You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 91 - 120 of 374 results.
Potential Accellion File Transfer Appliance compromise Alert
Feb 25, 2021 - The ACSC has identified Australian organisations that may have been impacted by the Accellion File Transfer Appliance vulnerability and have provided mitigation recommendations.
Netlogon elevation of privilege vulnerability (CVE-2020-1472) Alert
Sep 22, 2020 - The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.
Cybercriminals scanning Australian entities for serious cyber vulnerability News
Dec 21, 2021 - Australians must urgently patch applications and software products as malicious cyber adversaries conduct thousands of scans in search of the vulnerability related to the critical Log4j software flaw.
Vulnerability Affecting BlackBerry QNX RTOS Advisory
Aug 17, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a vulnerability affecting the BlackBerry QNX, the world’s most prevalent real time operating system.
Critical Vulnerability in FortiOS Alert
Feb 9, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is aware of a critical (9.6) vulnerability (CVE-2024-21762) in Fortinet FortiOS devices.
Australians urged to act on cyber alert News
Dec 15, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued an alert on a vulnerability in the Apache Log4j software library that exposed systems to potential cyberattack.
Remote Code Execution Vulnerability In Confluence Data Center and Confluence Server Alert
Jan 17, 2024 - ASD’s ACSC is aware of a vulnerability in Confluence Data Center and Confluence Server (CVE-2023-22527). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.
FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability Alert
Jan 15, 2025 - Fortinet has released information regarding an identified vulnerability in FortiOS version 7.0 and FortiProxy versions 7.0 and 7.2 instances. ASD’s ACSC recommends customers follow the advice contained in Fortinet’s notification.
Critical vulnerability in ConnectWise’s ScreenConnect Alert
Feb 25, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre ( ASD’s ACSC) is aware of a critical vulnerability affecting ConnectWise’s ScreenConnect. Customers should update to the patched version immediately.
2020-011: Critical Vulnerability in SAP NetWeaver Application Server (CVE-2020-6287) Advisory
Jul 14, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends users of these products urgently apply available security patches to prevent an adversary from exploiting this vulnerability.
ASD's ACSC and international partners encourage action to mitigate risks for Log4j vulnerability News
Dec 23, 2021 - ASD's ACSC and cyber security agency partners have issued a joint statement and advisory on the Log4j vulnerability providing technical details, mitigations and resources to help address the critical software flaw.
Vulnerability Affecting BlackBerry QNX RTOS Alert
Aug 18, 2021 - BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.
Microsoft Releases Security Updates for Microsoft Edge Browser Alert
Jun 30, 2021 - On June 24 2021, Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.
Technical example: Patch applications Publication
Mar 1, 2023 - Patching applications is one of the most effective controls an organisation can implement to prevent cyber criminals from gaining access to their devices and sensitive information. Patches improve the security of applications by fixing known vulnerabilities.
Remote code execution vulnerability present in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component Alert
Nov 11, 2021 - A vulnerability has been identified in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component. Affected Australian organisations should apply the available update as soon as possible.
Vulnerability in Progress Kemp products Alert
Feb 22, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-1212) that affects all Progress Kemp LoadMaster releases after 7.2.48.1. Organisations are strongly encouraged to take immediate action to patch relevant systems.
Critical Vulnerability affecting Fortinet’s FortiClientEMS Alert
Mar 22, 2024 - ASD’s ACSC is aware of a critical vulnerability (CVE-2023-48788) affecting Fortinet’s FortiClientEMS. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.
Critical vulnerability identified in Apple iOS and macOS Alert
Feb 12, 2022 - A Remote Code Execution vulnerability has been identified in certain versions of Apple WebKit, affecting iOS and macOS devices. Affected users of these devices should update their devices as soon as possible.
Meltdown and Spectre patches unsuitable for some security products Advisory
Jan 11, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of reporting that a variety of security products (e.g. antivirus solutions) are incompatible with Microsoft's patches for the Meltdown and Spectre vulnerabilities.
Security considerations for edge devices Publication
Feb 5, 2025 - Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.
Ivanti Sentry Authentication Bypass Vulnerability Alert
Aug 22, 2023 - An authentication bypass vulnerability (CVE-2023-38035) has been identified that allows unauthorised access to sensitive APIs which can be used to set configuration parameters on the administrator portal (MICS).
Technical example: Patch operating systems Publication
Dec 16, 2022 - Patching operating systems is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to their devices and sensitive information. Patches improve the security of operating systems by fixing known vulnerabilities.
Vulnerability in Fortinet’s FortiManager Alert
Oct 24, 2024 - The ASD’s ACSC is aware of a vulnerability affecting all versions of Fortinet's FortiManager device that enables an unauthorised actor access to the FortiManager console (CVE-2024-47575). FortiManager devices provide centralised management of Fortinet devices from a single console.
Critical severity vulnerability in Fortinet FortiOS SSL-VPN Alert
Dec 13, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a heap-based buffer overflow vulnerability in FortiOS SSL-VPN. All Australian organisations should apply the available patch immediately.
Critical vulnerability in certain Hikvision products, IP cameras Alert
Sep 22, 2021 - A critical vulnerability exists in Hikvision products, including IP cameras, which could allow a cyber actor to take full control of the device. Affected Australian customers should apply an appropriate firmware update provided by Hikvision.
Critical vulnerability present in SAP Internet Communication Manager Alert
Feb 11, 2022 - A vulnerability has been identified in SAP Internet Communication Manager (ICM), a component of many SAP products, which may allow full system takeover. Affected organisations should apply the available security update.
Remote code execution vulnerability in Windows DNS (CVE-2020-1350) Alert
Jul 15, 2020 - On 14 July 2020, Microsoft acknowledged a critical remote code execution vulnerability in Windows Domain Name System (DNS), which could allow an adversary to run arbitrary code.
Exploitation of Microsoft Office vulnerability: Follina Alert
Jun 15, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of the Follina zero-day vulnerability in the Microsoft Support Diagnostic Tool (CVE-2022-30190). Affected Australian organisations should take appropriate action.
High Severity vulnerability present in OpenSSL version 3.x Alert
Nov 2, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a buffer overrun and buffer overflow vulnerability in OpenSSL versions above to 3.0. All Australian organisations using version 3.x should apply the available patch immediately.
Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457) Alert
Apr 4, 2025 - Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD’s ACSC recommends customers follow the advice contained in Ivanti’s Security Advisory and assess their environments for malicious activity.
