Search

Cyber Incident Management Arrangements for Australian Governments Publication

Sep 18, 2023 The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.

Implementing Certificates, TLS, HTTPS and Opportunistic TLS Publication

Oct 6, 2021 Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information.

The silent heist: cybercriminals use information stealer malware to compromise corporate networks Advisory

Sep 2, 2024 Information stealer malware steals user login credentials and system information that cyber threat actors exploit, predominantly for monetary gain. Information stealers have been observed in attacks against multiple organisations and sectors worldwide, including Australia. This advisory provides readers with cyber security guidance on information stealers, including threat activity and mitigation advice for individuals and organisations.

Security tips for remote working Guidance

Jul 29, 2024 As an employee, you may be more at risk when working away from the office. Learn how to stay secure while working from home or remotely.

Secure your mobile phone Guidance

Nov 12, 2024 The security of your mobile phone can be as crucial as your computer. Follow these steps to protect your phone or tablet from cybercriminals.

Alerts and advisories

Jan 30, 2023 Find the latest in cyber security alerts and advisories

Report and recover from identity theft Guidance

Nov 14, 2024 Know where to make a report and get help if someone has stolen your personal or business identity.

Antivirus software Guidance

Apr 11, 2023 The consequences of viruses, spyware and other malicious software can be serious and far reaching. Follow our guidance about using antivirus software.

Domain Name System Security for Domain Owners Publication

Oct 6, 2021 This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

Threats

Common online security risks and advice on what you can do to protect yourself.

Recovering a compromised email account Guidance

Nov 10, 2023 Email accounts are valuable targets for cybercriminals. Not just because they store sensitive messages, but also because they can be used to impersonate the account owner, to spread scams, and to perform password resets.

Quishing Threat

Nov 2, 2023 Quishing is a form of phishing attack that uses QR codes instead of text-based links in phishing emails, digital platforms or on physical items. Quishing is a social engineering technique used by scammers and malicious cyber threat actors to trick their victims into providing sensitive personal information or downloading malware onto their devices.

Protect yourself from scams

Feb 3, 2025 Protect your accounts by recognising and reporting scams.

Password managers Guidance

Jul 10, 2024 Learn how to create and store passwords in a secure location for your important accounts.

Understanding Ransomware Threat Actors: LockBit Advisory

May 8, 2024 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) alongside international partners have released a joint advisory on the ransomware variant LockBit. It functions as an affiliate-based Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure.

2021 Top Malware Strains Advisory

Aug 5, 2022 This joint Cybersecurity Advisory (CSA) was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).

An Introduction to Artificial Intelligence Publication

Nov 24, 2023 Artificial Intelligence (AI) is an emerging technology that will play an increasingly influential role in the everyday life of Australians.

COVID-19 themed malicious cyber activity Advisory

Mar 27, 2020 This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

Report and recover from malware Guidance

Nov 10, 2023 If you’ve fallen victim to a malware attack, find out what to do and who to contact.

Security Configuration Guide – Viasat Mobile Dynamic Defense Publication

Oct 6, 2021 ASD has developed this guide to assist Australian’s to understand risks when deploying Viasat MDD devices and the security requirements that need to be met to allow them to handle classified data.

2020-013 Ransomware targeting Australian aged care and healthcare sectors Advisory

Aug 2, 2020 Recently there has been a significant increase in healthcare or COVID-19 themed malicious cyber activity, including targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the ‘Maze’ ransomware.

Accessibility

Feb 15, 2021 Under the Disability Discrimination Act 1992, Australian Government agencies are required to ensure information and services are provided in a non-discriminatory, accessible manner.

ASD's ACSC Annual Cyber Threat Report, July 2019 to June 2020 Reports and statistics

Sep 3, 2020 This report has been jointly produced by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the ACIC and the AFP, and is the first unclassified annual threat report since the ASD's ACSC became part of the ASD in July 2018. The report identifies and describes key cyber security threats targeting Australian systems and networks, and provides a range of examples and real-world case studies of malicious activity targeting Australian networks, between July 2019 and June 2020. It provides mitigation advice that all Australians and organisations can take to defend against these threats.

ASD's Blueprint for Secure Cloud Publication

Feb 21, 2024 The Blueprint provides better practice guidance, configuration guides and templates covering risk management, architecture and standard operating procedures developed as per the controls in ASD’s Information Security Manual (ISM).

"Bulletproof" hosting providers are not so bulletproof News

Jan 22, 2025 Many cybercriminals rely on Bulletproof Hosting (BPH) providers to carry out their unlawful activities. Read our new publication to find out more about the role that BPH providers play in the cybercrime ecosystem.

COVID-19 malicious cyber activity Alert

May 22, 2020 Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme.

Critical Vulnerability in FortiOS Alert

Feb 9, 2024 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is aware of a critical (9.6) vulnerability (CVE-2024-21762) in Fortinet FortiOS devices.

Cryptomining Threat

Jun 23, 2020 Cryptocurrency mining (cryptomining) uses the processing power of computers to solve complex mathematical problems and verify cybercurrency transactions. The miners are then rewarded with a small amount of cybercurrency.

Exploitation of Microsoft Office vulnerability: Follina Alert

Jun 15, 2022 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of the Follina zero-day vulnerability in the Microsoft Support Diagnostic Tool (CVE-2022-30190). Affected Australian organisations should take appropriate action.

Facebook security issue affects 50M user accounts Alert

Sep 29, 2018 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a security issue affecting 50 million Facebook user accounts whereby a flaw in the 'View As' feature allowed attackers to steal Facebook access tokens, which could be used to take over user's accounts. Access tokens are the equivalent of digital keys that allow users to remain logged into Facebook.