Skip to main content
Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam

Report

Contact us

Portal login

  • About us

    About us

    Learn about who we are and what we do.

    About us
    • About ASD's ACSC
      • Who we are
      • Alerts and advisories
      • News
      • Reports and statistics
      • Contact us
  • Learn the basics

    Learn the basics

    Interactive tools and advice to boost your online safety.

    Learn cyber security Sign up for alerts
    • Explore the basics
      • Recognise and report scams
      • Set secure passphrases
      • Set up and perform regular backups
      • Turn on multi-factor authentication
      • Update your devices
      • Watch out for threats
      • Small business
      • Seniors
    • View resources
      • Glossary
      • Quiz library
      • Resources library
      • Translated Information
  • Protect yourself

    Protect yourself

    Advice and information about how to protect yourself online.

    Protect yourself Easy steps to secure yourself online Sign up for alerts
    • Securing your accounts
      • Multi-factor authentication
      • Passphrases
      • Passkeys
    • Securing your devices
      • How to secure your devices
      • How to back up your files and devices
      • How to update your device and software
    • Securing your email
      • Email security
    • Staying secure online
      • Connecting with others online
      • Protect yourself from scams
      • Online shopping
      • Connecting to public Wi-Fi and hotspots
      • Secure your Wi-Fi and router
      • Cybersecurity for charities and not-for-profits
    • Resources to protect yourself
      • Protecting your family
      • Personal cyber security guides
  • Threats

    Threats

    Common online security risks and advice on what you can do to protect yourself.

    Threats Report a cybercrime Sign up for alerts
    • Types of threats
      • Account compromise
      • Business email compromise
      • Cryptomining
      • Data breaches
      • Hacking
      • Identity theft
      • Malicious insiders
      • Malware
      • Phishing
      • Quishing
      • Ransomware
      • Scams
      • Social engineering
  • Report and recover

    Report and recover

    Respond to cyber threats and take steps to protect yourself from further harm.

    Report and recover Make a report Sign up for alerts
    • Report
      • Report a cybercrime, incident or vulnerability
      • Cybercrime - getting help
      • Single Reporting Portal
    • How we help during a cybersecurity incident
      • ASD’s role in cybersecurity: For legal practitioners
      • Supporting Australian organisations through a cybersecurity incident
      • Limited Use
    • Recover from
      • Account compromise
      • Business email compromise
      • Data breaches
      • Hacking
      • Identity theft
      • Malware
      • Ransomware
      • Scams
  • Resources for Business and Government

    Resources for business and government

    Resources for business and government agencies on cyber security.

    Resources for business and government Become an ASD partner Alerts and advisories Exercise in a Box
    • Essential cybersecurity
      • Critical Infrastructure
      • Essential Eight
      • Information security manual
      • Protecting your business and employees
      • Publications
      • Small business cyber security
      • Strategies to mitigate cyber security incidents
    • Maintaining devices and systems
      • Operational technology environments
      • ASD's Blueprint for Secure Cloud
      • Cloud security guidance
      • Outsourcing and procurement
      • Remote working and secure mobility
      • System hardening and administration
    • Governance and user education
      • Governance
      • User education
      • Artificial intelligence
      • Incident response
      • Modern defensible architecture
      • Secure by Design
    • Assessment and evaluation programs
      • Australian Information Security Evaluation Program (AISEP)
      • Critical Infrastructure Uplift Program (CI-UP)
      • Emanation Security Program
      • High Assurance Evaluation Program
      • Infosec Registered Assessors Program (IRAP)
      • Essential Eight Assessment Course
  • Contact us
  • Report a cybercrime or cyber security incident
  • Portal login
Australian Cyber
Security Hotline
1300 CYBER1 (1300 292 371)

Search

Filter results by

Content type

  • Advice and guidance
  • Alerts and advisories
  • News and media releases
  • Programs
  • Publications
  • Reports and statistics
  • Threats

Audience

  • Individuals & families
  • Small & medium businesses
  • Organisations & Critical Infrastructure
  • Government

Displaying search results for
Displaying 181 - 210 of 712 results.

Applied filters
Clear all filters

/about-us/advisories/2021-010-asdacsc-ransomware-profile-conti

2021-010: ASD's ACSC Ransomware Profile - Conti   Advisory

Mar 4, 2022 - Conti is a ransomware variant first observed in early 2020, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Conti is offered as a Ransomware-as-a-Service (RaaS), enabling affiliates to utilise it as desired, provided that a percentage of the ransom payment is shared with the Conti operators as commission. This product provides information related to Conti’s background, threat activity, and mitigation advice.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-hardening/hardening-linux-workstations-and-servers

Hardening Linux workstations and servers   Publication

Nov 27, 2023 - This publication has been developed to assist organisations in understanding how to harden Linux workstations and servers.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/network-hardening/defending-against-malicious-use-tor-network

