Australia Tech News Archives

Significant Service Interruption: AWS Outage Affects Snap, Canva, Ring, Telstra, Steam, and Others

David Leane on October 21, 2025

We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Quick Read

Amazon Web Services (AWS) outage leads to worldwide disruptions.
Impacted services comprise Snap, Canva, Ring, Telstra, Steam, and others.
Outage linked to the AWS US-EAST-1 region, affecting more than 35 services.
Notable increases in error rates and latencies reported.
AWS engineers are diligently working to fix the issue.

AWS Outage Disrupts Major Services Around the Globe

The recent significant outage of Amazon Web Services (AWS) has resulted in extensive disruption among various online services. This event underscores the substantial dependence on AWS as a foundation for internet infrastructure.

What Occurred?

On October 20th, AWS faced heightened error rates and latencies, significantly affecting the DynamoDB endpoint in the US-EAST-1 region. This led to more than 35 services being impacted, with users globally facing considerable service interruptions.

Services Affected

Per Downdetector, the outage has impacted a wide array of services. Some of the most prominent include:

Snapchat
Canva
Ring
Telstra
Steam
Amazon.com
Zoom
National Broadband Network (NBN)

The outage highlights the extensive influence AWS has on numerous sectors, ranging from gaming and social media to vital communication services.

Response and Recovery Efforts

AWS has acknowledged the problem on their AWS Health Dashboard and has indicated that engineers are actively engaged in addressing the situation. Ongoing efforts are aimed at pinpointing the root cause and restoring complete functionality to the impacted services.

Understanding Internet Infrastructure Resilience

This event serves as a reminder of the necessity for strong internet infrastructure. Although AWS usually guarantees a 99.999% uptime, outages can still happen, accentuating the need for ongoing enhancements in reliability and contingency preparedness.

Summary

The AWS outage has caused considerable disruptions across various platforms, impacting both users and service providers. As AWS endeavors to resolve the issues, this occurrence highlights the essential role of cloud services in the present digital environment.

Q&A

Q: What triggered the AWS outage?

A:

The outage arose from increased error rates and latencies in the AWS US-EAST-1 region, particularly affecting the DynamoDB endpoint.

Q: How many services were impacted by the AWS outage?

A:

More than 35 services, including key platforms like Snapchat, Canva, and Telstra, faced disruptions.

Q: What actions is AWS taking to address the issue?

A:

AWS engineers are actively focused on mitigating the issue and identifying its root cause to restore full service operations.

Q: How can users keep updated on AWS service status?

A:

Users can check the AWS Service Health Dashboard for the latest information on service status and recovery updates.

Q: Why is this outage important?

A:

The outage highlights the significant dependence on AWS for numerous online services, impacting a vast range of sectors worldwide.

ASIC’s Payroll Revamp Eases Employee Shift from ATO

Nicholas Webb on October 21, 2025

Quick Overview

ASIC is shifting from PeopleSoft to Aurion for payroll handling by the close of the year.
This shift enabled the return of 200 personnel from ATO to ASIC.
Aurion accommodates numerous enterprise agreements, assisting in smooth staff relocations.
ASIC committed $1.1 million to Aurion for payroll software and ongoing expenses through June 2027.
This change is part of a comprehensive upgrade of management systems, which includes a new ERP system.

Detailing the Payroll Transition

The Australian Securities Investments Commission (ASIC) is on course to finalize a crucial transition from the PeopleSoft payroll system to Aurion by year-end. This change signifies a major advancement in ASIC’s overall plan to enhance its management systems, including the launch of a new enterprise resource planning (ERP) system from Technology One.

ASIC's payroll overhaul enables staff return from ATO

Seamless Staff Transition

The initial stage of this transition, finalized in April, witnessed 200 employees revert to ASIC from the Australian Taxation Office (ATO). This change was prompted by the cancellation of the Modernising Business Registers program by the government, which led to business registers and related services being reassigned to ASIC in May 2024.

Advantages of Aurion’s Dual Agreement Capability

The transition was aided by Aurion’s capacity to manage dual enterprise agreements, accommodating staff under both ATO and ASIC contracts. This adaptability guaranteed a smooth relocation for personnel returning to ASIC.

Financial Commitment and Future Initiatives

ASIC has allocated $1.1 million to Aurion for the deployment of payroll software-as-a-service, with the agreement lasting until June 2027. The next phase, which will transfer current ASIC staff to the new system, is anticipated to be concluded by the end of the year.

Comprehensive Management Systems Update

This payroll transition is an integral part of ASIC’s wider efforts to modernize its management systems. The agency is also implementing a Technology One ERP system, moving away from the existing PeopleSoft Financial system. In addition, ASIC is focusing on the implementation of a new capital management system.

Overview

ASIC’s transition in payroll from PeopleSoft to Aurion signifies a pivotal advancement in updating its operational framework. This change not only supports the efficient transition of personnel from the ATO but also aligns with ASIC’s larger strategic goal of enhancing its management systems.

Q: What led ASIC to shift from PeopleSoft to Aurion?

A: The shift is part of ASIC’s comprehensive management systems enhancement, aimed at modernizing its operational framework.

Q: How many personnel were involved in the transition?

A: The first phase of the transition saw the return of 200 personnel from the ATO to ASIC.

Q: What function does Aurion serve in the transition?

A: Aurion’s payroll solution supports dual enterprise agreements, facilitating effortless staff transitions between ATO and ASIC.

Q: What is the financial scope of ASIC’s collaboration with Aurion?

A: ASIC committed $1.1 million to Aurion for payroll software implementation and recurring license fees until June 2027.

Q: When is the transition expected to be finalized?

A: The full transition to the Aurion payroll system is expected to be completed by year’s end.

Q: What other systems are under upgrade at ASIC?

A: In addition to the payroll transition, ASIC is implementing a Technology One ERP system and a new capital management system.

Gozney Introduces Dome Gen 2 and XL, Enhancing Australian Backyard Pizza Adventure

Nicholas Kinports on October 20, 2025

Quick Read

Gozney has introduced Dome Gen 2 and Dome XL Gen 2 in Australia.
Features notable enhancements in cooking space and technology.
Includes a state-of-the-art digital console for accurate temperature management.
Offers two sizes to meet diverse cooking requirements.
Hybrid-fuel ovens capable of utilizing wood, charcoal, and gas.
Constructed with commercial-quality insulation for resilience.
Accompanied by a selection of accessories to boost functionality.

Gozney Dome Gen 2 and Dome XL: A New Chapter in Outdoor Cooking

Gozney, a pioneer in the realm of outdoor pizza ovens, has revealed its newest products, the Dome Gen 2 and the larger Dome XL Gen 2, now accessible in Australia. Renowned for delivering restaurant-quality pizza to domestic kitchens, Gozney’s latest models are set to elevate backyard culinary experiences.

Gozney Dome (Gen 2)

The Gozney Dome Gen 2 provides an impressive 40% boost in cooking area compared to the previous version, enabling home cooks to bake two 10-inch pizzas or one 16-inch pizza at the same time. This additional space is perfect for family gatherings or intimate parties.

Gozney Dome XL (Gen 2)

The Dome XL Gen 2 is tailored for dedicated entertainers, featuring a remarkable 90% expansion in cooking area compared to the original Dome. With space for three 10-inch pizzas or an 18-inch pizza, it is capable of preparing entire meals, including steaks and veggies, all at once.

Features

Intelligent Cooking with Complete Control

The innovative digital console is a highlighted feature, supplying real-time temperature readings and regulation of the oven’s ambient air and stone floor. It includes a timer and connections for two meat probes, guaranteeing precise cooking.

Rolling Lateral Flame

Gozney’s signature lateral flame technology guarantees uniform heat distribution, ideal for achieving the perfect pizza crust.

One Oven, Three Fuels

The Dome series embraces hybrid-fuel cooking, giving users the option to choose among wood, charcoal, and gas. This versatility allows for a variety of culinary techniques with ease.

Constructed for Longevity

Featuring commercial-grade insulation and a serviceable component design, the Dome Gen 2 series is built for durability and flexibility, presenting a worthwhile investment for cooking aficionados.

Accessories and Setup

A diverse range of accessories complements the Gen 2 series, including the Dome Stand, Dome Mantel, Neapolitan Arch, and multiple peels and cutters, enhancing the overall cooking experience.

Price and Availability

The Gozney Dome Gen 2 is priced at A$2,999, while the Dome XL Gen 2 is listed at A$3,999. Both models can be ordered through the Gozney Australian website and select retailers.

Summary

Gozney’s Dome Gen 2 and Dome XL Gen 2 revolutionize the outdoor cooking scene in Australia with their advanced features, increased cooking capability, and adaptable fuel options. Ideal for both amateur and professional chefs, these ovens are designed for outstanding performance and longevity.

Q: What are the key differences between the Dome Gen 2 and Dome XL Gen 2?

A: The primary distinction is in cooking space. The Dome XL Gen 2 provides 90% more space compared to the original, while the Dome Gen 2 offers a 40% increase. This impacts the quantity of food that can be cooked at one time.

Q: In what manner does the digital console enhance cooking?

A: The digital console offers accurate temperature control and real-time displays, facilitating improved cooking outcomes. It also includes a timer and ports for meat probes to monitor multiple dishes.

Q: Am I able to use various fuels in the Dome ovens?

A: Absolutely, both models accommodate wood, charcoal, and gas, providing versatility for different cooking styles and preferences.

Q: Are the Dome ovens appropriate for professional usage?

A: While intended for home use, their construction quality and features make them suitable for semi-professional chefs seeking high-performance outdoor cooking appliances.

Q: Where can I find the Gozney Dome Gen 2 ovens for purchase?

A: They can be purchased through the Gozney Australian website and at select premium retailers throughout Australia.

October Update Disrupts Windows 11 Recovery Environment

David Leane on October 20, 2025

October Update Problems in Windows 11

Summary Overview

October update impacts the Windows 11 Recovery Environment (WinRE).
USB devices malfunction in WinRE, hindering navigation.
Problems affect Windows 11 versions 25H2, 24H2, and Windows Server 2025.
Microsoft is developing a solution for the WinRE problem.
http.sys driver issues causing troubles with website connections.
KIR mechanism automatically rectifies http.sys issues for many users.
Resolved smart card authentication errors in 32-bit apps.
Various Windows versions impacted by CSP authentication issues.

Windows 11 Recovery Environment Issues

After the October security update, Microsoft has uncovered a serious problem concerning the Windows Recovery Environment (WinRE) in Windows 11. The update, designated KB5066385, has caused a breakdown where USB devices, including keyboards and mice, are non-functional within WinRE, thereby making recovery options unreachable. This complication has been acknowledged to impact Windows 11 versions 25H2, 24H2, and Windows Server 2025. Microsoft has promised users a forthcoming resolution.

Effects on http.sys Kernel Mode Driver

The update has similarly introduced a regression affecting the http.sys kernel mode driver. This has led to failed connections to Internet Information Server (IIS) sites, with users facing ERR_CONNECTION_RESET errors. This problem applies to websites and applications operating on localhost. Microsoft has put into action a Known Issue Rollback (KIR) mechanism to automatically resolve this concern for most home users and unmanaged business devices. For managed environments, administrators can employ Group Policy to implement a KIR.

Challenges with Smart Card Authentication

Another concern stemming from the October update involves smart card authentication. Users have indicated that smart cards are not detected as cryptographic service providers (CSPs) in 32-bit applications, resulting in failures with document signing and challenges for certificate-based authentication. Microsoft has offered a workaround, which includes registry changes to set the DisableCapiOverrideForRSA key to 0, thereby fixing the issue. This concern affects multiple Windows versions, including Win10 22H2 and Server 2012.

Conclusion

The October update for Windows 11 has brought forth several notable issues, affecting the performance of the Windows Recovery Environment, http.sys driver, and smart card authentication in 32-bit applications. Microsoft is proactively working to rectify these issues, with some resolutions already implemented through automatic processes and manual adjustments.

Questions & Answers

Q: What is the primary issue with the Windows 11 Recovery Environment?

A: The primary issue is that USB devices such as keyboards and mice do not function in WinRE, preventing users from navigating recovery options.

Q: Which Windows versions are impacted by the WinRE issue?

A: The affected versions include Windows 11 versions 25H2, 24H2, and Windows Server 2025.

Q: How is Microsoft resolving the http.sys kernel mode driver problem?

A: Microsoft is employing the Known Issue Rollback (KIR) mechanism to automatically fix the problem for most users, while Group Policy can be used for managed systems.

Q: What actions are needed to resolve the smart card authentication issue?

A: Users must edit the Windows Registry by changing the DisableCapiOverrideForRSA key to 0 to fix the problem.

Q: Are there any additional Windows versions affected by the smart card issue?

A: Yes, the problem also influences earlier Windows versions, including Win10 22H2 and Server 2012.

Vocus ISP Dodo’s Email System Compromised Last Friday

David Leane on October 20, 2025

Quick Read

Dodo, an ISP owned by Vocus, faced a security breach impacting 1600 email accounts.
SIM swapping targeted 34 Dodo Mobile accounts.
Email services for Dodo and iPrimus customers were temporarily halted.
Fraudulent activity has been reported to the authorities.
Customers encountered prolonged wait times to restore email access.

Email System Breach: What Occurred?

On October 17, 2023, Vocus-owned ISP Dodo suffered a major breach that led to unauthorized access to around 1600 email accounts. The breach was made public through a post on Dodo’s official Facebook page on Sunday, shortly after the incident occurred on Friday.

Consequences of the Breach

After the breach, a portion of customers were affected by SIM swapping, which impacted 34 Dodo Mobile accounts. This process involves a fraudster substituting a customer’s working SIM with a Dodo SIM bought at a retail location, effectively rerouting the customer’s mobile number to the new SIM.

Vocus’ Response

In reaction to the breach, Vocus halted email services for both Dodo and iPrimus customers and limited services for Commander customers. The company is actively collaborating with affected customers to undo the fraudulent SIM swaps and has enlisted the help of authorities to further investigate the matter.

Customer Experience

Customers who were affected by the breach were instructed to reach out to Dodo for help, especially to reset their email account passwords. However, many reported significant wait times, frequently extending to an hour, to regain access to their accounts.

Overview

The breach involving Dodo’s email system has underscored the weaknesses in email and SIM security among telecommunications providers. As the company endeavors to lessen the impact and avert future incidents, affected customers are advised to stay alert and secure their accounts without delay.

Q&A Session

Q: What actions should Dodo customers take if they believe their account is compromised?

A: Customers must promptly contact Dodo to reset their passwords and keep an eye on their accounts for any unusual activity.

Q: How can customers safeguard themselves against future breaches?

A: Customers are encouraged to create strong, unique passwords for their accounts and enable two-factor authentication wherever feasible.

Q: What does SIM swapping entail, and why is it a concern?

A: SIM swapping is a fraudulent scheme where a hacker shifts a victim’s mobile number to a different SIM card, allowing access to confidential information. It raises concern due to its potential to cause unauthorized transactions and data breaches.

Q: Are authorities involved in the investigation?

A: Yes, Vocus has informed authorities regarding the fraudulent activities, and investigations are currently in progress.

Q: What steps is Vocus undertaking to avert future incidents?

A: Vocus is closely monitoring the situation and likely has introduced additional security measures, although specific details haven’t been revealed.

Q: How long will Dodo customers experience email service disruptions?

A: The exact length of the service disruption hasn’t been indicated, but Vocus is striving to restore full services as promptly as possible.

