You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 181 - 210 of 718 results.
Information security incident affecting APRA-regulated entities
Information security weakness affecting APRA-regulated entities
Barracuda Email Security Gateway (ESG) malicious activity – additional Indicators of Compromise released Alert
Dec 25, 2023 - Update: ASD's ACSC is aware of active exploitation of a third party library, Spreadsheet::ParseExcel, leading to potential Arbitrary Code Execution in Barracuda ESG appliances (CVE-2023-7101 and CVE-2023-7102).
Cyber incident affecting the handling of Security Sensitive Biological Agents
Breaches in Financial Stability Standards for Central Counterparties and Securities Settlement Facilities
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection joint cybersecurity advisory News
May 25, 2023 - Today we released a joint advisory with international partners on a recently discovered cluster of activity associated with a People’s Republic of China (PRC) state-sponsored cyber actor.
Cyber incident materially affecting the price or value of the securities of an ASX-listed entity
Managing cryptographic keys and secrets Publication
Aug 26, 2025 - This guide has been developed to help organisational personnel in understanding the threat environment and the value of implementing secure keys and secrets management to make better informed decisions.
Protect your cryptographic keys and secrets from malicious cyber actors News
Aug 26, 2025 - New guidance available for organisations using cryptographic keys and secrets.
New zero trust guidance – seeking industry feedback News
Feb 10, 2025 - Have your say on new Foundations for modern defensible architectures, including zero trust and secure-by-design principles.
Cloud assessment and authorisation Publication
Jan 18, 2024 - This publication is co-designed with industry to support the secure adoption of cloud services across government and industry.
Modern defensible architecture Publication
Feb 10, 2025 - Modern defensible architecture is the first step in Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC)’s push to ensure that secure architecture and design are being considered and applied by organisations in their cyber security and resilience planning.
Threat update: COVID-19 malicious cyber activity 27 March 2020 Advisory
Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.
Information stealer malware Guidance
Jul 15, 2025 - Information stealer malware is a type of malware designed to steal sensitive data from devices. This can include user credentials, browser data and more.
Preventing Web Application Access Control Abuse Advisory
Jul 28, 2023 - The Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.
COVID-19 themed malicious cyber activity Advisory
Implementing network segmentation and segregation Publication
Oct 6, 2021 - Learn about practical strategies to make it harder for malicious actors to access sensitive data. This guidance is for those responsible for an organisation’s network architecture and design.
Health Sector Snapshot News
Feb 10, 2021 - This Sector Snapshot is designed to enhance awareness of key cyber security threats in the health sector and advise executives and cyber security professionals within the health sector on what they can do to protect their organisation from cyber threats. This report provides a high-level overview of the cyber security environment from 1 January to 31 December 2020.
Essential Eight assessment course Program page
Jul 3, 2023 - The Essential Eight Assessment Course will help you understand the intent and application of the Essential Eight, learn to use ASD designed tools, and accurately test the implementation of the Essential Eight.
2020 Health Sector Snapshot Reports and statistics
Feb 22, 2021 - This Sector Snapshot is designed to enhance awareness of key cyber security threats in the health sector and advise executives and cyber security professionals within the health sector on what they can do to protect their organisation from cyber threats. This report provides a high-level overview of the cyber security environment within the health sector over a twelve month period (1 January to 31 December 2020).
Guidelines for software development Advice
Sep 22, 2025 - This chapter of the Information security manual (ISM) provides guidance on software development.
Infamous Chisel Advisory
Aug 31, 2023 - Malware Analysis Report. A collection of components designed to enable remote access and exfiltrate information from Android phones.
Vulnerability disclosure programs explained Publication
Dec 12, 2024 - A vulnerability disclosure program (VDP) is a collection of processes and procedures designed to identify, verify, resolve and report on vulnerabilities disclosed by people who may be internal or external to organisations. The importance of developing, implementing and maintaining a well thought-out VDP cannot be underestimated. It is an integral part of professional organisations’ business operations.
Guidelines for gateways Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.
2023 top routinely exploited vulnerabilities Advisory
Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets. The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.
Guidelines for communications infrastructure Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications infrastructure.
Guidelines for system hardening Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system hardening.
Guidelines for procurement and outsourcing Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on procurement and outsourcing activities.
Fundamentals of Cross Domain Solutions Publication
Oct 6, 2021 - This publication introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains.
Guidelines for networking Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on networking.
