Search

Revised patch released to disable mitigation against Spectre variant 2   Advisory

Jan 29, 2020 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.

Securing PowerShell in the enterprise   Publication

Oct 6, 2021 - This publication describes a maturity framework for PowerShell, balancing the security and business requirements of organisations. This framework enables organisations to take incremental steps towards securing PowerShell across their environment.

Guidelines for personnel security   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.

SonicWall devices targeted with ransomware utilising stolen credentials   Alert

Aug 3, 2021 - SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of likely related activity targeting Australian organisations.

Small business cloud security guides  

Apr 2, 2024 - ASD's ACSC has released a series of guides designed to help small businesses secure their cloud environment.

Increase in denial-of-service (DoS) attacks against Australian organisations   Advisory

Mar 17, 2025 - ASD's ACSC is aware of an increase in denial-of-service (DoS) attacks, where malicious actors flood websites with internet traffic, making it difficult for legitimate users to access them.

IRAP assessment feedback form   Service

Feb 1, 2021 - IRAP Assessment feedback form for IRAP assessments

Critical vulnerability for SAP NetWeaver Application Server (CVE-2020-6287)   Alert

Jul 14, 2020 - On 13 July 2020 (United States EST), enterprise resource planning provider SAP released a security patch for a critical vulnerability affecting the Java component LM Configuration Wizard within the SAP NetWeaver Application Server.

Mandatory Incident Reporting   News

Apr 11, 2022 - New measures to enhance the cyber security of Australia’s critical infrastructure.

日本語 (Japanese)   Guidance

Apr 19, 2024 - The information and resources available are intended to increase your safety online and have been translated into Japanese.

हिंदी (Hindi)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Hindi.

中文简体 (Simplified Chinese)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Chinese Simplified.

한국어 (Korean)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Korean.

中文繁體 (Traditional Chinese)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Chinese Traditional.

العربية (Arabic)    Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Arabic.

ਪੰਜਾਬੀ (Punjabi)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into Punjabi.

ไทย (Thai)   Guidance

Aug 17, 2023 - The information and resources available are intended to increase your safety online and have been translated into ไทย.

Critical vulnerabilities in Ingress-NGINX Controller for Kubernetes   Alert

Mar 26, 2025 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of critical vulnerabilities affecting Ingress-NGINX Controller for Kubernetes. Customers should update to the latest patched version immediately.

Next.js authentication bypass vulnerability (CVE-2025-29927)   Alert

Mar 25, 2025 - An authentication bypass in the middleware layer of Next.js can allow a remote attacker to bypass security checks. Customers should update to the patched version immediately.

Small Business Cloud Security Guides: Introduction   Publication

Dec 16, 2022 - Securing your business can be a complex task. Among the numerous security priorities and configuration options, it can be difficult to know where to begin. These guides adapt ASD's ACSC’s Essential Eight mitigation strategies and outline an example of how each can be implemented to secure Microsoft 365 capabilities. The technical examples are designed to offer significant protection against cybersecurity incidents while remaining accessible to organisations with limited resources and cybersecurity expertise.

Securing customer personal data   Guidance

Jul 30, 2024 - This guide is focused specifically on the protection of customers’ personal data. Guidance on general cybersecurity for businesses can be found in the Small business cybersecurity guide and the Strategies to mitigate cybersecurity incidents published by ASD’s ACSC.

Guidelines for communications systems   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications systems.

Joint advisory on top cyber vulnerabilities   News

Jul 28, 2021 - The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.

Planning for post-quantum cryptography   Publication

Aug 25, 2023 - A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography insecure, thus making ubiquitous secure communications based on current public key cryptography technology infeasible. As the creation of a CRQC presents new cybersecurity risks, organisations are encouraged to consider anticipating future requirements and dependencies of vulnerable systems during the transition to post-quantum cryptography (PQC) standards.

Cybersecurity incident response planning: Executive guidance    Publication

Dec 12, 2024 - The Australian Signals Directorate (ASD) is responsible for monitoring and responding to cyberthreats targeting Australian interests. Reporting cybersecurity incidents to ASD ensures that timely assistance can be provided, if required. This may be in the form of investigations or remediation advice.

Vulnerability in Fortinet’s FortiManager   Alert

Oct 24, 2024 - The ASD’s ACSC is aware of a vulnerability affecting all versions of Fortinet's FortiManager device that enables an unauthorised actor access to the FortiManager console (CVE-2024-47575). FortiManager devices provide centralised management of Fortinet devices from a single console.

Questions to ask managed service providers   Publication

Oct 6, 2021 - Asking the right questions to managed service providers can help organisations better understand the cybersecurity of their systems and the services they provide.

Critical vulnerability in Ivanti CSA 4.6 (Cloud Services Appliance)   Alert

Sep 20, 2024 - Ivanti has released a security advisory addressing a critical vulnerability affecting Ivanti CSA 4.6 (Cloud Services Appliance). The vulnerability affects Ivanti CSA 4.6 before Patch 519.

Cloud assessment and authorisation FAQ   Publication

Jan 18, 2024 - This publication provides answers to frequently asked questions on the Australian Signals Directorate (ASD)’s assessment and authorisation framework for cloud service providers (CSPs) and their cloud services.

CVE-2024-24919 - Check Point Security Gateway Information Disclosure   Alert

May 31, 2024 - The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor.