Australia Implements Mandatory Ransomware Payment Disclosure Rules Under New Cyber Security Framework
Phishing Campaign Targets CFOs Globally Using Legitimate NetBird Remote Access Tool
Critical Vulnerability in GitHub MCP Integration Allows Private Repository Data Theft
Critical Flaws Discovered in Popular Software Bill of Materials Generation Tools
Australia Implements Mandatory Ransomware Payment Disclosure Rules Under New Cyber Security Framework
Businesses with annual turnover above $3 million must now report ransom payments within 72 hours or face civil penalties
https://www.legislation.gov.au/F2025L00278/asmade/text
Australia has officially launched its mandatory ransomware payment disclosure requirements, marking a significant milestone in the country's cybersecurity regulatory landscape. The new rules, which took effect on May 30, 2025, under the Cyber Security Act 2024, represent one of the world's most comprehensive approaches to tracking and deterring ransomware payments.
The legislation requires any business with an annual turnover exceeding AUS $3 million ($1.92 million) to report ransomware payments within 72 hours to the Australian Signals Directorate (ASD) and the Department of Home Affairs. The disclosure obligations also extend to entities responsible for critical infrastructure assets, regardless of their revenue threshold. Organisations that fail to meet the 72-hour reporting deadline face potential civil penalties and reputational consequences.
Under the new framework, affected entities must disclose both actual ransomware payments and communications with cybercriminals, providing authorities with unprecedented visibility into the scope and scale of extortion activities targeting Australian businesses. The reporting requirements address a significant threat, as ransomware accounted for approximately 11 percent of cyber incidents reported to the ASD in 2023-2024.
The legislation aims to enhance national threat assessment capabilities while potentially discouraging organisations from capitulating to cybercriminal demands. By mandating transparency around ransom payments, Australian authorities seek to build comprehensive intelligence on ransomware operations and their financial impact on the economy.
Phishing Campaign Targets CFOs Globally Using Legitimate NetBird Remote Access Tool
Multi-stage operation impersonates Rothschild & Co recruiters to deploy remote access software across six regions
Cybersecurity researchers have uncovered a sophisticated spear-phishing campaign targeting Chief Financial Officers and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. The campaign, first detected by Trellix in mid-May 2025, uses a legitimate remote access tool called NetBird to establish persistent access to victim systems while evading traditional security measures.
The attack begins with carefully crafted phishing emails that impersonate recruiters from Rothschild & Co, claiming to offer strategic career opportunities to high-profile financial executives. The emails contain what appears to be a PDF attachment that actually redirects victims to a Firebase-hosted URL requiring CAPTCHA verification. This custom CAPTCHA gate serves as both a defense evasion mechanism and a method to decrypt the real redirect URL using JavaScript, ultimately leading to the download of a malicious ZIP archive containing Visual Basic Scripts.
The multi-stage payload deployment process involves downloading and executing additional VBScript components that ultimately install both NetBird and OpenSSH on the compromised system. The malware creates a hidden local account, enables remote desktop access, and establishes persistence through scheduled tasks while removing NetBird desktop shortcuts to avoid detection. This approach allows attackers to maintain long-term access to financial networks while appearing to use legitimate administrative tools.
The campaign represents a broader trend of cybercriminals leveraging legitimate remote access applications to bypass security controls and establish persistent network presence. Researchers note that adversaries are increasingly relying on tools like ConnectWise ScreenConnect, Atera, Splashtop, and LogMeIn Resolve to burrow into victim networks while simultaneously evading detection. The discovery coincides with the emergence of new Phishing-as-a-Service platforms that lower the technical barriers for conducting sophisticated social engineering attacks, making such targeted campaigns more accessible to a wider range of threat actors.
Critical Vulnerability in GitHub MCP Integration Allows Private Repository Data Theft
https://invariantlabs.ai/blog/mcp-github-vulnerability
Cybersecurity researchers at Invariant Labs have discovered a critical vulnerability in the widely-used GitHub Model Context Protocol (MCP) integration that could allow attackers to steal sensitive data from private repositories. The vulnerability, affecting the GitHub MCP server which has garnered over 14,000 stars on GitHub, enables malicious actors to hijack user agents through crafted GitHub issues and coerce them into leaking confidential information from private repositories.
The attack leverages what researchers call "toxic agent flows," where an agent is manipulated into performing unintended actions through indirect prompt injection. In this scenario, an attacker creates a malicious issue in a publicly accessible repository that contains a hidden prompt injection payload. When a user instructs their AI agent to review open issues in the public repository, the agent encounters the malicious content and can be coerced into accessing private repository data and leaking it through automatically-generated pull requests in the public repository.
