Search

People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations   Advisory

Sep 19, 2024 - Cyber actors may have used botnet to compromise thousands of Internet-connected devices.

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities   Advisory

Dec 23, 2021 - Malicious cyber actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited. This joint Cybersecurity Advisory is to provide mitigation guidance on addressing vulnerabilities.

New zero trust guidance – seeking industry feedback   News

Feb 10, 2025 - Have your say on new Foundations for modern defensible architectures, including zero trust and secure-by-design principles.

Secure your Wi-Fi and router   Guidance

Oct 29, 2024 - How to make your software, devices and networks harder to access and more resilient to attack.

Security configuration guide: Viasat Mobile Dynamic Defense   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Viasat MDD devices and the security requirements that need to be met to allow them to handle classified data.

Further cyber sanctions in response to Medibank Private cyberattack   News

Feb 12, 2025 - Today Australia has imposed targeted financial and travel sanctions on a cyber infrastructure entity – ZServers – and five of its Russian employees for their roles in providing infrastructure to host and disseminate data stolen from Medibank Private in 2022.

Preventing Web Application Access Control Abuse   Advisory

Jul 28, 2023 - The Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

Password managers   Guidance

May 12, 2025 - Learn how to create and store passwords in a secure location for your important accounts.

Cloud computing security for executives   Publication

Jan 18, 2024 - This publication is designed to provide executives from organisations looking to utilise cloud computing services an overview of the components that make up ‘cloud’ and help understand the security risks to be considered when using cloud computing.

Ten things to know about data security   Publication

May 16, 2024 - This publication has been developed to assist business owners and information technology managers, particularly those unfamiliar with cybersecurity, with ten things they should know about data security.

Cybersecurity terminology   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity terminology.

Antivirus software   Guidance

Apr 11, 2023 - The consequences of viruses, spyware and other malicious software can be serious and far reaching. Follow our guidance about using antivirus software.

Small Business Cloud Security Guides: Executive Overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

Cyber Security Awareness Month 2024   News

Oct 1, 2024 - October is Cyber Security Awareness Month, a time for all Australians to talk about cyber security and take action to protect their devices and accounts.

Critical security vulnerability affecting Apache Struts2 below 6.4.0.   Alert

Dec 13, 2024 - ASD’s ACSC is aware of a critical vulnerability impacting Apache Struts2 below 6.4.0 (CVE-2024-53677).

Do you purchase technology for your organisation?   News

Dec 5, 2024 - Updated guidance and new guidance for executives now available for Choosing secure and verifiable technologies.

Cyber Security for Operational Technology   News

Oct 2, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released new guidance to help critical infrastructure protect their systems and online supply chains.

New joint advisory on Russian military cyber tactics released   News

Sep 6, 2024 - Russian military cyber tactics, techniques and procedures targeting global critical infrastructure exposed in new joint advisory.

Summary of Tradecraft Trends for 2019-20   Alert

May 20, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far.

Critical Vulnerability affecting Fortinet’s FortiClientEMS   Alert

Mar 22, 2024 - ASD’s ACSC is aware of a critical vulnerability (CVE-2023-48788) affecting Fortinet’s FortiClientEMS. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.

Windows event logging and forwarding   Publication

Oct 6, 2021 - This publication has been developed as a guide to the setup and configuration of Microsoft Windows event logging and forwarding.

PRC state-sponsored cyber group APT40’s expanding tradecraft and tactics    News

Jul 9, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released a new joint advisory with international partners on the People’s Republic of China (PRC) Ministry of State Security (MSS) tradecraft in action.

New fact sheet for critical infrastructure leaders – actions to mitigate PRC state-sponsored cyber activity   News

Mar 20, 2024 - The fact sheet provides guidance for critical infrastructure leadership to protect their infrastructure and critical functions from Volt Typhoon – a state-sponsored cyber actor linked to the People’s Republic of China (PRC).

Domain Name System security for domain owners   Publication

Oct 6, 2021 - This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

Small Business Cloud Security Guides: Technical Example - Application Control   Publication

Dec 16, 2022 - Application control restricts the ability of an application to run or install on a device. Application control makes it harder for users to intentionally or unintentionally install unwanted or malicious software.

An introduction to Artificial Intelligence   News

Nov 24, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released an introduction to Artificial Intelligence (AI).

Ransomware targeting Australian aged care and healthcare sectors   Alert

Aug 2, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of increased targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.

Secure-by-Design Foundations   News

Jul 31, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has released updated guidance to help technology manufacturers and those who use their digital product or service to adopt secure-by-design principles.

System monitoring  

Dec 3, 2020 - This page lists publications on performing effective system monitoring.

TMUI remote code execution vulnerability - CVE-2020-5902   Alert

Jul 6, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.