ACCAN Calls for Real-Time, Integrated Outage Details

Matthew Miller on October 19, 2025

ACCAN Advocates for Immediate Outage Data

Brief Overview

ACCAN advocates for a centralized public register of telecom outages.
The proposal is designed to rebuild consumer trust with minimal financial or regulatory strain on telecom providers.
ATA contends that existing regulations are adequate and additional measures would create unnecessary bureaucracy.
Real-time notifications are proposed to avoid disjointed communication across various platforms.
Optus reported 272 incidents in a month, underscoring the necessity for improved consumer access to outage updates.

Overview

The Australian Communications Consumer Action Network (ACCAN) is advocating for a clear, centralized public register of communication service outages. This initiative comes after major disruptions, such as the failures of Optus’s emergency call services, which have undermined consumer trust in telecommunications firms.

Current Situation

Currently, telecommunications providers in Australia are required to comply with the Australian Communications and Media Authority’s (ACMA) standards for reporting outages. These rules mandate carriers to inform the public, stakeholders, and other service suppliers about outages through various channels including websites, social media, emails, SMS, and broadcast platforms.

ACCAN’s Initiative

ACCAN proposes a modification to the Telecommunications (Customer Communications for Outages) Industry Standard 2024 to incorporate a real-time updating public register. This system would unify outage information, offering consumers a singular, dependable source regarding network status and service interruptions.

Response from the Industry

The Australian Telecommunications Alliance (ATA), the leading lobby organization for telecom companies, opposes the proposition, asserting that current regulations are adequate. ATA’s CEO Luke Coleman argues that the existing system already provides timely updates to customers during outages and that ACCAN’s suggested register would simply add unnecessary complexity.

Example: Optus Outages

Recent Senate inquiries revealed that Optus had 272 reportable outages over a month-long period, bringing attention to the disjointed nature of current outage communication. ACCAN asserts that a centralized register would fill these communication gaps, ensuring consumers are better informed.

ACCAN advocates for real-time, unified access on outages

Conclusion

ACCAN’s initiative for a real-time public outage register aims to boost consumer trust in telecommunication services by providing a centralized information hub. While this proposal seeks to alleviate additional costs and regulatory demands, it is met with resistance from industry stakeholders who claim existing solutions are sufficient.

FAQ

Q: What does ACCAN propose for telecommunication service outages?

A: ACCAN proposes a centralized, real-time updating public register for communication service outages.

Q: Why is ACCAN advocating for a public register?

A: ACCAN believes that a public register will help restore consumer trust and provide a single, reliable source for outage details.

Q: What is the ATA’s view on this proposal?

A: The ATA maintains that the current regulations are sufficient and that ACCAN’s proposal would create unnecessary administration.

Q: How are outages currently communicated to consumers?

A: Outages are reported through a mix of channels, including websites, social media, emails, SMS, and broadcast media.

Q: Can you provide an example of recent outages that illustrate the issue?

A: Optus recorded 272 reportable outages from September 11 to October 8, highlighting the need for better communication.

Cybercriminals Utilize F5 Devices to Compromise US Government Networks

David Leane on October 19, 2025

Cyber Threats from Nation-State Target F5 Equipment in the US

Summary

Unknown cyber threat actors are targeting US federal networks through vulnerabilities in F5 devices.
CISA issues an emergency directive to address risks and calls for immediate updates.
F5 verifies unauthorized access but assures no effect on operations.
Security experts are brought in to mitigate the threat and enhance security measures.
Concerns for national security hinder public notification of the breach.

Cyber Threats: A Continuous Issue

In a key update, officials from the US government have detected a persistent cyber threat aimed at federal networks. The actors behind the threat, suspected to be from a nation-state, are taking advantage of weaknesses in products from the cybersecurity firm F5. This event underscores the ongoing issue of cybersecurity threats that challenge governments and businesses globally.

Incident Details

The Cybersecurity and Infrastructure Security Agency (CISA) has launched an emergency directive following the revelation that hackers have breached F5’s systems. The threat actors have taken files, which include portions of F5’s source code and information on vulnerabilities. This information could potentially guide additional breaches of F5 devices and software, creating a serious risk for federal networks.

