Search

Secure your NAS device   Guidance

Nov 29, 2024 - Protect your network-attached storage (NAS) device and the important data it holds with this guide.

Personal cybersecurity: First steps guide   Guidance

Apr 14, 2023 - The first of three cybersecurity guides in the personal cybersecurity series is designed to help everyday Australians understand a basic level of cybersecurity and how to take action to protect themselves from cyberthreats.

2023-01: ASD's ACSC Ransomware Profile - Royal   Advisory

Jan 24, 2023 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.

Protecting against business email compromise   Publication

Oct 6, 2021 - Business email compromise is when malicious actors use email to abuse trust in business processes to scam organisations out of money or goods. Malicious actors can impersonate business representatives using similar names, domains or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.

ASD Cyber Threat Report 2022-2023   Reports and statistics

Nov 14, 2023 - The ASD's Cyber Threat Report is ACSC’s flagship unclassified publication. The Report provides an overview of key cyberthreats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online

Small Business Cloud Security Guides: Introduction   Publication

Dec 16, 2022 - Securing your business can be a complex task. Among the numerous security priorities and configuration options, it can be difficult to know where to begin. These guides adapt ASD's ACSC’s Essential Eight mitigation strategies and outline an example of how each can be implemented to secure Microsoft 365 capabilities. The technical examples are designed to offer significant protection against cybersecurity incidents while remaining accessible to organisations with limited resources and cybersecurity expertise.

Single Reporting Portal   Guidance

Nov 22, 2023 - To help you meet your reporting responsibilities, the Australian Government has brought together a list of Commonwealth legislative reporting requirements that could be triggered by a cybersecurity incident.

Guidelines for networking   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on networking.

Risk management of enterprise mobility (including Bring Your Own Device)   Publication

Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.

New Information Security Manual format now available   News

Sep 15, 2022 - The Information Security Manual (ISM) provides organisations with a cyber security framework that they can apply to protect their systems and data.

2019-131a: Emotet malware campaign   Alert

Oct 1, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed an ongoing and widespread campaign of malicious emails designed to spread Emotet across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure   Advisory

May 17, 2022 - The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine has altered the geopolitical balance in ways that could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

TMUI remote code execution vulnerability - CVE-2020-5902   Alert

Jul 6, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

Joint statement - attribution to Russia for malicious cyber activity against European networks   News

May 11, 2022 - Australia and international partners shine a light on Russia’s ongoing unacceptable activity in cyberspace.

Widespread outages relating to CrowdStrike software update   Alert

Jul 21, 2024 - A CrowdStrike software update has led to outages impacting Windows systems.

ASD women recognised for their contribution to the security industry   News

Oct 19, 2022 - The Australian Signals Directorate (ASD) has been recognised for its contribution to supporting women in the security industry at an awards night in Sydney.

Cyber Safety and Security in Sport   News

Jun 8, 2023 - Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is partnering with Sport Integrity Australia and the Office of the e-Safety Commissioner to deliver the Cyber Safety and Security in Sport course. The course is part of the ASD’s ACSC's commitment to work with industry and government to strengthen Australia’s cyber security posture.

VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)   Alert

Feb 25, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.

Personal cybersecurity: Advanced steps guide   Guidance

Mar 23, 2023 - The third and final cybersecurity guide in the personal cybersecurity series is designed to help everyday Australians understand an advanced level of cybersecurity and how to take action to protect themselves from cyberthreats.

Managing the risks of legacy IT: Practitioner guidance   Publication

Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.

LockBit 2.0 ransomware incidents in Australia   Alert

Aug 5, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia.

Increasing reports of myGov-related SMS and email scams targeting Australians   Alert

Jul 16, 2020 - Be on the lookout for myGov-related SMS and email scams asking you to verify your myGov details.

ASD's ACSC participation in Asia Pacific Computer Emergency Response Team (APCERT) Drill   News

Aug 24, 2022 - The ASD's ACSC has joined international partners in the annual Asia Pacific Computer Emergency Response Team (APCERT) Drill.

Cyber Security Awareness Month 2023   News

Sep 25, 2023 - October is Cyber Security Awareness Month, a time for all Australians to improve their cyber security knowledge and take action to protect their information and devices.

Preventing Web Application Access Control Abuse   Advisory

Jul 28, 2023 - The Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

Essential Eight Assessment Course   News

Jul 4, 2023 - Today, the Australian Signals Directorate has launched the Essential Eight Assessment Course pilot in collaboration with TAFEcyber.

Mandatory Incident Reporting   News

Apr 11, 2022 - New measures to enhance the cyber security of Australia’s critical infrastructure.

Remote code execution vulnerability present in Atlassian Confluence Server and Data Center   Alert

Jun 5, 2022 - A critical unauthenticated remote code execution vulnerability (CVE-2022-26134) has been identified in all supported versions of Atlassian Confluence Server and Data Center. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends organisations restrict internet access to and from affected devices.

ASD's ACSC Annual Cyber Threat Report, July 2020 to June 2021   Reports and statistics

Sep 15, 2021 - The ASD's ACSC Annual Cyber Threat Report 2020–21 has been produced by the Australian Cyber Security Centre, with contributions from the Defence Intelligence Organisation (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organisation (ASIO), The Department of Home Affairs and industry partners.

The ASD's ACSC asks, ‘Have you been hacked?’   News

Aug 16, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has launched a new online tool to help people who may be a victim of a cyber attack – Have you been hacked?