2019-10-09
Step-by-Step Guide – Turning on Automatic Updates (For iMac & MacBook, and iPhone & iPad)
Publication
This step-by-step guide shows you how to turn on automatic updates if you use an iMac, MacBook, iPhone or iPad.
Step-by-Step Guide – Turning on Automatic Updates (For Windows 10)
This step-by-step guide shows you how to turn on automatic updates if you use Microsoft Windows 10.
2021-09-24
How to check your email account security - Outlook, Outlook.com, Microsoft 365, Live, Hotmail, and MSN
How to
This step-by-step guide will explain how to check the security of your email account for Outlook.com, Microsoft 365, Live, Hotmail, and MSN on your desktop.
How to check your email account security - Gmail
This step-by-step guide will explain how to check the security of your email account for Gmail on your desktop.
2017-02-01
Strategies to Mitigate Cyber Security Incidents – Mitigation Details
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
2021-07-16
Essential Eight Maturity Model
The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting.
2021-09-15
ACSC Annual Cyber Threat Report 2020-21
Reports and statistics
ACSC Annual Cyber Threat Report - 1 July 2020 to 30 June 2021
2020-06-26
Risk Management of Enterprise Mobility Including Bring Your Own Device
This document has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cyber security practitioners.
An Examination of the Redaction Functionality of Adobe Acrobat Pro DC 2017
This document provides guidance on the efficacy of redaction facilities within Adobe Acrobat Pro DC 2017 and is intended for information technology and information security professionals within organisations looking to redact sensitive or personal information from PDF documents before releasing them into the public domain or to other third parties.
2020-07-27
Anatomy of a Cloud Assessment and Authorisation
The Anatomy of a Cloud Assessment and Authorisation is co-designed with industry to support the secure adoption of cloud services across government and industry.
2020-05-22
Advisory 2020-004: Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors
Advisory
This advisory is focused around the targeting of CVE-2019-18935 but has significant overlap to the previously released ACSC 2019-126 advisory.
2020-11-25
Terminate ransomware programs with Task Manager (Microsoft Windows 10)
If you are experiencing a ransomware attack, follow these three steps to identify and stop a potential ransomware program running on your Windows 10 computer.
2018-10-07
One in four Australians hit by cybercrime - reversing the threat
Media release
Cybercrime and cyber-enabled crime is harming more and more Australians every day, and it’s time to reverse the threat.
Data Spill Management Guide
A data spill is the accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to persons without a need-to-know. A data spill is sometimes referred to as information disclosure or a data leak. Data spills are considered cyber security incidents and should be reported to the Australian Cyber Security Centre (ACSC).
2020-06-23
Step 1: Screen every profile image using a reverse online image search
Scammers steal photographs of real people to create realistic profiles. Reverse image searches of profile pictures can help you spot the difference between a genuine and a fake profile – it can also confirm if the image has been used before in a scam.
Step 2: Do some further screening of the profile
The reverse image check might still have missed the scammer profile. Take your time and look for the following
2019-126: Vulnerable version of Telerik UI being actively exploited by APT actor
Alert
The Australian Cyber Security Centre (ACSC) has become aware that Advanced Persistent Threat (APT) actors have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publicly available exploits. Successful exploitation could allow an attacker to upload files to the vulnerable server to facilitate further compromise.
Step-by-Step Guide
Glossary
Implementing Multi-Factor Authentication
Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
2020-12-03
How to Combat Fake Emails
Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration. Using DMARC with DomainKeys Identified Mail (DKIM) to sign emails provides further safety against fake emails. Likewise, organisations can better protect their users against fake emails by ensuring their email systems use and apply SPF, DKIM and DMARC policies on inbound email.
2020-09-15
Step-by-step guides
Content navigation
The Australian Cyber Security Centre’s step-by-step guides provide individuals and families easy to understand cyber security instructions for specific software, applications and devices.
2020-08-24
The step-by-step guides detail basic cyber security instructions for specific software, applications and devices.
Implementing Certificates, TLS, HTTPS and Opportunistic TLS
Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information.
2021-07-12
Hardening Microsoft Windows 10 version 21H1 Workstations
Workstations are often targeted by an adversary using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening workstations is an important part of reducing this risk. This document provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 version 21H1.
2020-07-01
Turning on Automatic Updates – For Microsoft Windows 10
How to turn on automatic updates can differ depending on your operating system and your programs. This guide steps you through turning on automatic updates on a desktop computer for the Microsoft Windows 10 operating system.
2021-01-14
Domain Name System Security for Domain Resolvers
This publication provides information on Domain Name System (DNS) security for recursive resolution servers, as well as mitigation strategies to reduce the risk of DNS resolver subversion or compromise. Organisations should implement the mitigation strategies in this publication to improve the security of their DNS infrastructure.
2021-06-10
The Commonwealth Cyber Security Posture in 2020
The Commonwealth Cyber Security Posture in 2020 report informs the Parliament of the status of the Commonwealth’s cyber security posture. Overall, the report found that Commonwealth entities continued to improve their cyber security in 2020. Ongoing effort is required to maintain the currency and effectiveness of cyber security measures.
2020-07-09
Turning on Two-Factor Authentication – Twitter
This step-by-step guide shows you how to turn on two-factor authentication (2FA) on your computer and mobile devices for Twitter.
2021-02-18
Security Configuration Guide – Samsung Galaxy S10, S20 and Note 20 Devices
The ACSC has developed this guide to assist Australian’s to understand the risks when deploying Samsung Galaxy S10 and S20 devices.
Backing Up and Restoring Your Files – For Mac (Using an External Storage Device)
How to back up and restore files on your Mac using an external hard drive.
