Blog - Techbest - Top Tech Reviews In Australia

“Scattered Spider Launches Fresh Ransomware and Social Engineering Strategies”


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Brief Overview

  • Scattered Spider has adopted novel ransomware and social engineering strategies.
  • DragonForce ransomware is now included in their resources.
  • New strategies involve impersonating staff to deceive IT support.
  • Remote access applications like AnyDesk and Teleport.sh are utilized to avoid detection.
  • The RattyRAT trojan improves their sustained access abilities.
  • Targets feature Snowflake data cloud and VMware ESXi servers.
  • Connections to the Com online criminal network are recognized.
  • The FBI cautions about a Com subgroup, Hacker Com, connected to ransomware-as-a-service.

Progression of Cyber Threats

The Scattered Spider collective, noted for its advanced cyber assaults, has bolstered its inventory with new ransomware and social engineering approaches, as reported by the Australian Cyber Security Centre (ACSC) and various Western entities.

Innovative Tactics and Approaches

Recently, Scattered Spider has begun employing DragonForce ransomware, utilized post data exfiltration for blackmail. Interaction with targeted entities takes place via The Onion Router (TOR), email, or encrypted messaging applications.

Data Exfiltration and Manipulation

This group transfers data to platforms like Mega.nz and Amazon S3. They have refined their social engineering methods, posing as personnel to influence IT helpdesks into resetting passwords and shifting MFA tokens.

Enhanced Tools for Concealment

Scattered Spider employs legitimate remote access tools such as AnyDesk and Teleport.sh to hide their activities. The Java-based trojan RattyRAT is also utilized to sustain undetected access.

Focusing on Cloud and Server Systems

The group aims at Snowflake data cloud for swift data exfiltration and encrypts VMware ESXi servers to heighten the urgency for ransom settlements. They create false user profiles and social media accounts to preserve access.

Advice for Organizations

To mitigate these threats, organizations are advised to implement phishing-resistant MFA, prohibit unauthorized software, and keep offline backups, as suggested by security agencies.

Connections to Criminal Syndicates

Scattered Spider is associated with the Com online criminal network, which recruits through channels like Roblox and Discord. A subgroup, Hacker Com, participates in ransomware-as-a-service and other illicit activities such as DDoS assaults and SIM swapping.

FBI Alerts

The FBI has circulated warnings regarding Hacker Com’s refined operations, which comprise selling technical support and engaging in violent retribution actions like “swatting.”

Conclusion

Scattered Spider’s progress in ransomware and social engineering strategies underscores the shifting cyber threat environment. Their ties to the Com network and advanced methods present substantial threats to organizations globally.

Q: What is DragonForce ransomware?

A: DragonForce is a variant of ransomware utilized by Scattered Spider for extortion following data breach.

Q: How does Scattered Spider execute social engineering?

A: They impersonate staff members to deceive IT helpdesks into changing passwords and transferring MFA tokens.

Q: What tools does Scattered Spider use for remote connectivity?

A: They leverage AnyDesk, Teleport.sh, and the RattyRAT trojan to maintain concealed access.

Q: Why is the Snowflake data cloud a target?

A: Snowflake enables Scattered Spider to perform large data queries quickly for exfiltration purposes.

Q: What constitutes the Com network?

A: It is an online criminal syndicate affiliated with Scattered Spider, recruiting via platforms such as Roblox and Discord.

Q: What measures has the FBI taken?

A: The FBI has issued warnings about Hacker Com’s advanced criminal enterprises, including ransomware-as-a-service.

JBL Wave Beam Review


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

JBL Wave Beam, JBL Deep Bass Sound, Comfortable fit, Up to 32 (8h + 24h) total hours of battery life with speed charging, Stay aware of your surrounding, Hands-free calls with VoiceAware, Black

Government Encourages Vulnerability Research, Notifies Insurers and Non-Profits


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Government Advocates for Vulnerability Research, Notifying Insurers and Non-Profits

Quick Summary

  • The Australian government is enhancing its cyber security strategy, transitioning to horizon two, with an emphasis on browser-level threat mitigation.
  • Possible governmental involvement in the cyber insurance sector to aid small and medium enterprises and non-profit organizations.
  • Conversations on synchronizing cyber regulations to elevate organizational cyber maturity.
  • Focus on data protection as artificial intelligence advances and handles an increasing volume of data.
  • Increased safeguarding and incentives for vulnerability researchers in Australia.
  • Augmented security protocols for non-profits to safeguard sensitive information.