Defending against the malicious use of the Tor network   Publication

Oct 6, 2021 - The Tor network is a system that conceals a user’s IP address. It allows anonymous – and often malicious – communication. This guidance shares advice on how to detect and prevent traffic from the Tor network.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/view-all-content/alerts-and-advisories/critical-vulnerability-in-popular-java-framework-apache-struts-2

Critical Vulnerability in popular Java framework Apache Struts2   Alert

Dec 14, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about a critical Remote Code Execution (RCE) vulnerability in Apache Struts2. This primarily affects Java applications which use this framework. Apache Struts2 is widely used in enterprise and bespoke Java applications.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/essential-cybersecurity/protecting-your-business-and-employees/business-resources/first-nations-resources

First Nations Business Resources   Guidance

Jan 5, 2023 - Cybercriminals are finding new ways to target First Nations businesses all the time. There are a few simple things you can do to keep yourself and your business secure online.

Small & medium businesses
/protect-yourself/resources-protect-yourself/personal-cybersecurity-guides/personal-cybersecurity-advanced-steps

Personal cybersecurity: Advanced steps guide   Guidance

Mar 23, 2023 - The third and final cybersecurity guide in the personal cybersecurity series is designed to help everyday Australians understand an advanced level of cybersecurity and how to take action to protect themselves from cyberthreats.

Individuals & families
/ransomware-playbook

Ransomware Playbook   Guidance

Oct 10, 2024 - This interactive guide is here to assist you with taking all of the appropriate steps to prepare for, respond to and recover from a ransomware incident.

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/best-practices-event-logging-threat-detection

Best practices for event logging and threat detection   Publication

Aug 22, 2024 - This publication defines a baseline for event logging best practices to mitigate cyberthreats.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action

APT40 Advisory   Advisory

Jul 9, 2024 - This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre and international partners, outlines a People’s Republic of China (PRC) state-sponsored cyber group and their current threat to Australian networks.

Organisations & Critical Infrastructure
Government
/about-us/advisories/protecting-against-cyber-threats-managed-service-providers-and-their-customers

Protecting Against Cyber Threats to Managed Service Providers and their Customers   Advisory

May 12, 2022 - This advisory describes cybersecurity best practices for information and communications technology (ICT), focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data.

Organisations & Critical Infrastructure
/about-us/view-all-content/alerts-and-advisories/silent-heist-cybercriminals-use-information-stealer-malware-compromise-corporate-networks

The silent heist: cybercriminals use information stealer malware to compromise corporate networks   Advisory

Sep 2, 2024 - Information stealer malware steals user login credentials and system information that cyber threat actors exploit, predominantly for monetary gain. Information stealers have been observed in attacks against multiple organisations and sectors worldwide, including Australia. This advisory provides readers with cyber security guidance on information stealers, including threat activity and mitigation advice for individuals and organisations.

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
/protect-yourself/securing-your-accounts/password-managers

Password managers   Guidance

May 12, 2025 - Learn how to create and store passwords in a secure location for your important accounts.

Individuals & families
Small & medium businesses
/about-us/news/joint-advisory-released-managed-service-providers-and-customers-mitigate-cybersecurity-risks

Joint advisory released for Managed Service Providers and Customers to mitigate cybersecurity risks   News

May 12, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has today joined with international cyber security agency partners, to warn Managed Service Providers (MSP) of pressing cyber risks and provide guidance on suitable mitigations for them and their customers.

Small & medium businesses
Organisations & Critical Infrastructure
/about-us/view-all-content/alerts-and-advisories/2022-top-routinely-exploited-vulnerabilities

2022 Top Routinely Exploited Vulnerabilities   Advisory

Aug 4, 2023 - This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).

Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/media-releases/us-uk-and-australia-issue-joint-cybersecurity-advisory

U.S., U.K., and Australia Issue Joint Cybersecurity Advisory   News

Jul 28, 2021 - Cyber Agencies Share Top Routinely Exploited Vulnerabilities

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
Government
/about-us/view-all-content/publications/bulletproof-hosting-providers

"Bulletproof" hosting providers   Publication

Jan 22, 2025 - Bulletproof hosting (BPH) providers lease cybercriminals a virtual and/or physical infrastructure from which to operate. BPH providers are a specific class of internet infrastructure service that enables malicious actors (including cybercriminals) to host illicit content and run operations on the internet.

Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-administration/restricting-administrative-privileges

Restricting administrative privileges   Publication

Nov 27, 2023 - Learn how to restrict the use of administrative privileges. Restricting administrative privileges forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/governance-and-user-education/modern-defensible-architecture/foundations-modern-defensible-architecture

Foundations for modern defensible architecture   Publication

Feb 10, 2025 - The Foundations represent the first step to help organisations adopt a ‘modern defensible architecture’ approach, which will enable them to evolve alongside the threat landscape.

