-
ACMA suggests Digital ID identification verification to buy prepaid mobile SIM cards
Australian telcos may soon accept Digital ID to verify the identity of prepaid mobile phone users, as proposed by the Australian Communications and Media Authority (ACMA). If approved, this initiative would enable telcos to use a user’s Digital ID—a government-backed digital wallet linked to verified credentials like a driver’s licence or Medicare card—as a valid…
-
Concerning vulnerability found in GoAnywhere MFT
Fortra, the developer of the managed file transfer application GoAnywhere MFT, has disclosed a significant vulnerability that raises concerns among security experts regarding potential widespread exploitation. On 18 September, Fortra announced CVE-2025-10035, a deserialisation vulnerability in GoAnywhere MFT’s License Servlet that could allow unauthenticated remote code execution. The vulnerability was initially discovered on 11 September,…
-
Detour Dog Operating DNS-Based Malware Production Facility for Strela Stealer
A threat actor known as Detour Dog has been identified as the driving force behind campaigns distributing an information stealer called Strela Stealer. Findings from Infoblox reveal that Detour Dog maintains control over domains that host the initial stage of the stealer, a backdoor named StarFish. Infoblox has been monitoring Detour Dog since August 2023,…
-
Brain-Computer Interfaces (BCIs): Sources of Fear or Inspiration?
Brain-Computer Interface (BCI) technology aims to revolutionise the way users interact with devices by enabling hands-free control. This innovative approach allows individuals to operate computers, smartphones, and other electronic devices using only their thoughts. As BCI technology continues to advance, it raises significant questions about security and privacy. The potential for unauthorised access to a…
-
Advanced ShadowV2 DDoS-as-a-service botnet operating in the cloud
Cybersecurity researchers have uncovered a sophisticated Distributed Denial-of-Service (DDoS) operation known as the ShadowV2 botnet, identified by security vendor Darktrace. This operation blurs the line between traditional malware and modern Software-as-a-Service (SaaS) platforms. ShadowV2 offers attackers a professional login panel and a polished user interface that mirrors legitimate cloud-native applications. The platform is built on…
-
BRICKSTORM cyberespionage malware detected within network infrastructure
Google’s Threat Intelligence Group (GTIG) and Mandiant have released an analysis of the BRICKSTORM backdoor espionage malware, attributing it to the China-linked UNC5221 advanced persistent threat (APT) actors. Written in the Go language and active since March 2023, BRICKSTORM exhibits an exceptionally long dwell time in victim networks, averaging 393 days. This duration surpasses typical…
-
Optus claims traffic not redirected from firewall before upgrade
A firewall upgrade at Optus resulted in a significant failure of Triple Zero calls for 13 hours, primarily due to a deviation from internal traffic routing guidance and processes. CEO Stephen Rue stated that the established playbook for a “successful upgrade,” based on previous experiences, was not adhered to. The critical initial step of diverting…
-
US Secret Service discovers SIM card farm near the UN in NYC
The United States Secret Service has announced the dismantling of a network of electronic devices in multiple locations across New York, which was reportedly used to conduct telecommunications-related threats against senior government officials. The agency indicated that these threats posed an imminent risk to its protective operations. While the specific officials targeted were not disclosed,…
-
Cisco’s collaboration with Splunk and Australian Signals Directorate to enhance threat intelligence sharing
Cisco, the US technology multinational, has announced a strategic partnership between its subsidiary, Splunk, and the Australian Signals Directorate (ASD). This collaboration aims to deliver a new plug-in that integrates the ASD’s Cyber Threat Intelligence Sharing (CTIS) platform with Splunk Enterprise Security. This integration will enable ASD’s partners to share cyber threat intelligence at scale,…
-
Confidential computing protects data during processing
Protecting data in use—information that is actively accessed, processed, or modified—has historically posed greater challenges than encrypting data in motion or at rest. To bridge this security gap, organisations are increasingly adopting Confidential Computing, an advanced method that encrypts data during active use, whether it is being read, edited, or processed by applications. Without Confidential…
