Search

IRAP training partnership   News

Feb 23, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is partnering with organisations in South Australia and the ACT to deliver cyber security assessment training services for Australian business and organisations.

Content Credentials: Strengthening Multimedia Integrity in the Generative AI Era   Publication

Jan 30, 2025 - This cybersecurity information sheet discusses how Content Credentials (especially Durable ones) can be valuable to protect the provenance of media, raises awareness of the state of this solution, provides recommended practices to ensure the preservation of provenance, and discusses the importance of widespread adoption across the information ecosystem.

2022 Top Routinely Exploited Vulnerabilities   Advisory

Aug 4, 2023 - This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).

Ransomware targeting Australian aged care and healthcare sectors   Alert

Aug 2, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of increased targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.

Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange.   Alert

Oct 10, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Servers 2013, 2016 and 2019 (Exchange).

Cross Domain Solutions  

Dec 3, 2020 - This page lists publications on security domains and trust boundaries.

Risk management of enterprise mobility (including Bring Your Own Device)   Publication

Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.

Widespread exposure of vulnerability in cPanel   Alert

May 9, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a vulnerability affecting cPanel and cPanel managed websites. All Australian organisations should apply the available patches, and ensure staff are informed of the risks against their systems when clicking suspicious links.

Multiple vulnerabilities present in VMware products   Alert

Aug 4, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of multiple vulnerabilities in VMware products. Affected Australian organisations should take appropriate action.

Exchange server critical vulnerabilities   Alert

Apr 15, 2021 - On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling access to email accounts and to enable further compromise of the Exchange server and associated networks.

Incident response  

Apr 12, 2024 - This page lists publications on preparing for and responding to cybersecurity incidents.

Deploying AI Systems Securely   Publication

Apr 16, 2024 - AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.

Critical Vulnerability affecting Fortinet’s FortiClientEMS   Alert

Mar 22, 2024 - ASD’s ACSC is aware of a critical vulnerability (CVE-2023-48788) affecting Fortinet’s FortiClientEMS. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.

Email hardening  

Apr 11, 2023 - This page lists publications on the hardening of message exchange via electronic mail.

Iranian Government-Sponsored APT Cyber Actors   Alert

Nov 17, 2021 - FBI and CISA have observed an Iranian government-sponsored APT group that are exploiting vulnerabilities to gain access to systems. The APT group has exploited the same Microsoft Exchange vulnerability in Australia.

Multiple vulnerabilities present in F5 products   Alert

May 9, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a F5 Security Advisory Addressing Multiple Vulnerabilities in their BIG-IP Product Range. Affected Australian organisations should take appropriate action.

Increase in denial-of-service (DoS) attacks against Australian organisations   Advisory

Mar 17, 2025 - ASD's ACSC is aware of an increase in denial-of-service (DoS) attacks, where malicious actors flood websites with internet traffic, making it difficult for legitimate users to access them.

Securing Customer Personal Data for Small to Medium Businesses   News

Nov 17, 2023 - As data breaches increasingly impact Australian businesses and their customers, it’s crucial for businesses to improve their data security practices and ensure their customers’ personal data is handled appropriately.

Guidelines for cybersecurity incidents   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity incidents.

Secure mobility  

Feb 4, 2021 - This page lists publications on mobile device management and usage.

2020-011: Critical Vulnerability in SAP NetWeaver Application Server (CVE-2020-6287)   Advisory

Jul 14, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends users of these products urgently apply available security patches to prevent an adversary from exploiting this vulnerability.

Governance  

May 16, 2024 - This page lists publications on governance strategies that can be applied to improve cybersecurity within organisations.

Operational technology environments  

Oct 4, 2024 - This page lists publications on critical infrastructure and their supporting operational technology environments.

High Severity Vulnerability present in Microsoft Outlook for Windows   Alert

Mar 29, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a Microsoft Outlook for Windows vulnerability. All Australian organisations using all versions of Microsoft Outlook for Windows should apply the available patch immediately.

Vulnerability Affecting BlackBerry QNX RTOS   Advisory

Aug 17, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a vulnerability affecting the BlackBerry QNX, the world’s most prevalent real time operating system.

Gateway security guidance package: Gateway operations and management   Publication

Jul 29, 2022 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

Essential Eight explained   Publication

Nov 27, 2023 - This publication provides an overview of the Essential Eight.

Multiple vulnerabilities in Jenkins products   Alert

Jan 30, 2024 - ASD’s ACSC is aware of multiple vulnerabilities impacting Jenkins products including CVE 2024-23897 (Critical) & CVE-2024-23898 (High). Organisations using Jenkins products are strongly advised to follow the mitigation advice provided by Jenkins and patch affected versions.

Remote working  

Jul 30, 2024 - This page lists publications on working securely when away from the office environment.

The Commonwealth Cyber Security Posture in 2020   Reports and statistics

Jun 10, 2021 - The Commonwealth Cyber Security Posture Report in 2020 informs the Parliament of the status of the Commonwealth’s cybersecurity posture. Overall, the report found that Commonwealth entities continued to improve their cybersecurity in 2020. Ongoing effort is required to maintain the currency and effectiveness of cybersecurity measures.