You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying results for Displaying 211 - 240 of 517 results.
Malicious actors deploying Gootkit Loader on Australian Networks Alert
Aug 27, 2021 Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed an increase of Gootkit JavaScript (JS) Loaders on Australian networks.
Multiple key vulnerabilities identified in Microsoft products Alert
Oct 13, 2021 Multiple key vulnerabilities were identified in Microsoft’s 12 October 2021 patch release. While all vulnerabilities addressed in this release are important to mitigate the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) wishes to highlight several vulnerabilities for priority consideration.
Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services Alert
Sep 16, 2021 A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.
Remote code execution vulnerability present in Samba versions prior to 4.13.17 Alert
Feb 4, 2022 A vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Exploitation of this vulnerability could allow a malicious cyber actor to perform privileged remote code execution. Affected Australian organisations should apply the available patch, including affected software vendors.
Remote code execution vulnerability present in Sophos Firewall Alert
Mar 30, 2022 A vulnerability (CVE-2022-1040) has been identified in Sophos Firewall prior to version 18.5 which could allow a malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.
Cancel COVID-19 cybercrime
Oct 18, 2022 Cybercriminals are adapting their methods to take advantage of the COVID-19 pandemic. We continue to receive reports from individuals, businesses and government departments about a range of different COVID-19-themed scams, online fraud and phishing campaigns.
Back to school with cyber secure devices News
Feb 4, 2022 As children return to school, Australian parents are urged to make devices like mobile phones and laptop computers more cyber secure and to teach their children about cyber security, with 2022 set to be another year of hybrid learning for most families.
2022 Top Routinely Exploited Vulnerabilities Advisory
Aug 4, 2023 This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).
Exercise in a Box is here News
Nov 17, 2022 This service provides an all in one platform that your organisation can use to assess and improve its cyber security practices in your own time, in a safe environment, and as many times as you want.
Planning for Critical Vulnerabilities – What Boards Need to Know Publication
Dec 14, 2023 This publication provides information on why it is important that Boards and their Directors are aware of and plan for critical vulnerabilities that have the potential to cause major cyber security incidents.
Multiple Vulnerabilities in VMware vRealize Hyperic monitoring and performance management product Alert
Nov 8, 2022 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has identified a number of critical vulnerabilities affecting VMware’s vRealize Hyperic monitoring and performance management product.
Suspected user credentials stolen from FortiNet devices leaked online Alert
Sep 10, 2021 A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.
Using Remote Desktop Clients Publication
Oct 6, 2021 Remote access solutions are increasingly being used to access organisations’ systems and data. One common method of enabling remote access is to use a remote desktop client. This publication provides guidance on security risks associated with the use of remote desktop clients.
Microsoft Exchange ProxyShell Targeting in Australia Alert
Aug 19, 2021 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.
Questions to Ask Managed Service Providers Publication
Oct 6, 2021 Asking the right questions to managed service providers can help organisations better understand the cyber security of their systems and the services they provide.
Serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket Alert
Dec 7, 2023 The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about serious vulnerabilities in certain Atlassian products (CVE-2023-22522, CVE-2023-22523 and CVE-2022-1471) which are fixed by recent patches. Operators are urged to review Atlassian’s advice and implement recommended mitigations before exploitation begins.
How to secure your device
Jul 30, 2024 Devices such as phones, tablets and laptops have become an essential part of our modern life. Learn how to protect your personal information on your devices.
Report and recover
Resources for business and government
Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange. Alert
Oct 10, 2022 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Servers 2013, 2016 and 2019 (Exchange).
Advice for Malicious Cyber Activity by Iran News
Sep 15, 2022 Australian organisations are urged to be alert to continued malicious cyber activity conducted by Advanced Persistent Threat (APT) actors, assessed to be affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).
Guidelines for Communications Infrastructure Advice
Sep 26, 2024 This chapter of the Information Security Manual (ISM) provides guidance on communications infrastructure.
2021 Top Routinely Exploited Vulnerabilities Advisory
Apr 28, 2022 This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
Recovering compromised bank accounts and online payment accounts Guidance
Nov 10, 2023 Bank accounts are among the most important accounts to us and the most prized accounts to cybercriminals.
Protect your children online: A guide to cyber security for parents and carers Guidance
May 2, 2024 The steps in this guide can help you ensure that your children stay safe and secure online.
Exploitation of Unitronics Programmable Logic Controllers (PLCs) Alert
Dec 5, 2023 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is concerned about global exploitation of Programmable Logic Controllers (PLC) and is aware of reports of compromise of these devices in Australia. These devices are present in a number of critical sectors such as water, energy, fuel and healthcare.
Educational pack for seniors Guidance
Jun 23, 2023 This educational pack provides engaging content to help seniors learn how to stay cyber secure. Practical steps and topics range from a basic to advanced level.
Critical Vulnerability in popular Java framework Apache Struts2 Alert
Dec 14, 2023 The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is concerned about a critical Remote Code Execution (RCE) vulnerability in Apache Struts2. This primarily affects Java applications which use this framework. Apache Struts2 is widely used in enterprise and bespoke Java applications.
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection Advisory
May 25, 2023 The People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection joint advisory provides examples of the cyber actor’s commands, along with detection signatures to aid network defenders in hunting for this activity.
Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities Alert
Nov 29, 2023 A malicious actor can exploit the vulnerability to execute code remotely without authentication. Organisations using Citrix products NetScaler ADC and NetScaler Gateway, possibly including Government and medium to large organisations. Ensure the latest release of NetScaler ADC and NetScaler Gateway have been installed.