Cyber Security Strategy: Shift to Horizon Two

Development of Australian government cyber security strategy

The Australian government is intensifying its efforts regarding its cyber security strategy, with a transition from horizon one to horizon two, covering the period from 2026 to 2028. This strategy revolves around six strategic ‘shields’ intended to strengthen Australia’s cyber defenses.

Possible Involvement in Cyber Insurance

The federal government is considering intervention in the cyber insurance landscape to make services more attainable for small enterprises and non-profit organizations. While insurance facilitates swift recovery from cyber incidents, accessibility is frequently hampered by financial barriers and technical prerequisites. The government seeks to enhance the availability of these products without disrupting the market.

Regulatory Talk

A discussion is being promoted to evaluate if the existing cyber regulations and compliance legislation have limited the cyber maturity of organizations. The government proposes possible amendments to consolidate these laws and enhance their effectiveness.

Emphasis on Data Transmission

As AI progresses, understanding data movement and access becomes imperative. The government has plans to bolster data security to mitigate risks that come with the rising use of AI across sectors.

Initiatives for Vulnerability Research

Acknowledging the significance of vulnerability researchers as vital assets, the government aims to provide improved protections and incentives for their contributions. This may include the establishment of a vulnerability disclosure program for secure reporting.

Enhancements to Browser-Level Security

In transitioning to a more intricate threat blocking approach, the government will concentrate on browser-level security to supplement current large-scale initiatives. This program intends to boost awareness and uptake of enhanced browser security features.

Fortifying Cyber Security for Non-Profits

Due to their dependence on volunteers and limited funding, non-profits encounter distinct obstacles in upholding cyber security. The government is prioritizing the enhancement of cyber resilience within this domain to secure sensitive data and preserve public confidence.

Conclusion

The Australian government’s advancement to horizon two of its cyber security strategy signifies a major leap forward in bolstering national cyber resilience. By concentrating on enhancing insurance access, regulatory reform, data security, and backing for vulnerability research, the strategy aims to strengthen defenses against emerging cyber threats.

Q&A

Q: What are the primary objectives of Australia’s updated cyber security strategy?

A:

The strategy is geared towards improving cyber resilience through enhanced threat mitigation, better access to cyber insurance, more streamlined regulations, and fortified data security protocols.

Q: In what ways will the government assist vulnerability researchers?

A:

The government plans to provide increased protections and incentives for researchers, potentially through a formal vulnerability disclosure initiative.

Q: What’s the significance of focusing on not-for-profits?

A:

Not-for-profits frequently struggle with resources necessary for adequate cyber security, rendering them susceptible. The government aims to bolster their capacity to secure sensitive data and uphold public trust.

Q: What transformations are anticipated in cyber insurance?

A:

The government might intervene to enhance the accessibility and affordability of cyber insurance for small businesses and non-profits, ensuring broader coverage and protection.

Google’s Gemini CLI Agent Represents a Concealed Malware Risk


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

  • The Gemini CLI agent from Google is prone to executing covert harmful commands.
  • The flaw was uncovered by security researcher Sam Cox.
  • This vulnerability entails inadequate validation, prompt injection, and confusing user experience.
  • Google has updated the status of the vulnerability to Priority 1, Severity 1.
  • Users are encouraged to upgrade to Gemini 0.1.14 for improved protections.
  • Activating sandboxing can thwart the attack, although it is not set as default.

Grasping the Gemini CLI Weakness

The Google Gemini CLI agent, built to connect with Google’s sophisticated AI language model using textual commands, has been identified to possess a critical vulnerability. Detected by Tracebit security researcher Sam Cox, this flaw permits the execution of harmful commands without the user’s knowledge.

The Detection Method

Cox found the vulnerability via a combination of inadequate validation, prompt injection, and misleading user interface. By inserting a prompt within a README.md file—along with a seemingly harmless Python script—Cox illustrated how credentials could be siphoned off using “env” and “curl” commands to a distant server.

Google’s Action Against the Risk

Initially rated as Priority 2, Severity 4, the vulnerability was reclassified by Google to Priority 1, Severity 1 following further investigation. This reassessment emphasizes the risk of major data breaches and unauthorized access.

