You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 181 - 210 of 374 results.
#StopRansomware: Play ransomware Advisory
Jun 5, 2025 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
Copy-paste compromises Alert
Sep 16, 2020 - The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source.
Barracuda Email Security Gateway (ESG) malicious activity – additional Indicators of Compromise released Alert
Dec 25, 2023 - Update: ASD's ACSC is aware of active exploitation of a third party library, Spreadsheet::ParseExcel, leading to potential Arbitrary Code Execution in Barracuda ESG appliances (CVE-2023-7101 and CVE-2023-7102).
Annual Cyber Threat Report 2023-2024 Reports and statistics
Nov 20, 2024 - ASD’s Annual Cyber Threat Report 2023–24 provides an overview of the key cyber threats impacting Australia, how ASD’s ACSC is responding and cyber security advice for Australian individuals, organisations and government to protect themselves online.
Managing cryptographic keys and secrets Publication
Aug 26, 2025 - This guide has been developed to help organisational personnel in understanding the threat environment and the value of implementing secure keys and secrets management to make better informed decisions.
Small business
Jun 15, 2023 - Basic steps to protect your business and staff from cyberthreats. Our guide has information and resources to help you and your staff prepare for cyberattacks.
Guidelines for procurement and outsourcing Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on procurement and outsourcing activities.
Head ACSC Address to AISA Cyber Conference 2021 News
Mar 17, 2021 - The Future of Cyber Security in Australia’ – Address by Abigail Bradshaw CSC, on 15 March 2021 Canberra Convention Centre.
2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway Advisory
Jan 13, 2020 - On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.
CVE-2024-24919 - Check Point Security Gateway Information Disclosure Alert
May 31, 2024 - The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor.
Suspected user credentials stolen from FortiNet devices leaked online Alert
Sep 10, 2021 - A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.
ASD Cyber Threat Report 2022-2023 Reports and statistics
Nov 14, 2023 - The ASD's Cyber Threat Report is ACSC’s flagship unclassified publication. The Report provides an overview of key cyber threats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online
Protecting Against Cyber Threats to Managed Service Providers and their Customers Advisory
May 12, 2022 - This advisory describes cybersecurity best practices for information and communications technology (ICT), focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data.
Potential SolarWinds Orion compromise Alert
Jan 25, 2021 - FireEye identifies global campaign leveraging malicious updates to SolarWinds software.
2021-010: ASD's ACSC Ransomware Profile - Conti Advisory
Mar 4, 2022 - Conti is a ransomware variant first observed in early 2020, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Conti is offered as a Ransomware-as-a-Service (RaaS), enabling affiliates to utilise it as desired, provided that a percentage of the ransom payment is shared with the Conti operators as commission. This product provides information related to Conti’s background, threat activity, and mitigation advice.
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability Advisory
Nov 29, 2023 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
Revised patch released to disable mitigation against Spectre variant 2 Advisory
Jan 29, 2020 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.
Guidelines for cybersecurity roles Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity roles.
Cyber threat actors compromising networks of major global telecommunications providers News
Dec 4, 2024 - New guidance is available for network defenders of communications infrastructure to strengthen visibility and harden devices against PRC-affiliated and other malicious cyber actors.
Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure Advisory
Sep 6, 2024 - The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.
Cyber Security Awareness Month 2025
Sep 30, 2024 - Take action to protect your networks and digital infrastructure now and into the future.
2021-006: ASD's ACSC Ransomware Profile - Lockbit 2.0 Advisory
Aug 5, 2021 - The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.
Mitigation strategies for edge devices: Executive guidance Publication
Feb 4, 2025 - This publication provides a high-level summary of ASD’s existing guidance to manage and secure edge devices effectively. It is intended for executives in large organisations and critical infrastructure providers that are responsible for the deployment, operation, security, and maintenance of enterprise networks. ASD is soon to release a comprehensive technical publication on mitigation strategies for edge devices for practitioners.
Advice for Malicious Cyber Activity by Iran News
Sep 15, 2022 - Australian organisations are urged to be alert to continued malicious cyber activity conducted by Advanced Persistent Threat (APT) actors, assessed to be affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).
2023-03: ASD's ACSC Ransomware Profile – Lockbit 3.0 Advisory
Jun 15, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of Lockbit 3.0 which is the newest version of Lockbit ransomware. It is used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes as other variants such as encrypting their data, and extorting a ransom to return access to the sensitive files.
Exploring memory safety in critical open source projects Publication
Jun 27, 2024 - This publication follows the December 2023 release of The Case for Memory Safe Roadmaps, which recommended software manufacturers create memory safe roadmaps, including plans to address memory safety in external dependencies, which commonly include open source software (OSS). Today’s publication provides a starting point for these roadmaps by investigating the scale of memory safety risk in selected OSS.
2023-01: ASD's ACSC Ransomware Profile - Royal Advisory
Jan 24, 2023 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.
Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services Advisory
May 8, 2020 - The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:
Strategies to mitigate cybersecurity incidents: Mitigation details Publication
Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cybersecurity professionals in all organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
2022-02: Australian organisations should urgently adopt an enhanced cyber security posture Advisory
Apr 28, 2022 - Entities should follow ACSC advice and act on improving their resilience within a heightened threat environment.