Invariant Labs demonstrated the vulnerability using Claude 4 Opus connected to the GitHub MCP server, showing how the attack successfully exfiltrated private information including repository details, personal plans, and even salary information. The vulnerability is particularly concerning because it affects any agent using the GitHub MCP server, regardless of the underlying AI model or implementation, and cannot be resolved through server-side patches alone since it represents a fundamental architectural issue.
To mitigate these risks, security experts recommend implementing granular permission controls that limit agent access to only necessary repositories, following the principle of least privilege. Additionally, organisations should deploy continuous security monitoring solutions and specialised scanners to detect potential exploitation attempts in real-time. The discovery highlights a broader security challenge as the industry rapidly deploys coding agents and AI-powered development tools, emphasizing the need for system-level security measures that complement model-level safeguards.
Critical Flaws Discovered in Popular Software Bill of Materials Generation Tools
https://www.cs.ucr.edu/~heng/pubs/sbom-dsn24.pdf
Security researchers at the University of California, Riverside and Deepbits Technology have uncovered significant vulnerabilities in four widely-used Software Bill of Materials (SBOM) generation tools, revealing that these critical supply chain security instruments are producing incomplete and potentially inaccurate inventories of software components. The comprehensive study analyzed Trivy, Syft, Microsoft SBOM Tool, and GitHub Dependency Graph across 7,876 open-source projects, finding that all four tools exhibit inconsistent outputs and systematic dependency omissions that could leave organizations vulnerable to undetected security risks.
The researchers employed a differential analysis approach to evaluate SBOM generation accuracy, discovering alarming discrepancies between tools when analyzing identical software projects. Their findings revealed that SBOM generators frequently miss over 90% of dependencies in common configuration files like Python's requirements.txt, primarily due to incomplete syntax support and failure to resolve transitive dependencies. The tools also demonstrated inconsistent package naming conventions, with some using colons while others use dots to separate compound package names, potentially compromising vulnerability detection accuracy across different security platforms.
Perhaps most concerning, the research team successfully demonstrated a "parser confusion attack" that exploits the custom metadata parsers used by these SBOM tools. By crafting malicious dependency declarations using unsupported syntax patterns, attackers can inject vulnerable or malicious packages into software projects while evading detection by SBOM generators. The attack leverages the tools' tendency to silently ignore dependencies with unsupported syntax, creating a new vector for supply chain compromise that could allow adversaries to conceal dangerous components within software inventories.
The study's implications are particularly significant given the increasing regulatory emphasis on SBOM adoption following President Biden's executive order on cybersecurity and rising software supply chain attacks, which increased by 742% between 2019 and 2022. To address these vulnerabilities, researchers recommend implementing package manager dry runs for lockfile generation, adopting standardized package identification formats, and deploying specialized security scanners designed for SBOM validation. The team has released a benchmark dataset to help improve future SBOM generation tools and is working with the cybersecurity community to develop more robust supply chain security solutions.
Microsoft Authenticator Begins Warning Users to Export Passwords Before July Deadline
Microsoft has begun issuing urgent notifications through its Authenticator app, warning users that the password autofill feature will be discontinued in July 2025. The company is directing users to export their saved passwords or migrate to Microsoft Edge before the functionality becomes unavailable. Users now see fullscreen banners stating that autofill via Authenticator ends in July, with options to export password data or enable Edge as their primary autofill provider.
The deprecation follows a phased timeline that significantly impacts millions of users who rely on the free mobile authenticator app for password management alongside its multi-factor authentication capabilities. Starting in June 2025, users will no longer be able to save new passwords in Authenticator, followed by the complete removal of autofill functionality in July. By August 2025, all saved passwords will become completely inaccessible within the application, marking the end of Authenticator's role as a password manager.
Microsoft is positioning Edge as the primary replacement for users who want to maintain seamless password autofill functionality. The company emphasizes that saved passwords are securely synced to Microsoft accounts, making them automatically accessible through Edge once the Authenticator feature is deprecated. The support documentation highlights Edge's enhanced security features, including Microsoft Defender SmartScreen and Password Monitor, as additional benefits of the transition.
For users who prefer alternative password management solutions, Microsoft provides an export option through the Authenticator settings, allowing passwords to be saved as CSV files for import into third-party password managers. This move represents a significant shift in Microsoft's authentication strategy, consolidating password management functionality within its Edge browser while maintaining Authenticator's focus on multi-factor authentication methods such as time-based one-time passwords and biometric confirmations.
Special thanks to Justin Butterfield and J A Zien for contributing to this week’s articles
Share this post