As Black Friday scams surge, Australians face rising threats with $500K lost to fake sites. Meanwhile, Salt Typhoon targets telecom giants in a global espionage campaign. RomCom exploits zero-day vulnerabilities on Firefox and Windows, while Trump eyes an 'AI czar' to reshape US tech policy.
AT A GLANCE:
As Australians dive into Black Friday sales, the Australian Competition and Consumer Commission (ACCC) and media outlets are urging caution against a rise in online shopping scams. Fraudsters are leveraging the shopping frenzy to exploit consumers, with nearly 3,000 fake retail websites identified this year, leading to over $500,000 in reported losses. The fashion and footwear sectors are particularly targeted, with scams disguised as legitimate brand deals to harvest personal and financial data.
Scammers are using sophisticated techniques, including paid ads to appear at the top of search results and social media promotions, to attract unsuspecting shoppers. The National Anti-Scam Centre reports over 2,760 impersonation scams in 2023, a number expected to spike during Black Friday and Cyber Monday, as Australians are predicted to spend $6.36 billion. Authorities warn that holiday stress and enticing discounts make consumers especially vulnerable.
To stay protected, shoppers are advised to verify website authenticity by typing URLs directly, check independent reviews, and be wary of unusually low prices or unusual payment requests. Using secure payment methods like credit cards or PayPal is critical. As the holiday shopping season ramps up, vigilance and proactive measures can help Australians avoid falling victim to scams.
Trend Micro has unveiled a new cyberespionage campaign by the Chinese state-sponsored group Earth Estries, also known as "Salt Typhoon", targeting Southeast Asian telecommunications companies. At the core of this operation is "GHOSTSPIDER," a highly sophisticated, multi-modular backdoor designed to load tailored modules for various purposes. Coupled with the DEMODEX rootkit, the malware facilitates long-term infiltration into critical systems, including database and cloud servers. Disturbingly, the attackers extended their reach by exploiting vendor networks, implanting the DEMODEX rootkit on contractor machines to breach the region’s primary telecom providers, indicating a well-orchestrated and multi-layered espionage effort.
Beyond telecommunications, Salt Typhoon's campaign has impacted over twenty organizations spanning the technology, consulting, chemical, transportation, and government sectors across countries such as Indonesia, Malaysia, Thailand, India, the United States, and Brazil. Victims, many of whom have been compromised for years, highlight the scale and persistence of the group's operations. The breadth of their targets and the extended duration of these intrusions underscore the strategic intent to extract sensitive data and maintain surveillance over critical infrastructure globally.
Security researchers have uncovered two zero-day vulnerabilities actively exploited by RomCom, a Russian-linked cybercrime group, to attack Firefox browser users and Windows device owners across Europe and North America. Known for executing cyberattacks on behalf of the Russian government, RomCom has also been tied to ransomware attacks, including a recent strike on Japanese tech giant Casio. The group targets entities aligned with Ukraine, demonstrating its aggressive and strategic intent.
ESET researchers revealed that RomCom leveraged these zero-day flaws to develop a sophisticated "zero-click" exploit, enabling the installation of malware without user interaction. Victims were compromised after visiting malicious websites controlled by the hackers, allowing RomCom to deploy its backdoor for full device access. The campaign impacted up to 250 victims per country, with most targets in Europe and North America. Firefox maker Mozilla patched the vulnerability on October 9, followed by Microsoft addressing the Windows flaw on November 12. Google’s Threat Analysis Group suggested the exploit may have been used in additional government-backed cyber campaigns, highlighting the growing risks of state-sponsored hacking.
Donald Trump is reportedly considering appointing an "AI czar" within the White House to oversee federal regulation and governmental use of artificial intelligence. This move is part of a broader strategy to position the United States at the forefront of emerging technologies, turning the upcoming election into a significant battleground for tech geopolitics.
In addition to creating the new role, Trump plans to overturn President Joe Biden's comprehensive AI executive order signed in October 2023. He argues that the current regulations hinder innovation by imposing excessive restrictions on the AI industry. Trump believes that a more streamlined, innovation-focused approach is necessary to maintain America's competitive edge in the global tech landscape.
Elon Musk, while not expected to assume the czar role himself, is anticipated to play a pivotal part in shaping AI policy. Alongside Vivek Ramaswamy, Musk is leading the Department of Government Efficiency (DOGE), an external group that will have substantial input on the appointment. Industry insiders express concerns that Musk could leverage his relationship with Trump to benefit his own enterprises, especially given his ownership of AI company xAI.
The potential "AI czar" could also see responsibilities merged with a "crypto czar," reflecting the administration's intent to be highly attentive to emerging technologies. This combined role would focus on mobilizing both public and private resources to maintain America's leadership in AI and cryptocurrency. Collaborating with agency chief AI officers, the czar would work to eliminate inefficiencies and prioritize innovation over regulation.
Chinese firms may ramp up U.S. solar panel production to offset higher tariffs anticipated under Trump's 2025 presidency. Despite policy shifts, strong U.S. solar demand drives adaptation as global clean energy competition intensifies.
Australia has passed groundbreaking legislation banning social media for teens under 16, with platforms like TikTok and Instagram facing AUD $50M fines for violations. PM Albanese calls it a win for parents, ensuring safer online spaces for kids.
Hacker "UnicornLover67" claims to have data on 47,300 Telstra employees, raising concerns in Australia. The UK launches an AI Security Lab to counter Russian cyber threats. The EU's Cyber Resilience Act mandates strict digital security from December 2024, with heavy fines for non-compliance.
Australia’s push for bold social media laws to protect youth faces challenges, Bunnings sparks backlash over its facial recognition rollout, and AI fuels parliamentary security debates. These key issues underscore the growing tension between innovation, governance, and safeguarding privacy rights.
