Search

Technical example: Application control   Publication

Dec 16, 2022 - Application control restricts the ability of an application to run or install on a device. Application control makes it harder for users to intentionally or unintentionally install unwanted or malicious software.

Planning for post-quantum cryptography   Publication

Sep 22, 2025 - A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography insecure, thus making ubiquitous secure communications based on current public key cryptography technology infeasible. As the creation of a CRQC presents new cyber security risks, organisations are encouraged to consider anticipating future requirements and dependencies of vulnerable systems during the transition to post-quantum cryptography (PQC) standards.

Ransomware   Threat

Read through the following case studies and learn from other Australians about how ransomware has affected them.

New joint advice on artificial intelligence data security   News

May 23, 2025 - Learn about significant data security risks and best practices for securing data throughout the artificial intelligence (AI) system lifecycle.

Gateway security guidance package   Guidance

Jul 29, 2025 - This page lists publications on the hardening of gateway services.

Critical vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway Products   Alert

Jul 4, 2025 - The ASD's ACSC is aware of critical vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway Products (CVE-2025-5349, CVE-2025-5777).

Business Continuity in a Box   Guidance

Aug 21, 2024 - Business Continuity in a Box assists organisations to swiftly and securely stand up critical business functions during or following a cybersecurity incident that has affected the availability or trust of existing systems.

Russian GRU targeting Western logistics entities and technology companies   News

May 22, 2025 - We have released a joint advisory outlining the tactics, techniques and procedures of a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies.

Multiple Vulnerabilities In Ivanti Endpoint Manager Mobile (Ivanti EPMM)   Alert

May 14, 2025 - The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware of two vulnerabilities, one medium and one high severity, in Ivanti Endpoint Manager Mobile (EPMM). The ASD’s ACSC recommends organisations patch to the latest version of Ivanti EPMM, available through Ivanti’s download portal, and investigate whether their systems have been compromised.

New advice on implementing SIEM/SOAR platforms in your organisation   News

May 27, 2025 - ASD has published a publication series about Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms in collaboration with our international partners.

Malicious cyber actors using spyware to target individuals’ personal data   News

Apr 9, 2025 - New joint advisory on BADBAZAAR and MOONSHINE spyware.

Cybersecurity guidelines  

Jun 13, 2024 - Practical guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyberthreats.

Are you protected against ‘fast flux’?   News

Apr 4, 2025 - Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection by network defenders and law enforcement agencies.

Exploitation of existing Fortinet Vulnerabilities    Alert

Apr 11, 2025 - Fortinet has released information regarding exploitation of previously known vulnerabilities affecting Fortinet devices.
ASD’s ACSC recommends customers follow the advice contained in Fortinet’s advisory page.

Gateway security guidance package: Overview   Publication

Jul 29, 2025 - This page provides an overview of ASD’s Gateway security guidance package.

Become an ASD partner   Hub item

Register your interest in the Australian Signals Directorate’s Cyber Security Partnership Program and provide information about yourself and your organisation.

Updates to ASD’s Blueprint for Secure Cloud   News

Mar 18, 2025 - We have updated the Blueprint to reflect recent changes to Microsoft Purview.

Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457)   Alert

Apr 4, 2025 - Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD’s ACSC recommends customers follow the advice contained in Ivanti’s Security Advisory and assess their environments for malicious activity.

Next.js authentication bypass vulnerability (CVE-2025-29927)   Alert

Mar 25, 2025 - An authentication bypass in the middleware layer of Next.js can allow a remote attacker to bypass security checks. Customers should update to the patched version immediately.

Critical vulnerabilities in Ingress-NGINX Controller for Kubernetes   Alert

Mar 26, 2025 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting Ingress-NGINX Controller for Kubernetes. Customers should update to the latest patched version immediately.

Further cyber sanctions in response to Medibank Private cyberattack   News

Feb 12, 2025 - Today Australia has imposed targeted financial and travel sanctions on a cyber infrastructure entity – ZServers – and five of its Russian employees for their roles in providing infrastructure to host and disseminate data stolen from Medibank Private in 2022.

New zero trust guidance – seeking industry feedback   News

Feb 10, 2025 - Have your say on new Foundations for modern defensible architectures, including zero trust and secure-by-design principles.

"Bulletproof" hosting providers are not so bulletproof   News

Jan 22, 2025 - Many cybercriminals rely on Bulletproof Hosting (BPH) providers to carry out their unlawful activities. Read our new publication to find out more about the role that BPH providers play in the cybercrime ecosystem.

Are your organisation’s edge devices secure?   News

Feb 5, 2025 - New publication series for executives and IT practitioners on how to secure edge devices.

Convoluted layers: An artificial intelligence primer   Publication

May 21, 2025 - Rapid advances in artificial intelligence (AI), along with public releases of AI products, have prompted governments, businesses and criminals to accelerate efforts to incorporate this new technology into their operations. This advice provides definitions for some of the most commonly encountered AI terms in cybersecurity and a brief typology of cyber threats that will arise from AI.

Partner hub   Hub item

The Australian Signals Directorate’s Australian Cyber Security (ASD’s ACSC) Partnership Program enables Australian organisations and individuals to engage with the ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.

Australian Signals Directorate’s Cyber Security Partnership Program   Program page

The Australian Signals Directorate's Australian Cyber Security Partnership Program enables Australian organisations and individuals to engage with the ASD's ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.

Vulnerability in Fortinet’s FortiManager   Alert

Oct 24, 2024 - The ASD’s ACSC is aware of a vulnerability affecting all versions of Fortinet's FortiManager device that enables an unauthorised actor access to the FortiManager console (CVE-2024-47575). FortiManager devices provide centralised management of Fortinet devices from a single console.

Limited use obligation is now law   News

Dec 10, 2024 - On 29 November 2024, the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 became law.

Using Content Credentials to help mitigate cyber threats associated with generative AI   News

Jan 30, 2025 - With advanced AI tools, digital media can be created or modified convincingly with minimal effort and cost. Learn more about media provenance solutions to help end users verify the integrity of your organisation’s content.