Search

Joint cybersecurity advisory released on 2021's top routinely exploited vulnerabilities   News

Apr 28, 2022 - Malicious cyber actors are aggressively targeting newly-disclosed and dated critical software vulnerabilities against a broad range of targets, including public and private sector organisations worldwide.

Creating and maintaining a definitive view of your operational technology architecture   Publication

Oct 28, 2025 - How organisations who deploy or operate operational technology systems should build, maintain and store their systems understanding.

Small business cloud security guides: Executive overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

Identity theft   Threat

Nov 14, 2024 - Learn about how identity theft can affect you and how to keep your personal information secure.

SVR cyber actors adapt tactics for initial cloud access   Advisory

Feb 27, 2024 - How SVR-attributed actors are adapting to the move of government and corporations to cloud infrastructure.

New guidance for critical infrastructure on integrating AI securely into operational technology (OT) environments   News

Dec 4, 2025 - We have released guidance for critical infrastructure owners and operators for integrating AI into operational technology (OT) environments.

Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks   Advisory

Sep 16, 2020 - This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.

Privacy Awareness Week 2023   News

Apr 28, 2023 - The Australian Cyber Security Centre (ACSC) is supporting with the Office of the Australian Information Commissioner (OAIC) to support Privacy Awareness Week.

Malicious insiders   Threat

Jun 23, 2020 - Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cyber security at risk or spill data.

New guidance for mitigating risks from bulletproof hosting providers   News

Nov 20, 2025 - Get recommendations for ISPs and network defenders to counter cybercriminal activity enabled by bulletproof hosting providers without disrupting legitimate services.

IoT Secure by Design guidance for manufacturers   Publication

Sep 21, 2023 - This guidance has been produced for manufacturers in order to help them implement thirteen Secure by Design principles.

Managing cryptographic keys and secrets   Publication

Aug 26, 2025 - This guide has been developed to help organisational personnel in understanding the threat environment and the value of implementing secure keys and secrets management to make better informed decisions.

CI Fortify   Publication

Oct 13, 2025 - Actionable guidance for CI operators to isolate and rebuild critical services and OT systems during crisis or service disruption.

Preventing Web Application Access Control Abuse   Advisory

Jul 28, 2023 - The Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

Use our new guidance to create and maintain a definitive view of your organisation’s Operational Technology (OT) architecture   News

Oct 28, 2025 - Apply the 5 key principles of this guidance to build a holistic understanding of your operational technology (OT) systems and design appropriate, effective cyber security controls.

2020-006 Detecting and mitigating exploitation of vulnerability in Microsoft Internet Information Services   Advisory

May 22, 2020 - This advisory provides indicators of the activity the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed and details proactive advice on detecting and mitigating potential exploitation of this vulnerability in Microsoft Internet Information Services.

New guidance to help fortify Australia’s critical infrastructure   News

Oct 13, 2025 - Australian CI is, and will continue to be, an attractive target for state-sponsored cyber actors. Read the CI Fortify publication to learn two actions CI operators can take to strengthen their resilience in preparation for instances of crisis or service disruption.

Optus Data Breach   Alert

Sep 30, 2022 - To help protect against fraud, Optus has notified customers to look to reputable sources such as Moneysmart and the Office of the Australian Information Commissioner.

Technical example: Regular backups   Publication

Dec 16, 2022 - Implementing regular backups will assist your organisation to recover and maintain its operations in the event of a cybersecurity incident, for example, a ransomware attack.

Gateway security guidance package: Gateway security principles   Publication

Jul 29, 2025 - Guidance written for audiences responsible for the procurement, operation and management of gateways.