Australian Signals Directorate

With the announcement of a federal election, the #AusGov is now in a caretaker period. #AusGov resources are not used to communicate political material. This account is moderated to ensure political material is not placed on the site. Learn more at https://lnkd.in/gh-Q25FM

❗ ALERT ❗ There is active exploitation of previously known vulnerabilities affecting Fortinet devices. Customers are encouraged to update their devices and investigate for potential compromise. We recommend customers follow the full advice contained in Fortinet’s advisory page. Read the full alert 👉 https://lnkd.in/gtvtSaKn

Today along with our international partners, we have released an advisory about the growing threat that malicious cyber actors pose to individuals connected to topics including Taiwan, Tibet, Xinjiang Uyghur Autonomous Region, democracy movements and the Falun Gong. The advisory includes two case studies highlighting the BADBAZAAR and MOONSHINE spyware used by the malicious actors to target data on mobile devices. It also includes mitigation measures to help protect your devices and data. Alongside this advisory, we have also published the full technical details and guidance for the cyber security industry and partners. Learn more about the BADBAZAAR and MOONSHINE spyware and how to protect yourself 👉 https://lnkd.in/dRPB7aVX The advisory has been developed in collaboration with our international partners: National Cyber Security Centre UK Communications Security Establishment Canada | Centre de la sécurité des télécommunications Canada Bundesnachrichtendienst (BND) National Cyber Security Centre NZ Federal Bureau of Investigation (FBI) National Security Agency

Microsoft has released its April security updates. This update included: • 134 vulnerabilities patched. • 1 vulnerability with evidence of exploitation. • 11 'Critical' rated. We encourage all users to apply the available patch updates ASAP. For more details, visit the Microsoft Security Response Centre website 👉 https://lnkd.in/enmpa_R4

❗ ALERT ❗ There is a critical unauthenticated buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). Ensure affected products are updated to patched versions that address this vulnerability. Read the full alert 👉 https://lnkd.in/gAEABEvm

Does your cybersecurity provider protect your organisation against ‘fast flux’? Our latest advisory can help your organisation understand the ongoing threat of ‘fast flux’ techniques used by Bulletproof Hosting Providers (BPH). BPH use fast flux to disseminate malware and undertake phishing on behalf of cybercriminals. Fast flux is a domain-based technique used by malicious cyber actors, characterised by rapidly changing the Domain Name System (DNS) records (such as IP addresses) associated with a single domain. The approach allows BPHs to cycle quickly through bots and DNS records to bypass detection by network defenders and law enforcement agencies. You can mitigate the risks associated with fast flux and maintain a secure environment by using a cybersecurity or Protective DNS (PDNS) provider that detects and blocks fast flux. Providers should track, share information about, and block fast flux as part of their provided cybersecurity services. Some providers may detect and block fast flux automatically, but many may not. To ensure optimal protection, we encourage you to contact your provider to validate their coverage against fast flux. Find out more about protecting your organisation against fast flux 👉 https://lnkd.in/gusVua3S Find out more about how BPH operate in our joint publication with Australian Federal Police 👉 https://lnkd.in/gmeNq2h3 Released alongside international partners: - National Security Agency - Cybersecurity and Infrastructure Security Agency - Federal Bureau of Investigation (FBI) - Communications Security Establishment Canada | Centre de la sécurité des télécommunications Canada - National Cyber Security Centre - NZ #CyberSecurity #CriticalInfrastructure

Happy 78th birthday to us 🎂! Since we were established on 1 April 1947 as the Defence Signals Bureau, we have always been at the forefront of protecting Australia’s information 📡🔒 From WWII beginnings to navigating modern challenges, our dedicated team remains committed to safeguarding our nation. Find out more about our history 👉 https://lnkd.in/gxfzbQu6

It's World Backup Day! 💾🌍 Don't risk losing important files from your past, like this collection of vintage logos from our history. Our tips: 1. Back up your data, applications and settings at a frequency that works best for you or your business continuity. 2. Store backups in a secure and resilient manner. 3. Test backups as part of disaster recovery exercises. #WorldBackupDay #CyberSecurity

Applications are now open for our 2026 Apprenticeship Program! Start your career with a unique blend of practical experience, training and support doing work that will help keep Australia secure. Curious to know what your day as an ASD apprentice could look like? Click the images to find out what some of our apprentices had to say 👇 Are you ready to shape the future of cyber security and intelligence? Apply now for 2026 at https://lnkd.in/gMHmjJrS

❗ ALERT ❗ There are critical vulnerabilities affecting Ingress-NGINX Controller for Kubernetes that could allow unauthenticated remote code execution and full cluster takeover. We recommend organisations take the following actions: • Review the advice and monitor the guidance at the official Kubernetes maintainer’s Ingress-NGINX Github Repository. • Update to the latest version of Ingress-NGINX Controller. • Ensure the admission webhook endpoint is not exposed externally. For more information read our alert 👉 https://lnkd.in/g7FufsfP