Cyber threats hitting government networks via F5 devices

Actions and Measures for Mitigation

Nick Andersen, the executive assistant director of cybersecurity at CISA, has instructed government agencies to recognize and update F5 devices present in their systems. He emphasized the critical nature of the situation, indicating that the risk encompasses all organizations utilizing these products. Although a breach occurred, F5 asserts that its operations are currently unimpeded, and the software development process has not been compromised.

Investigation and Security Actions

F5 identified the breach on August 9 and has since implemented extensive measures to control the threat. The company has enlisted the help of reputable cybersecurity firms such as CrowdStrike, Mandiant, NCC Group, and IOActive for their investigation. The breach affected data from a limited number of customers, who have been directly notified by F5.

National Security and Reporting

The US Department of Justice has sanctioned a delay in the public announcement of the breach until September 12 due to concerns regarding national security. This decision highlights the seriousness of the situation and the ongoing work to safeguard federal networks against such threats. At the same time, authorities in Britain have advised F5 users to promptly update their software.

Conclusion

The recent cyber threat aimed at F5 devices within US government networks is a stark reminder of the continuous cybersecurity challenges. With CISA and F5 taking firm measures to alleviate risks, it is vital for all organizations that utilize F5 products to act immediately and refresh their systems. The involvement of leading cybersecurity professionals underscores the complexity and severity of the threat.

Q: What specific vulnerabilities are targeted in the F5 devices?

A: The specific vulnerabilities have not been revealed to avoid further exploitation. However, F5 and CISA advocate for immediate updates to address these vulnerabilities.

Q: How is F5 ensuring the security of customer data after the breach?

A: F5 is enhancing its security protocols and infrastructure and has reached out directly to affected customers to manage the situation.

Q: What actions should organizations utilizing F5 products take to safeguard themselves?

A: Organizations are advised to quickly identify F5 devices in their networks and implement all critical security updates as instructed by CISA and F5.

Q: Is there any indication that the hackers have breached other sectors?

A: Currently, there is no evidence of breaches within US civilian agencies or other sectors, but the threat level remains for all organizations using F5 products.

Sigma Healthcare Employs Machine Learning in SAP to Improve Forecasting Abilities

David Leane on October 18, 2025

Concise Overview

Sigma Healthcare improves demand prediction via machine learning in SAP IBP.
Forecast precision enhanced by 5-10% initially, with an additional 10% from utilizing machine learning models.
SAP Joule, a generative AI assistant, anticipated to deliver more optimizations.
Collaboration with EY to refine the SAP IBP framework.
Company’s retail brands include Amcal and Chemist Warehouse.

Improving Prediction with Machine Learning

Sigma Healthcare has made considerable progress in refining its demand forecasting abilities by employing machine learning models within SAP’s Integrated Business Planning (IBP) platform. With the implementation of sophisticated technologies such as extreme gradient boosting and automated outlier correction, Sigma has effectively enhanced its inventory management and medication availability.

Sigma Healthcare employs ML in SAP for superior forecasting

Early Benefits and Additional Enhancements

Initially, Sigma Healthcare experienced a forecast precision improvement of 5-10% following the rollout of the response and supply planning module of SAP IBP. This module replaced traditional manual spreadsheet methods, allowing supply planners to dedicate more time to achieving accuracy.

Applying Machine Learning Models

Guided by Marcus Williams, Sigma’s operations planning team has employed machine learning models such as extreme gradient boosting to process extensive and intricate datasets, facilitating improved sales forecasting and inventory management. Automated outlier correction has played a key role in preventing data inaccuracies from impacting sales outcomes.

The Impact of Generative AI with SAP Joule

Sigma anticipates the integration of SAP Joule, a generative AI copilot, to further bolster its planning capabilities. The AI tool is expected to diminish problem-solving duration and enhance management of out-of-tolerance forecasts and safety stock challenges.

Maintaining Competitiveness through Technology

By staying current with quarterly upgrades of IBP and advancements in AI, Sigma strives to retain a competitive position in the pharmaceutical sector. The collaboration with EY has been crucial in optimizing the IBP realm, aiding in its achievements.

