Cyber Security Headlines: Australia ransom ban, scourge of brand impersonation sites, GitHub gets private reporting

Australia considers ban on ransomware payments

We’ve been covering the details and fallout from the most recent high-profile hack to hit Australia, impacting the insurance provider Medibank. Combined with the Optus breach, personal data on a large percentage of Australians became exposed this year. Now Australia’s home affairs minister Clare O’Neil proposed making ransomware payment illegal, with the aim of decreasing profitability for such breaches. Critics of the proposal say it would move ransom payments underground, using third-parties in other jurisdictions. The government also announced the formation of a new cyber-policing model between the AFP and the Australian Signals Directorate to create a joint standing operation against cyber attacks. 

(InfoSecurity Magazine)

Thousands of sites used for brand impersonation

It turns out massive brand impersonation isn’t just a problem for Twitter these days. According to a report from researchers at Cyjax, China-based threat actors known as Fangxiao operate a massive network of over 42,000 domains, meant to impersonate popular brands. The group isn’t new to the game, first spotting spoofing firms since 2017. It uses the sites to redirect users to adware, dating sites, and fraudulent giveaways, generating revenue from clients who pay for traffic. The sites try to appear convincing, with researchers noting extensive localization options. The group appears to register roughly 300 new brand domains daily. 

(Bleeping Computer)

GitHub gets private reporting 

The code hosting provider announced it now offers a direct channel for security researchers to report vulnerabilities found in public repositories. Previously defaults on GitHub required researchers to report issues using the issues functionality or through a git request. Outside of those approaches, researchers could resort to posting vulnerabilities on blogs or social media. These public means of reporting could tip off a potential attacker. Admins of public repositories must enable the setting to receive private reporting.  

(InfoSecurity Magazine)

SEO campaign hits WordPress sites

Security researchers at Sucuri report that since September 2022, it began tracking a surge in WordPress malware. This malware redirected site visitors to a fake Q&A site. It appears the organizers hope to boost search engine optimization with the campaign. Sucuri’s own SiteCheck scanner detected over 2,500 impacted sites, while PublicWWW results show almost 15,000. The malware does not take a subtle approach, modifying an average of over 100 files per site. Usually this type of malware seeks to limit file modifications to avoid detection. It unclear what initial vector infects the sites. 

(Security Affairs)

Thanks to today’s episode sponsor, AppOmni

Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. 

With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit to request a free risk assessment.

Binance fund hopes to stabilize crypto industry

With the Chapter 11 bankruptcy filing of FTX, it’s a bit of an understatement to say that the cryptocurrency industry is going through a rough time. In the past week, other exchanges saw over $8 billion in cryptocurrency assets withdrawn. Now, Binance CEO Changpeng Zhao announced the exchange would launch an “industry recovery fund, to help projects who are otherwise strong, but in a liquidity crisis.” More details will be announced in the coming days, and Binance will open the fund to co-investors. It’s unclear right now how much money Binance will invest. Last month the company opened the Binance Pool, a $500 million lending pool to help struggling bitcoin miners.


Google agrees to largest consumer privacy settlement

The search giant agreed to pay $391.5 million as part of a settlements with state attorneys general in 40 states over its location tracking behavior. Google also agreed to improve its location tracking disclosures as of 2023. The AGs allege that Google’s settings misled consumers into thinking they had disabled proximity-based data collection. Google claimed that it informed users that turning off location history would still allow Google to collect location data to improve the user experience. The Associated Press first reported on these tracking practices in 2018. 


Assume Zimbra is compromised

That comes from a new alter from the Cybersecurity and Infrastructure Security Agency. It flagged a series of vulnerabilities in the Zumbra Collaboriation Suites being actively exploited by threat actors, resulting in remote code execution and full access to the platform. Zimbra offers a suite of business services including email servers and a messaging web client. Suspected attacks come from across government and private networks. CISA issued guidance to help secure organizations against these malicious attacks, but the overall message remains.

(Dark Reading)

Patch Tuesday breaks authentication

Some of the updates delivered in the most recent Patch Tuesday release from Microsoft caused issues with enterprise domain controllers, resulting in Kerberos sign-in failures on both client and server releases. Bleeping Computer readers report the issues occur in situations where accounts are set to support Kerberos AES 256 bit and 128 bit encryption in Account Options or in Active Directory accounts. Microsoft acknowledged the issue and is working on a fix, saying it is not a result of its previously announced security hardening for Kerberos, which is planned for November. 

(Bleeping Computer)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.