Search

Critical Vulnerability affecting Fortinet’s FortiClientEMS   Alert

Mar 22, 2024 - ASD’s ACSC is aware of a critical vulnerability (CVE-2023-48788) affecting Fortinet’s FortiClientEMS. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.

Reports and statistics  

Nov 3, 2022 - Find the latest cyber security reports and statistics

New fact sheet for critical infrastructure leaders – actions to mitigate PRC state-sponsored cyber activity   News

Mar 20, 2024 - The fact sheet provides guidance for critical infrastructure leadership to protect their infrastructure and critical functions from Volt Typhoon – a state-sponsored cyber actor linked to the People’s Republic of China (PRC).

PRC state-sponsored cyber group APT40’s expanding tradecraft and tactics    News

Jul 9, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released a new joint advisory with international partners on the People’s Republic of China (PRC) Ministry of State Security (MSS) tradecraft in action.

An introduction to Artificial Intelligence   News

Nov 24, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released an introduction to Artificial Intelligence (AI).

Ransomware targeting Australian aged care and healthcare sectors   Alert

Aug 2, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of increased targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.

TMUI remote code execution vulnerability - CVE-2020-5902   Alert

Jul 6, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

Managing the risks of legacy IT: Practitioner guidance   Publication

Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.

Secure-by-Design Foundations   News

Jul 31, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released updated guidance to help technology manufacturers and those who use their digital product or service to adopt secure-by-design principles.

New joint advisory on PRC botnet operations released   News

Sep 19, 2024 - Protect your organisation and yourself from botnet operations.

High Severity Vulnerability present in Microsoft Outlook for Windows   Alert

Mar 29, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a Microsoft Outlook for Windows vulnerability. All Australian organisations using all versions of Microsoft Outlook for Windows should apply the available patch immediately.

Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway products   Alert

Jan 18, 2024 - ASD’s ACSC is aware of multiple vulnerabilities (CVE-2023-6548 and CVE-2023-6549) in Citrix NetScaler products (NetScaler ADC and NetScaler Gateway). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.

Back-up data to defend against cybercrime   News

Mar 31, 2021 - On World Back-up Day, the Australian Government is urging businesses, organisations and individuals to back-up their digital information to protect themselves against compromise.

LockBit 2.0 ransomware incidents in Australia   Alert

Aug 5, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia.

Multi-factor authentication for stronger cyber protection   News

Feb 25, 2021 - Australians are being urged to strengthen proof of identity protections to help stop cybercriminals gaining unauthorised access to online information and accounts.

Multiple vulnerabilities in Jenkins products   Alert

Jan 30, 2024 - ASD’s ACSC is aware of multiple vulnerabilities impacting Jenkins products including CVE 2024-23897 (Critical) & CVE-2024-23898 (High). Organisations using Jenkins products are strongly advised to follow the mitigation advice provided by Jenkins and patch affected versions.

How the ASD's ACSC can help during a cyber security incident   News

Sep 11, 2023 - The Australian Signal’s Directorate’s Australian Cyber Security Centre’s (ASD's ACSC) incident management capabilities provide technical advice and assistance to support Australian organisations through a cyber security incident response.

Microsoft introduces Exchange Emergency Mitigation service   News

Oct 1, 2021 - Microsoft has launched a new optional protection for Microsoft Exchange servers.

Cyber Security Awareness Month 2023   News

Sep 25, 2023 - October is Cyber Security Awareness Month, a time for all Australians to improve their cyber security knowledge and take action to protect their information and devices.

Seeking industry feedback on new ASD Foundations for Secure-by-Design   News

Nov 2, 2023 - Have your say on how Secure-by-Design practices should look.

Essential Eight Assessment Course   News

Jul 4, 2023 - Today, the Australian Signals Directorate has launched the Essential Eight Assessment Course pilot in collaboration with TAFEcyber.

Critical Infrastructure  

Jul 22, 2024 - Technical advice and non-regulatory guidance for critical infrastructure.

Multiple vulnerabilities present in F5 products   Alert

May 9, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a F5 Security Advisory Addressing Multiple Vulnerabilities in their BIG-IP Product Range. Affected Australian organisations should take appropriate action.

Securing Customer Personal Data for Small to Medium Businesses   News

Nov 17, 2023 - As data breaches increasingly impact Australian businesses and their customers, it’s crucial for businesses to improve their data security practices and ensure their customers’ personal data is handled appropriately.

Joint guide for cybersecurity best practices for Smart Cities   News

Apr 20, 2023 - This guide provides three recommendations to help communities strengthen their cyber posture.

Vulnerability in Ivanti Endpoint Manager Mobile (EPMM)   Alert

Jul 25, 2023 - This Alert is relevant to Australians who are running Ivanti EPMM. This alert is intended to be understood by slightly more technical users. Users are encouraged to immediately apply any available patches.

Secure your NAS device   Guidance

Nov 29, 2024 - Protect your network-attached storage (NAS) device and the important data it holds with this guide.

The Silent Heist: Cybercriminals use information stealer malware to compromise corporate networks   News

Sep 2, 2024 - New advisory released on information stealer malware used in cybercrime attacks.

Iranian Government-Sponsored APT Cyber Actors   Alert

Nov 17, 2021 - FBI and CISA have observed an Iranian government-sponsored APT group that are exploiting vulnerabilities to gain access to systems. The APT group has exploited the same Microsoft Exchange vulnerability in Australia.

Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors   Alert

Sep 24, 2021 - A vulnerability exists in certain versions of ManageEngine ADSelfService Plus. A cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian organisations should apply the available security update.