Search

Contact us   Service

Feb 25, 2023 - Contact ASD's ACSC for general enquiries and media enquiries.

Detecting socially engineered messages   Publication

Oct 6, 2021 - Socially engineered messages pose a significant threat to organisations. They can have a big impact, helping malicious actors access accounts, systems or sensitive information. Learn how to spot a socially engineered message, including through email, SMS, social media or messaging apps.

Recovering compromised bank accounts and online payment accounts   Guidance

Nov 10, 2023 - Bank accounts are among the most important accounts to us and the most prized accounts to cybercriminals.

2021-003: Ongoing campaign using Avaddon Ransomware   Advisory

May 8, 2021 - The Australian Cyber Security Centre (ACSC) is aware of an ongoing ransomware campaign utilising the Avaddon Ransomware malware. This campaign is actively targeting Australian organisations in a variety of sectors. This advisory provides details of Avaddon threat actors, dark web activity, targeted countries and sectors, the malware infection chain, and known Techniques, Tools, and Procedures (TTPs). If activity is identified relating to this advisory please report any findings to the ACSC.

APT exploitation of Fortinet Vulnerabilities   Alert

Apr 3, 2021 - Advanced Persistent Threat (APT) actors targeting historic Fortinet vulnerabilities.

Small Business Cloud Security Guides: Technical Example - User Application Hardening   Publication

Dec 16, 2022 - User application hardening protects an organisation from a range of threats including malicious websites, advertisements running malicious scripts and exploitation of vulnerabilities in unsupported software. These attacks often take legitimate application functionality and use it for malicious purposes. User application hardening makes it harder for cybercriminals to exploit vulnerabilities or at-risk functionality in your organisation’s applications.

Recovering a compromised online account   Guidance

Nov 10, 2023 - Online accounts are important for our day-to-day activities and often store sensitive information about us. This can make them useful for cybercriminals looking to gain access to our resources or identities.

An introduction to artificial intelligence   Publication

Nov 24, 2023 - Artificial intelligence (AI) is an emerging technology that will play an increasingly influential role in the everyday life of Australians.

Personal cybersecurity: Next steps guide   Guidance

Jun 16, 2023 - The second of three cybersecurity guides in the pesonal cybersecurity series is designed to help everyday Australians understand a moderate level of cybersecurity and how to take action to protect themselves from cyberthreats.

Protect yourself  

Jul 30, 2024 - Advice and information about how to protect yourself online.

Convoluted layers: An artificial intelligence primer   Publication

May 21, 2025 - Rapid advances in artificial intelligence (AI), along with public releases of AI products, have prompted governments, businesses and criminals to accelerate efforts to incorporate this new technology into their operations. This advice provides definitions for some of the most commonly encountered AI terms in cybersecurity and a brief typology of cyberthreats that will arise from AI.

AI Data Security   Publication

May 23, 2025 - This publication provides essential data security guidance for organisations that develop and/or use AI systems, including businesses, government and critical infrastructure. It highlights the importance of data security in ensuring the accuracy and integrity of AI outcomes, and presents an in-depth examination of 3 areas of data security risks in AI systems: data supply chain, maliciously modified (poisoned) data, and data drift.

Home  

Jul 19, 2022 - Welcome to the Australian Cyber Security Centre website - cyber.gov.au

Update your devices to keep cybercriminals out   News

May 3, 2021 - Updating the software on electronic devices is one of the easiest and most important ways all Australians can defend against cybercriminals and be protected from online threats.

Cybersecurity incident response planning: Practitioner guidance   Publication

Dec 12, 2024 - ASD defines a cybersecurity incident as an unwanted or unexpected cybersecurity event, or a series of such events, that has either compromised business operations or has a significant probability of compromising business operations.

Risk management of enterprise mobility (including Bring Your Own Device)   Publication

Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.

Russian GRU targeting Western logistics entities and technology companies   Advisory

May 22, 2025 - This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies.

Resources library  

Nov 21, 2024 - Resources for individuals, families and small businesses

Alerts and advisories  

Jan 30, 2023 - Find the latest in cybersecurity alerts and advisories

Exploitation of existing Fortinet Vulnerabilities    Alert

Apr 11, 2025 - Fortinet has released information regarding exploitation of previously known vulnerabilities affecting Fortinet devices.
ASD’s ACSC recommends customers follow the advice contained in Fortinet’s advisory page.

Guidelines for cybersecurity incidents   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity incidents.

Report  

Apr 11, 2023 - Report a cybercrime, incident or vulnerability.

Security considerations for edge devices   Publication

Feb 5, 2025 - Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.

Secure by Demand   Publication

Jan 14, 2025 - This Secure by Demand guide, authored by CISA with contributions from the following partners, describes how OT owners and operators should integrate security into their procurement process when purchasing industrial automation and control systems as well as other OT products.

Protecting your family   Guidance

May 2, 2023 - Advice and guidance for parents and guardians to help children have secure experiences online.

Archived reports and statistics  

Feb 13, 2025 - Search archived report and statistics

Report and recover from account compromise   Guidance

Nov 10, 2023 - A guide to recovering your account and protecting you against future attacks.

The Commonwealth Cyber Security Posture in 2024   Reports and statistics

Dec 5, 2024 - The Commonwealth Cyber Security Posture in 2024 informs the Australian Parliament on cybersecurity measures implemented across the Australian Government for the 2023–24 financial year.

Choosing secure and verifiable technologies   Publication

Dec 5, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and international partners have provided recommendations in this guide as a roadmap for choosing secure and verifiable technologies.

Multiple vulnerabilities present in the Spring Framework for Java   Alert

Apr 4, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of media reporting relating to multiple potential vulnerabilities, including the so-called SpringShell vulnerability, in the Java Spring framework and its execution environments. These vulnerabilities pose a threat to organisations running applications on the web which contain components using the Java Spring framework.