Conclusion

Sigma Healthcare’s strategic implementation of machine learning and AI within SAP’s IBP system has profoundly enhanced its demand forecasting and inventory management. The integration of advanced technologies and partnerships is likely to continue providing competitive benefits in the retail pharmacy domain.

Q: In what ways has Sigma Healthcare enhanced its forecast accuracy?

A: Sigma Healthcare has elevated its forecast accuracy by implementing machine learning models and SAP IBP, yielding an initial 5-10% enhancement with a subsequent 10% increase from advanced models.

Q: Which technologies are being utilized by Sigma Healthcare?

A: Sigma employs technologies such as extreme gradient boosting, automated outlier correction, and SAP Joule, a generative AI copilot, to heighten its forecasting efficiency.

Q: What function does SAP Joule serve in Sigma’s operations?

A: SAP Joule is anticipated to aid in reducing problem-solving timelines and improving forecasts, especially in managing out-of-tolerance instances and safety stock administration.

Q: With whom has Sigma Healthcare collaborated for optimization?

A: Sigma Healthcare has partnered with EY to refine its SAP IBP framework.

Q: What are some of Sigma Healthcare’s retail brands?

A: Sigma Healthcare’s retail brands consist of Amcal and Chemist Warehouse.

Q: What importance does extreme gradient boosting hold in Sigma’s strategy?

A: Extreme gradient boosting assists Sigma in managing vast datasets, enhancing sales forecasting and pinpointing inventory or delivery complications.

Microsoft Withdraws Certificates for Counterfeit Teams Installers Distributing Ransomware

Nicholas Webb on October 18, 2025

Microsoft Cancels Certificates for Counterfeit Teams Installers

Quick Overview

Microsoft cancels more than 200 certificates related to counterfeit Teams installers.
The cybercrime collective, Vanilla Tempest, aimed at Teams users with ransomware.
Certificates from Trusted Signing, SSL.co, DigiCert, and GlobalSign were utilized.
Microsoft’s measures seek to diminish the efficacy of these ransomware operations.
Microsoft made the revocations public on LinkedIn and other social media outlets.

Vanilla Tempest’s Ransomware Initiative

Microsoft has implemented crucial measures to counter a ransomware threat entity, referred to as Vanilla Tempest, by revoking over 200 certificates utilized in their attack framework. This group, also recognized by cybersecurity experts as Vice Spider and Vice Society, initiated a campaign using counterfeit Microsoft Teams installers hosted on deceptively authentic malicious websites.

Microsoft cancels certs for counterfeit Teams installers dropping ransomware

Consequences of Certificate Cancellation

By canceling these digital certificates, Microsoft has complicated the efforts of Vanilla Tempest to spread ransomware disguised as legitimate files. The certificates that were revoked originated from Trusted Signing, SSL.co, DigiCert, and GlobalSign, which were used to authenticate the counterfeit installers and related tools.

Technical Aspects of the Attack

Upon executing the counterfeit .exe installers, a downloader would trigger the Oyster backdoor, eventually resulting in the deployment of the Rhysida ransomware. Apart from Rhysida, Vanilla Tempest has previously utilized several other ransomware variants, showcasing the group’s flexibility and level of threat.

Microsoft’s Preventive Actions

Microsoft’s prompt decision to cancel these certificates is vital in alleviating the threat posed by these cybercriminals. Announcements concerning these security actions were made publicly through LinkedIn and additional social media platforms, highlighting Microsoft’s pledge to cybersecurity.

Conclusion

In reaction to a notable ransomware threat targeting Microsoft Teams users, Microsoft has canceled over 200 certificates linked to counterfeit installers. This tactical move hampers the ability of Vanilla Tempest to conduct their malicious operations, thereby protecting users and organizations from potential data breaches and financial damages. The announcement signifies Microsoft’s continuous commitment to bolstering global cybersecurity initiatives.

Q: What was the principal tactic employed by Vanilla Tempest in their operations?

