Category: ASD

This alert is relevant to all Australians and Australian organisations that maintain online code repositories and public software packages. Background The ASD’s ACSC is aware of increased targeting of online code repositories. Threat actors have been observed gaining access to online code repositories through: Phishing/Vishing Social Engineering Compromised credentials Compromised authentication tokens Infected software packages.

This alert is relevant to all Australian businesses and organisations. This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services. Background ASD’s ACSC is aware of a recent increase in active exploitation in Australia of a 2024 critical vulnerability in SonicWall SSL VPNs (CVE-2024-40766).

Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised

This alert has been written for technical IT services supporting organisations, such as critical infrastructure, and government. Background ASD’s ACSC is aware of multiple vulnerabilities impacting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products:•    CVE-2025-7775 (Critical) involves a memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service.•    CVE-2025-7776 (High) involves

Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Royal Canadian Mounted Police (RCMP), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Australian Federal Police (AFP), Canadian Centre for Cyber Security (CCCS), and United Kingdom’s National Cyber Security Centre (NCSC-UK)—hereafter referred to as the authoring organizations—are releasing this joint Cybersecurity

This alert has been written for the IT teams of organisations and government. Background  / What has happened? ASD’s ACSC is aware of a vulnerability impacting Microsoft Office SharePoint Server products (CVE-2025-53770). CVE-2025-53770 involves the deserialisation of untrusted data in on-premises Microsoft SharePoint Servers allowing an unauthorised attacker to execute code over a network.  Microsoft is

Acknowledgement of Country We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia’s First Peoples’ enduring contribution to Australia’s national security.

A AACA ASD-Approved Cryptographic Algorithm AACP ASD-Approved Cryptographic Protocol ACA Australasian Certification Authority Access control The process of granting or denying requests for access to systems. Can also refer to the process of granting or denying requests for access to facilities. Access Cross Domain Solution A system permitting access to multiple security domains from a

Acknowledgement of Country We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia’s First Peoples’ enduring contribution to Australia’s national security.

Acknowledgement of Country We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia’s First Peoples’ enduring contribution to Australia’s national security.