Search

Vulnerability disclosure programs explained   Publication

Dec 12, 2024 - A vulnerability disclosure program (VDP) is a collection of processes and procedures designed to identify, verify, resolve and report on vulnerabilities disclosed by people who may be internal or external to organisations. The importance of developing, implementing and maintaining a well thought-out VDP cannot be underestimated. It is an integral part of professional organisations’ business operations.

Email security  

Jul 29, 2024 - Protect yourself, your employees and business from an email security incident before it's too late.

Choosing secure and verifiable technologies   Publication

Dec 5, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and international partners have provided recommendations in this guide as a roadmap for choosing secure and verifiable technologies.

Cyber security best practices for smart cities   Publication

Apr 20, 2023 - This guidance is the result of a collaborative effort from the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ).

Microsoft Exchange ProxyShell Targeting in Australia   Alert

Aug 19, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.

Technical example: Application control   Publication

Dec 16, 2022 - Application control restricts the ability of an application to run or install on a device. Application control makes it harder for users to intentionally or unintentionally install unwanted or malicious software.

Antivirus software   Guidance

Apr 11, 2023 - The consequences of viruses, spyware and other malicious software can be serious and far reaching. Follow our guidance about using antivirus software.

Protecting Against Cyber Threats to Managed Service Providers and their Customers   Advisory

May 12, 2022 - This advisory describes cybersecurity best practices for information and communications technology (ICT), focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data.

ASD's ACSC Annual Cyber Threat Report, July 2021 to June 2022   Reports and statistics

Nov 4, 2022 - The Annual Cyber Threat Report is the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) flagship unclassified publication. The Report provides an overview of key cyberthreats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online.

Essential Eight Assessment Course   News

Jul 4, 2023 - Today, the Australian Signals Directorate has launched the Essential Eight Assessment Course pilot in collaboration with TAFEcyber.

Important Vulnerabilities in Microsoft’s October 2023 Security Update   Alert

Oct 13, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about vulnerabilities disclosed in Microsoft’s October 2023 Security Update. Government, businesses and individuals should patch their Microsoft products and apply any recommended mitigations as soon as possible.

Sextortion campaign - What to do if you receive the email   Advisory

Apr 16, 2020 - In most cases, there is no reason to be concerned. These emails are typically generated in their thousands by online scammers using limited personal details, with the aim of intimidating recipients into paying the ransom.

ASD's ACSC has launched a new campaign on Business Email Compromise   News

Jun 28, 2022 - With the end of the financial year ushering in tax season, Australians are urged to strengthen their email security and be alert to criminals trying to fool them into making false payments or giving up details that could make them an easy target for cyber crime.

Artificial intelligence and machine learning: Supply chain risks and mitigations   Publication

Oct 16, 2025 - This guidance is intended for organisations and staff that deploy or develop AI or ML systems and components.

Secure connectivity principles for Operational Technology (OT)   Publication

Jan 15, 2026 - How organisations should design, secure, and manage connectivity in operational technology (OT).

Using the Information security manual   Advice

Dec 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on using the ISM.

A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity   Publication

Sep 4, 2025 - This guidance, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and international partners, presents a shared vision of Software Bill of Materials (SBOM) and the value that increased software component and supply chain transparency can offer to the global community.

Scattered Spider   Advisory

Jul 30, 2025 - This joint Cybersecurity Advisory is in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors, subsectors, and other sectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as June 2025

Privacy Awareness Week 2023   News

Apr 28, 2023 - The Australian Cyber Security Centre (ACSC) is supporting with the Office of the Australian Information Commissioner (OAIC) to support Privacy Awareness Week.

Cyber Security Awareness Month 2024   News

Oct 1, 2024 - October is Cyber Security Awareness Month, a time for all Australians to talk about cyber security and take action to protect their devices and accounts.