You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying results for Displaying 121 - 150 of 517 results.
Cybercrime - getting help Guidance
Apr 11, 2023 If something has knocked you offline, check out the following information to help you get back up and running!
The Commonwealth Cyber Security Posture in 2023 Reports and statistics
Nov 16, 2023 The Commonwealth Cyber Security Posture in 2023 informs Parliament on the implementation of cyber security measures across the Australian Government for the 2022–23 financial year. According to the Flipchart of PGPA Act Commonwealth entities and companies, as of 30 June 2023 the Australian Government comprised 100 non-corporate Commonwealth entities (NCEs), 72 corporate Commonwealth entities (CCEs) and 17 Commonwealth companies (CCs); totalling 189 Australian government entities.
Health Sector Snapshot News
Feb 10, 2021 This Sector Snapshot is designed to enhance awareness of key cyber security threats in the health sector and advise executives and cyber security professionals within the health sector on what they can do to protect their organisation from cyber threats. This report provides a high-level overview of the cyber security environment from 1 January to 31 December 2020.
Glossary
List of glossary terms used on cyber.gov.au website
PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure Advisory
Feb 8, 2024 The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.
Deploying AI Systems Securely Publication
Apr 16, 2024 AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.
Gateway Security Guidance Package: Gateway Security Principles Publication
Jul 29, 2022 Guidance written for audiences responsible for the procurement, operation and management of gateways.
Practical Cyber Security Tips for Business Leaders Publication
Jan 17, 2024 Business leaders can be appealing targets for malicious actors due to the sensitive information they can access, the important people they interact with and the influence they hold. This publication includes a checklist of practical tips business leaders can implement to improve their cyber security. The checklist is followed by a brief explanation of each tip and why it is recommended.
Potential SolarWinds Orion compromise Alert
Jan 25, 2021 FireEye identifies global campaign leveraging malicious updates to SolarWinds software.
Engaging with Artificial Intelligence Publication
Jan 24, 2024 The purpose of this paper is to provide organisations with guidance on how to use Artificial Intelligence (AI) systems securely. The paper summarises some important threats related to AI systems and includes cyber security mitigation strategies to aid organisations in engaging with AI while managing risk. It provides mitigations to assist both organisations that maintain their own AI systems and organisations that use third-party AI systems.
Report and recover from ransomware Guidance
Jul 14, 2023 Learn where to get help from a ransomware attack, and steps to protect yourself against future incidents.
Ransomware Threat
Read through the following case studies and learn from other Australians about how ransomware has affected them.
2020-013 Ransomware targeting Australian aged care and healthcare sectors Advisory
Aug 2, 2020 Recently there has been a significant increase in healthcare or COVID-19 themed malicious cyber activity, including targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the ‘Maze’ ransomware.
Email scammers impersonating the ASD's ACSC Alert
Aug 28, 2024 Email scammers are impersonating the ASD's ACSC sending out phishing emails to the public with the email content suggesting to download a malicious antivirus program.
Managed Service Providers – How to Manage Risk to Customer Networks Publication
Oct 6, 2021 There are several mitigation strategies that managed service providers can implement to protect their own networks and manage the security risks posed to their customers’ networks.
Advisory 2020-004: Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors Advisory
May 22, 2020 This advisory is focused around the targeting of CVE-2019-18935 but has significant overlap to the previously released ACSC 2019-126 advisory.
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities Advisory
Nov 22, 2021 Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organisations.
Essential Eight Maturity Model Publication
Nov 27, 2023 This publication provides advice on how to implement the Essential Eight.
Secure-by-Design Foundations Guidance
Jul 30, 2024 ASD’s ACSC's Secure-by-Design Foundations (the Foundations) represent a first step in a new approach to assist technology manufacturers and customers to adopt Secure-by-Design. While the Foundations are primarily designed to foster discussion within technology manufacturers on how to best approach Secure-by-Design, they contain relevant information and actions for technology customers.
Cyber resources for small businesses News
Feb 11, 2022 Last December, the Council of Small Business Organisations Australia (COSBOA) co-hosted an Act Now, Stay Secure breakfast at the National Portrait Gallery, along with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the Department of Home Affairs.
2021-009: Malicious actors deploying Gootkit Loader on Australian Networks Advisory
Aug 27, 2021 From April 2021, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has received an increase in reporting of malicious actors targeting Australian networks with Gootkit JavaScript (JS) Loaders. Open-source reporting confirms that Gootkit JS Loaders are a precursor to several malware families traditionally used for cybercrime, notably, Gootkit, REvil ransomware, Kronos, or CobaltStrike. The ASD’s ACSC is providing this information to enable organisations to undertake their own risk assessments and take appropriate actions to secure their systems and networks. The ASD’s ACSC will update this advisory if more information becomes available.
2020 Health Sector Snapshot Reports and statistics
Feb 22, 2021 This Sector Snapshot is designed to enhance awareness of key cyber security threats in the health sector and advise executives and cyber security professionals within the health sector on what they can do to protect their organisation from cyber threats. This report provides a high-level overview of the cyber security environment within the health sector over a twelve month period (1 January to 31 December 2020).
Summary of Tactics, Techniques and Procedures Used to Target Australian Networks Advisory
May 20, 2020 This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.
Australian Information Security Evaluation Program (AISEP) Program page
May 31, 2024 The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyber threats. These evaluation activities are certified by the Australian Certification Authority (ACA).
How to Manage Your Security When Engaging a Managed Service Provider Publication
Oct 6, 2021 Understand the actions organisations can take to manage the security risks posed by engaging and authorising network access for managed service providers.
Report and recover from hacking Guidance
Apr 11, 2023 If someone has stolen your money or personal information, find out what to do and who to contact. We also provide advice on how to avoid scams in future.
Secure your Wi-Fi and router Guidance
Oct 29, 2024 How to make your software, devices and networks harder to access and more resilient to attack.
Quishing Threat
Nov 2, 2023 Quishing is a form of phishing attack that uses QR codes instead of text-based links in phishing emails, digital platforms or on physical items. Quishing is a social engineering technique used by scammers and malicious cyber threat actors to trick their victims into providing sensitive personal information or downloading malware onto their devices.
Types of scams Guidance
Learn about the common types of scams, how to identify them and how to recover from them.
Remote code execution vulnerability present in the Windows Scripting Engine of Microsoft Windows Alert
Sep 16, 2021 A vulnerability exists in a component of Microsoft Windows. A malicious cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian customers should apply the security update provided by Microsoft.