Organisations & Critical Infrastructure
Government
/protect-yourself/staying-secure-online/cybersecurity-for-charities-and-not-for-profits

Cybersecurity for charities and not-for-profits   Guidance

Mar 12, 2024 - How to avoid common cyberthreats and protect your mission .

Small & medium businesses
/about-us/alerts/australian-organisations-encouraged-urgently-adopt-enhanced-cyber-security-posture

Australian organisations encouraged to urgently adopt an enhanced cyber security posture   Alert

Mar 28, 2022 - Australian organisations are encouraged to urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.

Organisations & Critical Infrastructure
/about-us/advisories/gootkit-loader-continues-be-used-multiple-australian-networks

Gootkit Loader continues to be used on multiple Australian networks   Advisory

Dec 23, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) continues to observe instances of Gootkit JavaScript (JS) Loaders on multiple Australian networks in 2022. Open source reporting also indicates continued Gootkit activity.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/report-and-recover/recover-from/ransomware/protect-yourself-from-ransomware

Protect yourself from ransomware   Guidance

Feb 12, 2025 - A ransomware attack could block you from accessing your device or the information on it. Take some time to consider how a ransomware attack might affect you.

Individuals & families
Small & medium businesses
/resources-business-and-government/essential-cybersecurity/ism/cybersecurity-guidelines/guidelines-procurement-and-outsourcing

Guidelines for procurement and outsourcing   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on procurement and outsourcing activities.

Organisations & Critical Infrastructure
Government
/about-us/view-all-content/alerts-and-advisories/citrix-products-netscaler-adc-and-netscaler-gateway-zero-day-vulnerability

Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities   Alert

Nov 29, 2023 - A malicious actor can exploit the vulnerability to execute code remotely without authentication. Organisations using Citrix products NetScaler ADC and NetScaler Gateway, possibly including Government and medium to large organisations. Ensure the latest release of NetScaler ADC and NetScaler Gateway have been installed.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/critical-infrastructure/principles-operational-technology-cybersecurity

Principles of operational technology cybersecurity   Publication

Oct 2, 2024 - Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cybersecurity and safety of their OT.

Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/essential-cybersecurity/small-business-cybersecurity/small-business-cloud-security-guide/technical-example-multi-factor-authentication

Small Business Cloud Security Guides: Technical Example - Multi-Factor Authentication   Publication

Dec 16, 2022 - Multi-factor authentication (MFA) makes it harder for adversaries to use compromised user credentials to access an organisation’s systems. It is one of the most important cybersecurity measures an organisation can implement.

Small & medium businesses
/resources-business-and-government/essential-cybersecurity/ism/cybersecurity-guidelines/guidelines-cybersecurity-documentation

Guidelines for cybersecurity documentation   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity documentation.

Organisations & Critical Infrastructure
Government
/resources-business-and-government/essential-cybersecurity/small-business-cybersecurity/small-business-cloud-security-guide/technical-example-configure-macro-settings

Small Business Cloud Security Guides: Technical Example - Configure Macro Settings   Publication

Dec 16, 2022 - Configuring macro settings protects an organisation’s systems from malicious macros. Macros are powerful tools. They were introduced to improve productivity however their functionality can also be used by cyber criminals to compromise a user’s system.

Small & medium businesses
/about-us/alerts/critical-remote-code-execution-vulnerability-found-log4j2-library

Critical remote code execution vulnerability found in the Log4j library   Alert

Dec 21, 2021 - A vulnerability (CVE-2021-44228) exists in certain versions of the Log4j library. A malicious cyber actor could exploit this vulnerability to execute arbitrary code. Australian organisations should apply latest patches immediately where Log4j is known to be used.

Individuals & families
Small & medium businesses
Organisations & Critical Infrastructure
Government
/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/legacy-it-management/managing-risks-legacy-it-executive-guidance

Managing the risks of legacy IT: Executive guidance   Publication

Jun 12, 2024 - This publication provides high-level and strategic guidance for an organisation’s executive seeking to manage the risks of legacy IT.

Small & medium businesses
Organisations & Critical Infrastructure
Government

Pagination

  • First page « First
  • Previous page ‹‹
  • …
  • Page 3
  • Page 4
  • Page 5
  • Page 6
  • Current page 7
  • Page 8
  • Page 9
  • Page 10
  • Page 11
  • …
  • Next page ››
  • Last page Last »
Report a cybersecurity incident for critical infrastructure
Get alerts on new threats Alert Service
Become an ASD Partner
Report a cybercrime or cybersecurity incident
Acknowledgement of Country Circle
Acknowledgement of Country

We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities.
We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Australian Cyber Security Hotline 1300 CYBER1 (1300 292 371)
  • Contact us
  • Glossary
  • View all content
  • Copyright
  • Privacy
  • Accessibility
  • Disclaimer
  • Careers
  • Social media terms of use

Popular pages

  • Essential Eight
  • Alerts and advisories
  • Information Security Manual
Authorised by the Australian Government, Canberra