You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 31 - 60 of 460 results.
2020-002: Critical Vulnerabilities for Microsoft Windows, Patch Urgently Advisory
Jan 15, 2020 - If you or your organisation uses any of the affected products, the ACSC recommends that you apply the patches urgently.
Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services Alert
Sep 16, 2021 - A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.
Exploitation of Unitronics Programmable Logic Controllers (PLCs) Alert
Dec 5, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about global exploitation of Programmable Logic Controllers (PLC) and is aware of reports of compromise of these devices in Australia. These devices are present in a number of critical sectors such as water, energy, fuel and healthcare.
Active exploitation of vulnerable Sitecore Experience Platform content management systems Alert
Nov 5, 2021 - There is active exploitation of a vulnerability occurring in certain versions of Sitecore Experience Platform systems. Affected Australian organisation should apply the available security update.
Guidelines for software development Advice
Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on software development.
Meltdown and Spectre patches unsuitable for some security products Advisory
Jan 11, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of reporting that a variety of security products (e.g. antivirus solutions) are incompatible with Microsoft's patches for the Meltdown and Spectre vulnerabilities.
Consider your cyber hygiene in light of global events News
Jul 1, 2025 - Around the world, geopolitical tensions remain complex as nations navigate diplomatic, economic, and military challenges. ASD’s ACSC recommends that organisations continue to review their current cyber security posture and maintain sufficient monitoring for cyber threats.
"Bulletproof" hosting providers are not so bulletproof News
Jan 22, 2025 - Many cybercriminals rely on Bulletproof Hosting (BPH) providers to carry out their unlawful activities. Read our new publication to find out more about the role that BPH providers play in the cybercrime ecosystem.
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection Advisory
May 25, 2023 - The People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection joint advisory provides examples of the cyber actor’s commands, along with detection signatures to aid network defenders in hunting for this activity.
Safe Software Deployment Publication
Oct 25, 2024 - It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements.
People’s Republic of China (PRC) State-Sponsored Cyber Actor Living Off the Land to Evade Detection Alert
May 25, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC), in conjunction with the United States (US) National Security Agency (NSA) its international partners, has released a Cybersecurity Advisory regarding a PRC state-sponsored cyber actor conducting activity impacting US critical infrastructure (CI) sectors. Because of the potential risk to CI sectors outside the US, all organisations are encouraged to review the published Advisory and report any malicious activity to the ASD's ACSC.
Potential exploitation of Click Studio’s PasswordState software Alert
Apr 27, 2021 - On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.
Identifying and Mitigating Living Off the Land Techniques Advisory
Feb 8, 2024 - This Guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies (hereafter referred to as the authoring agencies), provides information on common living off the land (LOTL) techniques and common gaps in cyber defense capabilities.
New guidance for software and service manufacturers deploying system updates News
Oct 25, 2024 - Implementing a safe software deployment program is vital for maintaining customer trust.
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection joint cybersecurity advisory News
May 25, 2023 - Today we released a joint advisory with international partners on a recently discovered cluster of activity associated with a People’s Republic of China (PRC) state-sponsored cyber actor.
Cyber incident materially affecting the price or value of the securities of an ASX-listed entity
Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) Advisory
Sep 22, 2020 - The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.
Exploitation of existing Fortinet Vulnerabilities Alert
Apr 11, 2025 - Fortinet has released information regarding exploitation of previously known vulnerabilities affecting Fortinet devices. ASD’s ACSC recommends customers follow the advice contained in Fortinet’s advisory page.
Principles of operational technology cybersecurity Publication
Oct 2, 2024 - Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cybersecurity and safety of their OT.
2023-03: ASD's ACSC Ransomware Profile – Lockbit 3.0 Advisory
Jun 15, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of Lockbit 3.0 which is the newest version of Lockbit ransomware. It is used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes as other variants such as encrypting their data, and extorting a ransom to return access to the sensitive files.
Advisory 2020-017: Resumption of Emotet malware campaign Advisory
Oct 30, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed the resumption of an ongoing and widespread campaign of malicious emails designed to spread the Emotet malware across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.
End of support Guidance
Jul 29, 2024 - ‘End of support’ is when software is no longer support by the product developer that makes it. It will no longer receive security updates, general software updates or technical support.
2022-004: ASD's ACSC Ransomware Profile – ALPHV (aka BlackCat) Advisory
Apr 14, 2022 - ALPHV (aka BlackCat, Noberus) is a ransomware variant first observed in late 2021, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia.
"Bulletproof" hosting providers Publication
Jan 22, 2025 - Bulletproof hosting (BPH) providers lease cybercriminals a virtual and/or physical infrastructure from which to operate. BPH providers are a specific class of internet infrastructure service that enables malicious actors (including cybercriminals) to host illicit content and run operations on the internet.
Australian Information Security Evaluation Program (AISEP) Program page
Jul 2, 2025 - The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyberthreats. These evaluation activities are certified by the Australian Certification Authority (ACA).
2023-01: ASD's ACSC Ransomware Profile - Royal Advisory
Jan 24, 2023 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.
Managing the risks of legacy IT: Practitioner guidance Publication
Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.
Risk management of enterprise mobility (including Bring Your Own Device) Publication
Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.
Preparing for and responding to denial-of-service attacks Publication
Mar 17, 2025 - Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.
ABC Radio interview with Head of ACSC News
Mar 31, 2021 - Abigail Bradshaw CSC, Head of Australian Cyber Security Centre, interview with Fran Kelly on ABC Radio National, 31 March 2021.