Recommended User Measures

Users are strongly encouraged to update to Gemini 0.1.14, which offers new protections against shell code execution. Moreover, enabling sandboxing can provide additional defense to systems, though it is not automatically turned on during installation.

Mitigation Techniques

To reduce the threat posed by this vulnerability, users should promptly update their software and activate sandboxing. Sandboxing establishes an isolated environment that can prevent unauthorized code from impacting the host system.

Significance of Timely Updates

Continuous updates and prompt patching are essential for ensuring the safety of software utilities like the Gemini CLI. Users must remain alert and responsive to any security alerts from developers.

Risk posed by the Gemini CLI agent from Google

Conclusion

The Google Gemini CLI agent exhibits a serious security vulnerability that may enable silent operations of malicious commands. Uncovered by Sam Cox, this problem underscores the need for proper validation and thoughtful user interface design in terms of security. Users are advised to upgrade to the latest version and activate sandboxing for system protection.

Questions and Answers

Q: What is the Google Gemini CLI agent?

A: It serves as a text-oriented command interface meant to connect with Google’s AI large language model.

Q: How was the vulnerability identified?

A: The flaw was uncovered by security researcher Sam Cox through a series of improper validations, prompt injections, and a misleading user experience.

Q: What steps should users follow?

A: Users should upgrade to Gemini 0.1.14 and activate sandboxing to protect against possible threats.

Q: Why is sandboxing significant?

A: Sandboxing creates a separate environment that can stop harmful code from impacting the primary system.

Q: How did Google react to the vulnerability?

A: Google updated the classification of the vulnerability to Priority 1, Severity 1 and encouraged users to refresh their software.

Q: Is the vulnerability resolved in the latest edition?

A: The latest edition, Gemini 0.1.14, comprises protections against shell code execution.

Bluetooth Headphones Wireless in-Ear – Bluetooth 5.3 Hi-Fi Stereo Deep Bass Wireless Headphones Noise Cancelling CVC Wireless Earbuds 35 Hours Playtime 13 mm Driver Earphones Waterproof USB C Review


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Bluetooth Headphones Wireless in-Ear – Bluetooth 5.3 Hi-Fi Stereo Deep Bass Wireless Headphones Noise Cancelling CVC Wireless Earbuds 35 Hours Playtime 13 mm Driver Earphones Waterproof USB C

Bunnings Tests AI Innovations to Improve Operations for 55,000 Staff


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

AI Evolution at Bunnings

Brief Overview

  • Bunnings is utilizing AI to gain insights into and develop its workforce of 55,000 staff members.
  • Investment in Workday technology has increased significantly, providing new AI tools like the Skills Cloud.
  • AI is intended to establish clearer career paths and enhance employee retention.
  • Additional resources such as Talent Optimization and HiredScore aid in strategic recruitment.
  • AI chatbots have been introduced for operational inquiries, transitioning Bunnings’ culture towards self-service.

AI-Driven Workforce Development at Bunnings

Bunnings is adopting artificial intelligence (AI) to transform the management and understanding of its large workforce of 55,000 employees. This initiative aims to promote career growth and retain skilled individuals by providing clearer career paths within the organization.

Bunnings investigates AI to enhance employee management

Committing to Technological Progress

At a recent Workday Elevate summit, Jeff Rodway, Bunnings’ Head of Remuneration, People Systems, and Services, emphasized the company’s dedication to a “significant technology evolution” in its people and culture operations. This includes a major boost in investment in Workday, effectively doubling the array of AI tools available.

Central to this movement is the Workday Skills Cloud, driven by AI technology dubbed ‘Illuminate’. While still in its developmental phase, it has already produced promising outcomes in pilot initiatives.

Improving Employee Engagement

Bunnings is leveraging methods like Talent Optimization and HiredScore to ensure current employees are aligned with available positions and to cultivate talent pools for upcoming opportunities. This strategy is anticipated to greatly lessen the time and expenses linked to external recruitment.

Future objectives include incorporating advanced analytical tools such as People Analytics and Prism Analytics to provide deeper insights into the workforce, facilitating data-informed decision-making.

