Search

Essential Eight maturity model changes   Publication

Nov 27, 2023 - This publication provides an overview of the changes for the November 2023 release.

Secure by Design foundations   Publication

Jul 30, 2024 - ASD’s ACSC's Secure by Design foundations represent a first step in a new approach to assist technology manufacturers and customers to adopt Secure by Design. While the foundations are primarily designed to foster discussion within technology manufacturers on how to best approach Secure by Design, they contain relevant information and actions for technology customers.

Patching applications and operating systems   Publication

Nov 27, 2023 - Applying patches to applications and operating systems is critical to keeping systems secure. Patching forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents.

Essential Eight maturity model FAQ   Publication

Oct 28, 2024 - This publication provides answers to frequency asked questions on how to implement the Essential Eight.

Advisory 2020-004: Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors   Advisory

May 22, 2020 - This advisory is focused around the targeting of CVE-2019-18935 but has significant overlap to the previously released ACSC 2019-126 advisory.

The Commonwealth Cyber Security Posture in 2024   Reports and statistics

Dec 5, 2024 - The Commonwealth Cyber Security Posture in 2024 informs the Australian Parliament on cybersecurity measures implemented across the Australian Government for the 2023–24 financial year.

IoT Secure by Design guidance for manufacturers   Publication

Sep 21, 2023 - This guidance has been produced for manufacturers in order to help them implement thirteen Secure by Design principles.

Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)   Advisory

Sep 22, 2020 - The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.

Shifting the Balance of Cybersecurity Risk   Publication

Oct 17, 2023 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the following international partners provide the recommendations in this guide as a roadmap for technology manufacturers to ensure security of their products.

Cybersecurity Best Practices for Smart Cities   Publication

Apr 20, 2023 - This guidance is the result of a collaborative effort from the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ).

Vulnerability in Ivanti Endpoint Manager Mobile (EPMM)   Alert

Jul 25, 2023 - This Alert is relevant to Australians who are running Ivanti EPMM. This alert is intended to be understood by slightly more technical users. Users are encouraged to immediately apply any available patches.

ASD's ACSC Annual Cyber Threat Report, July 2021 to June 2022   Reports and statistics

Nov 4, 2022 - The Annual Cyber Threat Report is the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) flagship unclassified publication. The Report provides an overview of key cyberthreats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online.

Next.js authentication bypass vulnerability (CVE-2025-29927)   Alert

Mar 25, 2025 - An authentication bypass in the middleware layer of Next.js can allow a remote attacker to bypass security checks. Customers should update to the patched version immediately.

Annual Cyber Threat Report 2023-2024   Reports and statistics

Nov 20, 2024 - ASD’s Annual Cyber Threat Report 2023–24 provides an overview of the key cyber threats impacting Australia, how ASD’s ACSC is responding and cyber security advice for Australian individuals, organisations and government to protect themselves online.

Barracuda Email Security Gateway (ESG) malicious activity – additional Indicators of Compromise released   Alert

Dec 25, 2023 - Update: ASD's ACSC is aware of active exploitation of a third party library, Spreadsheet::ParseExcel, leading to potential Arbitrary Code Execution in Barracuda ESG appliances (CVE-2023-7101 and CVE-2023-7102).

ABC Radio interview with Head of ACSC   News

Mar 31, 2021 - Abigail Bradshaw CSC, Head of Australian Cyber Security Centre, interview with Fran Kelly on ABC Radio National, 31 March 2021.

Copy-paste compromises   Alert

Sep 16, 2020 - The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source.

Guidelines for system hardening   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on system hardening.

Mitigation strategies for edge devices: Executive guidance   Publication

Feb 4, 2025 - This publication provides a high-level summary of ASD’s existing guidance to manage and secure edge devices effectively. It is intended for executives in large organisations and critical infrastructure providers that are responsible for the deployment, operation, security, and maintenance of enterprise networks. ASD is soon to release a comprehensive technical publication on mitigation strategies for edge devices for practitioners.

CVE-2024-24919 - Check Point Security Gateway Information Disclosure   Alert

May 31, 2024 - The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor.

Cyber threat actors compromising networks of major global telecommunications providers    News

Dec 4, 2024 - New guidance is available for network defenders of communications infrastructure to strengthen visibility and harden devices against PRC-affiliated and other malicious cyber actors.

Head ACSC Address to AISA Cyber Conference 2021   News

Mar 17, 2021 - The Future of Cyber Security in Australia’ – Address by Abigail Bradshaw CSC, on 15 March 2021 Canberra Convention Centre.

2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway   Advisory

Jan 13, 2020 - On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.

Suspected user credentials stolen from FortiNet devices leaked online   Alert

Sep 10, 2021 - A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.

Gateway security guidance package: Gateway operations and management   Publication

Jul 29, 2022 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

Potential SolarWinds Orion compromise   Alert

Jan 25, 2021 - FireEye identifies global campaign leveraging malicious updates to SolarWinds software.

ASD Cyber Threat Report 2022-2023   Reports and statistics

Nov 14, 2023 - The ASD's Cyber Threat Report is ACSC’s flagship unclassified publication. The Report provides an overview of key cyberthreats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online

Detecting and mitigating Active Directory compromises   Publication

Jan 22, 2025 - This publication provides an overview of techniques used to compromise Active Directory, and recommended strategies to mitigate these techniques. By implementing the recommendations in this publication, organisations can significantly improve their Active Directory security, and therefore their overall network security posture.

Revised patch released to disable mitigation against Spectre variant 2   Advisory

Jan 29, 2020 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.

Protecting Against Cyber Threats to Managed Service Providers and their Customers   Advisory

May 12, 2022 - This advisory describes cybersecurity best practices for information and communications technology (ICT), focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data.