all Australians can defend against cybercriminals and be protected from online threats.

Critical Vulnerability in popular Java framework Apache Struts2   Alert

Dec 14, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about a critical Remote Code Execution (RCE) vulnerability in Apache Struts2. This primarily affects Java applications which use this framework. Apache Struts2 is widely used in enterprise and bespoke Java applications.

Guidelines for networking   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on networking.

Microsoft introduces Exchange Emergency Mitigation service   News

Oct 1, 2021 - Microsoft has launched a new optional protection for Microsoft Exchange servers.

Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors   Alert

Sep 24, 2021 - A vulnerability exists in certain versions of ManageEngine ADSelfService Plus. A cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian organisations should apply the available security update.

Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities   Alert

Nov 29, 2023 - A malicious actor can exploit the vulnerability to execute code remotely without authentication. Organisations using Citrix products NetScaler ADC and NetScaler Gateway, possibly including Government and medium to large organisations. Ensure the latest release of NetScaler ADC and NetScaler Gateway have been installed.

Protect your cryptographic keys and secrets from malicious cyber actors   News

Aug 26, 2025 - New guidance available for organisations using cryptographic keys and secrets.

Copy-paste compromises   Alert

Sep 16, 2020 - The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source.