Snapshot Summary
| Sector / Section | Headline Highlights | Count |
|---|---|---|
| DFIR & Incident Response | 02-11-2025 — Optus outage post-mortem reaches Parliament • 02-11-2025 — ASD flags BADCANDY reinfection behaviour | 2 |
| Cyber Investigations | 02-11-2025 — Rogue responders probed | 1 |
| Major Cyber Incidents | No items found in the last 72 hours. | 0 |
| Exploits & Threat Intelligence | 31-10-2025 — ASD advisory on BADCANDY implant • 02-11-2025 — Roundup flags suspected Omnissa supply-chain targeting | 2 |
| Law Enforcement | No items found in the last 72 hours. | 0 |
| Policy | 02-11-2025 — Philippines DICT issues DDoS warning for 05-11 • 01-11-2025 — FCC to vote on rolling back data breach reporting rule | 2 |
| Standards & Compliance | 03-11-2025 — ENISA seeks experts for standardisation working group | 1 |
DFIR & Incident Response
02-11-2025 — Optus outage post-mortem reaches Parliament: Optus CEO apologised for a September emergency-line outage and detailed change-management failures. This matters for IR teams as it underlines the need for rigorous firewall change controls and rollback testing to prevent life-safety impacts.
02-11-2025 — ASD flags BADCANDY reinfection behaviour: ASD warned that BADCANDY on Cisco IOS XE can detect removal and reinstall itself. IR practitioners should verify persistence paths on edge routers and rebaseline devices after patching to avoid rapid re-compromise.
Cyber Investigations
02-11-2025 — Rogue responders probed: Chicago Sun-Times reports incident responders allegedly ran ransomware on clients. This highlights insider risk and the need for vendor due diligence, logging, and conflict-of-interest checks in DFIR engagements.
Major Cyber Incidents
No items found in the last 72 hours.
Exploits & Threat Intelligence
31-10-2025 — ASD advisory on BADCANDY implant: Australia's ASD details detection and removal steps for BADCANDY on network devices. Defenders should hunt for implant indicators, rotate credentials, and confirm device provenance after factory resets.
02-11-2025 — Roundup flags suspected Omnissa supply-chain targeting: Palo Alto’s Unit 42 suspects nation-state malware leveraging Workspace ONE channels. Asset owners using Workspace ONE should validate update chains and increase EDR telemetry on management servers.
Law Enforcement
No items found in the last 72 hours.
Policy
02-11-2025 — Philippines DICT issues DDoS warning for 05-11: Government warns of potential nationwide DDoS on 05-11-2025. Operators should harden edge capacity, validate scrubbing contracts, and rehearse escalation playbooks.
01-11-2025 — FCC to vote on rolling back data breach reporting rule: Plan to revisit provider breach-disclosure rules. If adopted, breach notification timelines for U.S. telecoms could shift, affecting legal and IR coordination across carriers.
Standards & Compliance
03-11-2025 — ENISA seeks experts for standardisation working group: ENISA’s ad-hoc working group on standardisation is open (closes 25-11-2025). This matters for compliance leads because EU NIS2/CRA-aligned standards work will shape future controls and conformance expectations across suppliers.
Editorial Perspective
Telecom resilience and edge-device hygiene remain top priorities, with BADCANDY showing how router implants persist through naive cleanup.
Prepare for DDoS contingencies and supplier due-diligence checks, as both policy signals and investigations highlight increasing scrutiny on operators and contractors.
Track FCC and regional rule changes closely to avoid missteps in incident notification and verify update chains on device management platforms.
Reference Reading
- ASD: BADCANDY advisory (31-10-2025)
- The Register: Infosec in brief incl. BADCANDY & Omnissa (02-11-2025)
- GMA: DICT warns of possible DDoS (02-11-2025)
- Reuters: Optus CEO apology over outage (02-11-2025)
- The Record: FCC to vote on breach rule rollback (01-11-2025)
- Chicago Sun-Times: Rogue responders allegedly ran ransomware (02-11-2025)
Tags
DFIR, Cybersecurity News, Threat Intelligence, Ransomware, Law Enforcement, Cyber Policy, Compliance, EU CRA
