Search

APT exploitation of Fortinet Vulnerabilities   Alert

Apr 3, 2021 - Advanced Persistent Threat (APT) actors targeting historic Fortinet vulnerabilities.

Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services   Alert

Sep 16, 2021 - A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.

ASD's ACSC Annual Cyber Threat Report, July 2020 to June 2021   Reports and statistics

Sep 15, 2021 - The ASD's ACSC Annual Cyber Threat Report 2020–21 has been produced by the Australian Cyber Security Centre, with contributions from the Defence Intelligence Organisation (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organisation (ASIO), The Department of Home Affairs and industry partners.

Critical vulnerabilities present in certain versions of Apple iOS, macOS and Safari   Alert

Sep 14, 2021 - Vulnerabilities have been identified in certain versions of Apple iOS, macOS and Safari which could allow an actor to install malware or perform other actions on a vulnerable device or computer.

SonicWall Breach   Alert

Feb 4, 2021 - SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.

SonicWall devices targeted with ransomware utilising stolen credentials   Alert

Aug 3, 2021 - SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of likely related activity targeting Australian organisations.

Barracuda Email Security Gateway (ESG) malicious activity – additional Indicators of Compromise released   Alert

Dec 25, 2023 - Update: ASD's ACSC is aware of active exploitation of a third party library, Spreadsheet::ParseExcel, leading to potential Arbitrary Code Execution in Barracuda ESG appliances (CVE-2023-7101 and CVE-2023-7102).

CISA, FBI, NSA, and international partners issue advisory on demonstrated threats and capabilities of Russian state-sponsored and cyber criminal actors   News

Apr 22, 2022 - Since Russia’s invasion of Ukraine in February, the risk of malicious cyber operations by Russian state-sponsored and criminal cyber actors has increased. The threats to critical infrastructure could impact organisations both within and beyond Ukraine.

Exercise in a Box is here   News

Nov 17, 2022 - This service provides an all in one platform that your organisation can use to assess and improve its cyber security practices in your own time, in a safe environment, and as many times as you want.

How to become an IRAP Assessor   Program page

Aug 15, 2024 - IRAP Assessors are ASD-endorsed ICT professionals from across Australia who have the necessary experience and qualifications in ICT security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.

Who we are  

Oct 25, 2022 - Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) leads the Australian Government’s efforts to improve cyber security. Our role is to help make Australia the most secure place to connect online.

Potential Accellion File Transfer Appliance compromise   Alert

Feb 25, 2021 - The ACSC has identified Australian organisations that may have been impacted by the Accellion File Transfer Appliance vulnerability and have provided mitigation recommendations.

Revised patch released to disable mitigation against Spectre variant 2   Advisory

Jan 29, 2020 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.

Advice for Malicious Cyber Activity by Iran   News

Sep 15, 2022 - Australian organisations are urged to be alert to continued malicious cyber activity conducted by Advanced Persistent Threat (APT) actors, assessed to be affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).

ASD's ACSC Threat Report 2015   Reports and statistics

Jul 15, 2015 - This report describes the range of cyber adversaries targeting Australian networks, their motives, and the type of malicious activities they are conducting and their impact on Australian networks during 2014. It also offers mitigation advice on how organisations can defend against these activities.

Critical vulnerability in certain Hikvision products, IP cameras   Alert

Sep 22, 2021 - A critical vulnerability exists in Hikvision products, including IP cameras, which could allow a cyber actor to take full control of the device. Affected Australian customers should apply an appropriate firmware update provided by Hikvision.

Suspected user credentials stolen from FortiNet devices leaked online   Alert

Sep 10, 2021 - A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.

Remote code execution vulnerability present in certain versions of Atlassian Confluence   Alert

Sep 1, 2021 - A vulnerability exists in certain self-hosted versions of Atlassian Confluence which could allow a malicious cyber actor to execute arbitrary code. Affected organisations should apply the available patch to mitigate this vulnerability.

ASD's ACSC cyber security challenge   News

Aug 27, 2021 - Would you like to put your cyber incident response skills to the test?

Joint advisory on top cyber vulnerabilities   News

Jul 28, 2021 - The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.

Small Business Cloud Security Guides   News

Dec 16, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released a series of guides designed to help small businesses secure their cloud environment.

2020-002: Critical Vulnerabilities for Microsoft Windows, Patch Urgently   Advisory

Jan 15, 2020 - If you or your organisation uses any of the affected products, the ACSC recommends that you apply the patches urgently.

Information Security Registered Assessor Program (IRAP)   News

Dec 15, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is further enhancing cyber security assessment and training, improving cyber skills, and creating new cyber careers for Australians through the Information Security Registered Assessor Program (IRAP).

Meltdown and Spectre patches unsuitable for some security products   Advisory

Jan 11, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of reporting that a variety of security products (e.g. antivirus solutions) are incompatible with Microsoft's patches for the Meltdown and Spectre vulnerabilities.

Multiple Vulnerabilities in VMware vRealize Hyperic monitoring and performance management product   Alert

Nov 8, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has identified a number of critical vulnerabilities affecting VMware’s vRealize Hyperic monitoring and performance management product.

New domain name changes could leave your business or organisation at risk   Alert

Mar 23, 2022 - The new domain name category, could leave your business or organisation open to fraudulent cyber activity. Register your .au domain name before it becomes available to the general public.

Important Vulnerabilities in Microsoft’s July 2023 Security Update   Alert

Jul 13, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s July 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Safer Internet Day 2021   News

Feb 9, 2021 - Safer Internet Day on 9 February 2021 aims to raise awareness of emerging online issues and share strategies everyone can use for staying secure online.

Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange.   Alert

Oct 10, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Servers 2013, 2016 and 2019 (Exchange).

Australia joins US and UK to warn of 2021 Ransomware trends   News

Feb 10, 2022 - Ransomware continues to be a global threat, and cybercriminals using ransomware pose a significant risk to Australian organisations and households.