A: Vanilla Tempest employed counterfeit Microsoft Teams installers hosted on seemingly authentic malicious domains to deploy ransomware.

Q: How did Microsoft address the threat posed by these counterfeit installers?

A: Microsoft canceled over 200 certificates associated with the counterfeit installers, making it challenging for the malware to mimic legitimate files.

Q: What are the names of a few certificate authorities referenced in the article?

A: The certificates were from Trusted Signing, SSL.co, DigiCert, and GlobalSign.

Q: Which specific ransomware was highlighted as part of the attack?

A: The Rhysida ransomware was specifically highlighted, alongside other ransomware variants utilized by Vanilla Tempest.

Q: How did Microsoft publicize their security measures?

A: Microsoft publicized the cancellation of certificates through LinkedIn and various social media updates.

Westpac Sets Ambitious Strategy for Broad AI Integration in Business Banking

Nicholas Kinports on October 17, 2025

Brief Overview

Westpac is incorporating AI throughout its business lending framework, enhancing credit evaluation and customer engagement.
The bank has joined forces with RDC.ai and AWS to create AI solutions, which include explainable credit evaluations.
AI is projected to simplify operations, diminish fraud, and enhance clarity for customers and regulators.
AI functionalities will be integrated into Westpac’s BizEdge tool to minimize documentation and refine lending processes.
Westpac seeks to harness AI to better utilize its extensive data assets for superior customer experiences.

Westpac’s AI Integration Journey

Westpac is committed to integrating artificial intelligence (AI) at every stage of its business lending operations. This project is part of a larger initiative to boost efficiency and clarity in credit evaluations and customer relations. The bank’s advancements build upon previous achievements in AI-driven credit assessments.

Westpac looks to broad AI integration within the business bank

(L-R) RDC.ai’s Gordon Campbell and Westpac’s Dr Martin Anderson.

Collaboration with RDC.ai and AWS

Westpac’s partnership with RDC.ai, previously recognized as Rich Data Co, initiated in 2021 and has broadened to include generative and agentic AI technologies. The bank highlighted this collaboration at the AWS financial services symposium in Sydney, showcasing how AI could revolutionize business banking activities beyond credit evaluation.

AI’s Contribution to Credit Evaluation

The inclusion of AI enables Westpac to render well-informed and transparent credit evaluations. By analyzing customer data, the bank can rationalize its choices and strategies in customer management, aiding in adherence to regulatory standards.

Enhancing Business Processes with AI

Westpac envisions an overhauled business lending process, utilizing AI to improve effectiveness and decision-making. AI is set to not only streamline credit evaluations but also enhance document handling, communication with customers, and risk management.

Maximizing Data Value

With extensive datasets at its command, Westpac intends to derive insights to refine customer experiences and decision-making. The collaboration with RDC.ai and AWS propels AI trials, unlocking data potential for competitive benefits.

AI in BizEdge and More

Westpac plans to embed AI in its BizEdge tool to cut down on loan application paperwork and elevate customer service. AI will support new bankers in navigating intricate policies and processes, ensuring they achieve high service standards.

Conclusion

Westpac is actively integrating AI into its business banking functions, aiming for comprehensive process optimization and enhanced customer interaction. Through collaborations with RDC.ai and AWS, the bank is poised to transform its lending approach, utilizing AI to extract data insights and streamline operations.

Q: What is the primary goal of Westpac’s AI integration?

A: The objective of Westpac is to enhance efficiency, transparency, and decision-making within its business lending operations through AI integration.

Q: Who are Westpac’s collaborators in AI development?

A: Westpac has established partnerships with RDC.ai and AWS to design and implement AI solutions within its business banking services.

Q: In what way will AI enhance Westpac’s credit evaluation process?

A: AI will empower Westpac to make knowledgeable and transparent credit decisions, ensuring compliance and improved customer management.

Q: What advantages does Westpac anticipate from AI in BizEdge?

A: AI in BizEdge is expected to decrease paperwork, streamline operations, and assist new bankers in navigating policies, thereby improving overall service delivery.