The Medusa ransomware group has escalated its tactics, deploying a malicious driver dubbed ABYSSWORKER to disable endpoint detection and response (EDR) solutions . This attack is part of a growing trend of bring-your-own-vulnerable-driver (BYOVD) techniques , where attackers exploit trusted but vulnerable drivers to gain deep system access. What Happened? Elastic Security Labs recently detailed a Medusa ransomware incident involving a packer-as-a-service (PaaS) tool called HeartCrypt . The HeartCrypt loader deployed a revoked certificate-signed driver — "smuol.sys" , mimicking a legitimate CrowdStrike Falcon driver. Once installed, the ABYSSWORKER driver began systematically terminating or disabling various security tools . The driver was signed using stolen, revoked certificates from Chinese vendors, giving it a veneer of legitimacy and allowing it to bypass traditional security controls . How ABYSSWORKER Works Once deployed, the ABYSSWORKER driver: Registers ...

  The HR technology space is no stranger to competition, but the legal battle between Rippling and Deel has pushed industry rivalries to an entirely new level. Rippling has accused Deel of corporate espionage , alleging that a Deel-planted insider exfiltrated customer data, trade secrets, and competitive intelligence over a four-month period. This case is more than just a lawsuit—it’s a real-world example of how insider threats can go undetected and how businesses can strengthen their security measures to prevent similar breaches. What Happened? According to Rippling’s lawsuit, filed on March 17, 2025 , a former employee —allegedly acting on behalf of Deel—conducted an extensive data theft operation from inside the company. The individual reportedly accessed: Confidential customer data Competitive intelligence stored in Slack, Salesforce, and Google Drive Trade secrets and internal strategies Employee data for targeted recruiting Court documents reveal that on a...

Cybercriminals are increasingly exploiting OAuth applications as an attack vector to gain unauthorised access to user accounts, steal data, and spread malware . Recent campaigns have shown a growing sophistication in how attackers abuse OAuth permissions to bypass traditional security measures. A recent wave of attacks has leveraged fake OAuth applications impersonating Adobe, DocuSign, and GitHub security alerts . These malicious apps trick users into granting permissions that allow attackers to redirect victims to phishing pages, distribute malware, or gain full access to cloud accounts and repositories . This article breaks down the latest OAuth attack techniques , how they exploit legitimate services , and what organisations can do to mitigate these threats . How Malicious OAuth Attacks Work OAuth is a widely used authorisation framework that allows applications to request access to user accounts without requiring passwords . While OAuth enhances security by reducing crede...

  Cyber threats are increasing in both frequency and sophistication , making it essential for organisations to strengthen their cybersecurity posture. To address these risks, the Australian Cyber Security Centre (ACSC) developed the Essential Eight cybersecurity framework —a strategic approach to mitigating common cyber threats . While the Essential Eight is mandatory for non-corporate Commonwealth entities (NCCEs) , private businesses are strongly encouraged to adopt these security measures. Implementing the framework can significantly reduce cyber risks, prevent financial losses, and enhance overall resilience . This guide will explain the Essential Eight framework, its benefits for businesses , and the practical steps organisations can take to align with its recommendations . What is the Essential Eight? The Essential Eight is a cybersecurity framework developed by the ACSC to help organisations protect their systems from cyber threats . First introduced in 2017, it expands o...