The Rollout of AI Chatbots

Beyond backend solutions, Bunnings is deploying AI chatbots to support employees with operational inquiries. This initiative represents a cultural shift towards self-service, empowering employees to seek information autonomously instead of depending on conventional interpersonal interactions.

Rodway acknowledges that while this transition is considerable, the ultimate aim is to boost operational efficiency and productivity via AI. The emphasis continues to be on fostering a more inclusive atmosphere and making informed management choices.

Conclusion

Bunnings is leading the way in incorporating AI technology into its operations, focusing on enhancing employee development and retention. Through strategic investments in platforms like Workday, Bunnings is improving its recruitment processes while cultivating a culture of innovation and self-service.

Q: What is the primary aim of Bunnings’ AI initiative?

A: The main goal is to better understand and develop the workforce, establishing career pathways and enhancing employee retention.

Q: How is Bunnings employing AI to improve its recruitment process?

A: Bunnings is utilizing resources like Talent Optimization and HiredScore to align current employees with available roles, decreasing the reliance on external hiring.

Q: What impact are AI chatbots having at Bunnings?

A: AI chatbots are transitioning the organizational culture towards self-service, enabling employees to address operational questions independently.

Q: What impact will AI have on Bunnings’ management strategies?

A: AI will facilitate more data-driven and inclusive management strategies, aimed at minimizing hiring times and enhancing operational efficiency.

Is Your Security Approach Ready as AI Enters the Workforce?


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

AI in the Workforce: Transforming Security Approaches

Brief Overview

  • AI is moving from a supportive function to a leading role within the workforce.
  • Conventional identity governance falls short in AI-oriented environments.
  • AI entities with enhanced access levels present serious security threats.
  • Automated, AI-driven identity management is essential for safeguarding security.
  • Leadership must align identity strategies with AI projects.

AI: The New Leader in the Workforce

AI is entering the workforce. Is your security framework ready?

The adoption of Agentic AI in business practices is transforming today’s workforce. As AI evolves from a supportive role into a key player, companies must navigate a substantial change in security and governance frameworks.

The Emergence of Machines and the Decline of Traditional Thinking

Conventional identity governance, focused on human employees, is becoming irrelevant. AI agents are introduced via IT projects without standard protocols, resulting in a rise of poorly governed, excessively privileged non-human identities.

The Human Price, The Risk of Machines

While AI offers improved efficiency, it also brings forth notable security vulnerabilities. AI agents demand enhanced access, thereby enlarging the attack surface that can be targeted by malicious actors. Many businesses, especially in Australia, lack the mechanisms needed to address these risks.

Updating Machine Identity Lifecycle Management

Businesses require AI-enhanced identity lifecycle management to streamline access provisioning and maintain real-time visibility. This strategy is vital for upholding compliance and enforcing security measures in an AI-centric ecosystem.

Leaders Must Embrace This Transformation

The challenge of overseeing AI and human identities goes beyond the IT department. Senior leaders need to work collaboratively across various departments to refresh identity governance and embed it into all AI-related initiatives.

Conclusion

With AI becoming a vital element of the workforce, organisations in Australia must evolve their identity management approaches to lessen security dangers. This entails automating identity lifecycle management and promoting interdepartmental collaboration to excel in the AI-fueled enterprise landscape.

Questions & Answers

Q: Why is conventional identity governance insufficient for AI?

A: Conventional strategies concentrate on human identities and are ill-equipped to manage the swift, extensive arrival of AI agents, resulting in governance voids and security concerns.

Q: What risks do AI agents with enhanced access present?

A: Proper management is lacking, meaning AI agents with elevated access create a broader attack surface, heightening the possibility of exploitation by cyber threats.

Q: How can organisations enhance identity management for AI?

A: Through the adoption of automated, AI-enhanced identity lifecycle management systems that offer real-time insights and uphold least privilege access principles.

Q: What role do leaders play in authority governance for AI?

A: Leaders from different departments must collaborate to weave identity strategies into AI initiatives, guaranteeing thorough governance and security.

Q: In what way does AI integration affect organisational security strategies?

A: The integration of AI necessitates a shift in security tactics to confront the distinctive challenges of managing non-human identities and assuring stringent access control.

Q: Why is a “kill switch” important for AI agents?

A: A “kill switch” enables organisations to instantly revoke access for AI agents that act unpredictably, reducing potential security perils.