Search

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities   Advisory

Nov 22, 2021 - Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organisations.

Protecting your staff   Guidance

Apr 11, 2023 - An incident response plan can help organisations to respond to cybersecurity incidents while continuing to conduct business operations.

Australia’s second ever cyber sanction imposed   News

May 8, 2024 - Today the Australian Government, along with our international partners, has imposed a targeted financial sanction and travel ban on Russian citizen Dmitriy Khoroshev, for his leadership role in the notorious LockBit ransomware group.

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations   Advisory

Sep 15, 2022 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has joined with international cyber security agency partners to co-author an advisory on continued Iranian state-sponsored cyber threats. Organisations are encouraged to apply the recommended mitigations to protect themselves online.

TMUI remote code execution vulnerability - CVE-2020-5902   Alert

Jul 6, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

Sextortion email campaign impacting Australians   Alert

Apr 16, 2020 - A large number of Australians are being impacted by an email ‘sextortion’ campaign in which the cyber scammers responsible have threatened to release personal and sensitive information to the recipients’ contacts unless the scammer is paid in cash or bitcoin.

Cisco IOS XE Software Web UI Zero Day Vulnerability   Alert

Oct 25, 2023 - A previously unknown vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software could allow a malicious actor to take control of vulnerable devices. All Australian organisations should follow the recommendations published by Cisco.

Shifting the Balance of Cybersecurity Risk   Publication

Oct 17, 2023 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the following international partners provide the recommendations in this guide as a roadmap for technology manufacturers to ensure security of their products.

Cyber Security Awareness Month 2023   News

Sep 25, 2023 - October is Cyber Security Awareness Month, a time for all Australians to improve their cyber security knowledge and take action to protect their information and devices.

Limited use obligation is now law   News

Dec 10, 2024 - On 29 November 2024, the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 became law.

Cyber Security Awareness Month 2022   News

Sep 30, 2022 - October is Cyber Security Awareness Month and this year the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) theme is Have you been hacked?

Boost your cyber defences with backups   News

Aug 17, 2021 - Backing up your data is one of the best defences against ransomware attacks conducted by the opportunistic cyber criminals who continue to threaten Australian businesses, organisations, and families.

Microsoft Releases Security Updates for Microsoft Edge Browser   Alert

Jun 30, 2021 - On June 24 2021, Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.

Google Releases Security Updates for Chrome Browser   Alert

Jun 21, 2021 - On June 17 2021, Google released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. The patch notes for this version can be viewed at Chrome Release Note.

Guidelines for evaluated products   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on evaluated products.

Log4j: What Boards and Directors Need to Know   Advisory

Jan 7, 2022 - Log4j is a software library used as a building block found in a wide variety of Java applications. The Log4j vulnerability – otherwise known as Log4Shell – is trivial to exploit, and represents a significant business continuity risk. This publication outlines what Boards and Directors need to know in order to protect their businesses.

Account compromise   Threat

Nov 10, 2023 - Account compromise is when criminals get unauthorised access to your email, banking, or other accounts.

New ASD’s ACSC guidance released to help Australians avoid risks related to social media and messaging applications   News

Jul 14, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has today released updated guidance to help all Australians better understand how social media and messaging apps can pose a risk to the security and privacy of individuals and organisations.

The Case for Memory Safe Roadmaps   Publication

Dec 7, 2023 - This guidance provides manufacturers with steps to create memory safe roadmaps and implement changes to eliminate memory safety vulnerabilities from their products.

Sextortion campaign - What to do if you receive the email   Advisory

Apr 16, 2020 - In most cases, there is no reason to be concerned. These emails are typically generated in their thousands by online scammers using limited personal details, with the aim of intimidating recipients into paying the ransom.

Multiple vulnerabilities present in F5 products   Alert

May 9, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a F5 Security Advisory Addressing Multiple Vulnerabilities in their BIG-IP Product Range. Affected Australian organisations should take appropriate action.

SonicWall devices targeted with ransomware utilising stolen credentials   Alert

Aug 3, 2021 - SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of likely related activity targeting Australian organisations.

Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns   Advisory

Dec 8, 2023 - The Russia-based actor is targeting organisations and individuals in the UK and other geographical areas of interest.

CISA, FBI, NSA, and international partners issue advisory on demonstrated threats and capabilities of Russian state-sponsored and cyber criminal actors   News

Apr 22, 2022 - Since Russia’s invasion of Ukraine in February, the risk of malicious cyber operations by Russian state-sponsored and criminal cyber actors has increased. The threats to critical infrastructure could impact organisations both within and beyond Ukraine.

Personal cybersecurity: First steps guide   Guidance

Apr 14, 2023 - The first of three cybersecurity guides in the personal cybersecurity series is designed to help everyday Australians understand a basic level of cybersecurity and how to take action to protect themselves from cyberthreats.

Guidelines for procurement and outsourcing   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on procurement and outsourcing activities.

Advice for Malicious Cyber Activity by Iran   News

Sep 15, 2022 - Australian organisations are urged to be alert to continued malicious cyber activity conducted by Advanced Persistent Threat (APT) actors, assessed to be affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).

Identifying cyber supply chain risks   Publication

May 22, 2023 - This guidance has been developed to assist organisations in identifying risks associated with their use of suppliers, manufacturers, distributors and retailers (i.e. businesses that constitute their cyber supply chain).

ASD's ACSC participation in Asia Pacific Computer Emergency Response Team (APCERT) Drill   News

Aug 25, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has joined international partners in the annual Asia Pacific Computer Emergency Response Team (APCERT) Drill.

So you think you've been hacked  

Sep 1, 2022 - Use our interactive tool to find out what to do learn what steps to take if you think you’re the a victim of a cybercrime.