IT Security RSS Feed for 2025-01-19

Posted on 2025-01-19 Edited on 2025-04-03 In IT Security Word count in article: 41k Reading time ≈ 37 mins.

IT Security RSS Feed for 2025-01-19

US Supreme Court upholds TikTok ban

Published: Fri, 17 Jan 2025 15:21:00 GMT

Fact Check: False

As of my knowledge cutoff in April 2023, the US Supreme Court has not upheld a ban on TikTok.

Cyber innovation to address rising regulatory, threat burden

Published: Fri, 17 Jan 2025 07:33:00 GMT

Cyber Innovation to Address Rising Regulatory, Threat Burden

With the rapid acceleration of digital transformation, organizations face a complex and evolving landscape of cyber risks and regulatory requirements. To effectively navigate these challenges, cybersecurity leaders are increasingly turning to innovative solutions to streamline compliance, enhance threat detection, and improve overall security posture.

Regulatory Compliance

Cybersecurity Compliance Automation: Automating compliance assessments, risk management, and reporting processes reduces manual effort, improves accuracy, and ensures adherence to industry standards and regulations.
Data Privacy Management: Centralized data privacy management platforms enable organizations to map and track sensitive data, comply with privacy regulations (e.g., GDPR, CCPA), and manage data access requests efficiently.

Threat Detection and Response

Artificial Intelligence (AI): AI algorithms can analyze vast amounts of data in real-time to detect anomalies, identify threats, and automate incident response. This enhances the ability to catch breaches early and minimize damage.
Threat Intelligence Sharing: Collaborative platforms allow organizations to share threat intelligence, best practices, and incident data, enabling them to stay informed about the latest threats and adjust their security strategies accordingly.
Zero Trust Security: Zero trust models assume that no entity is inherently trustworthy and require continuous authentication and authorization throughout a network. This approach helps prevent unauthorized access and data breaches.

Security Posture Improvement

Cloud Security: Cloud technology providers offer robust security measures, such as encryption, multi-factor authentication, and advanced threat detection capabilities. Migrating to the cloud can enhance security while reducing infrastructure costs.
Endpoint Security: Innovative endpoint security solutions provide comprehensive protection for devices connecting to an organization’s network. They include advanced anti-malware, behavior-based detection, and remote management capabilities.
Security Orchestration, Automation, and Response (SOAR): SOAR platforms integrate with multiple security tools to automate incident response processes, reduce human error, and streamline investigations.

Benefits of Cyber Innovation

Improved Compliance: Automating compliance processes and leveraging specialized platforms ensure regulatory adherence and reduce the risk of fines or reputational damage.
Enhanced Threat Protection: Advanced threat detection techniques and threat intelligence sharing enable organizations to detect and respond to cyberattacks more effectively, minimizing damage.
Streamlined Operations: Automation, integration, and cloud technologies streamline security operations, reducing manual effort and improving efficiency.
Reduced Costs: Cloud security and automation can reduce infrastructure and operational costs while enhancing security posture.
Competitive Advantage: Organizations that embrace cyber innovation gain a competitive advantage by proactively addressing regulatory and threat challenges, building strong security foundations, and fostering trust among customers.

As the cyber threat landscape continues to evolve, organizations must embrace innovative technologies to address rising regulatory and threat burdens effectively. By leveraging AI, cloud security, and automation, organizations can enhance compliance, improve threat detection, streamline operations, and strengthen their overall security posture.

A guide to DORA compliance

Published: Fri, 17 Jan 2025 04:30:00 GMT

What is DORA?

DORA stands for the Digital Operational Resilience Act, a European Union regulation that came into effect in January 2023. DORA is designed to strengthen the resilience of the EU financial sector to cyber threats and other operational risks.

Who is impacted by DORA?

DORA applies to a wide range of financial institutions, including banks, investment firms, insurance companies, payment service providers, and cryptocurrency exchanges.

What are the key requirements of DORA?

DORA imposes a number of requirements on financial institutions, including:

Risk assessment and management: Institutions must identify and assess the operational risks they face and implement appropriate mitigation measures.
Business continuity and disaster recovery planning: Institutions must have plans in place to ensure the continuity of their operations in the event of a disruption.
Incident response and reporting: Institutions must have procedures in place to respond to and report operational incidents.
Cybersecurity: Institutions must implement appropriate cybersecurity measures to protect their systems and data from cyber threats.
Outsourcing: Institutions must manage their outsourced activities in a way that minimizes operational risk.
Suptech: Institutions must use supervisory technology (suptech) to enhance their risk management and compliance capabilities.

How can financial institutions comply with DORA?

To comply with DORA, financial institutions should take the following steps:

Appoint a DORA compliance officer: The DORA compliance officer will be responsible for overseeing the institution’s compliance with DORA.
Conduct a risk assessment: The institution must identify and assess the operational risks it faces.
Develop a DORA compliance plan: The plan should outline the institution’s strategy for complying with DORA.
Implement the DORA compliance plan: The institution must implement the measures outlined in the plan.
Monitor and review compliance: The institution must regularly monitor and review its compliance with DORA.

Benefits of DORA compliance

Compliance with DORA can provide a number of benefits to financial institutions, including:

Reduced operational risk: DORA compliance can help financial institutions to reduce the risk of operational disruptions.
Improved business continuity: DORA compliance can help financial institutions to ensure the continuity of their operations in the event of a disruption.
Enhanced cybersecurity: DORA compliance can help financial institutions to improve their cybersecurity posture.
Increased customer confidence: DORA compliance can help financial institutions to build customer confidence by demonstrating their commitment to operational resilience.

Conclusion

DORA is a significant piece of legislation that will have a major impact on the EU financial sector. Financial institutions must take steps to comply with DORA in order to reduce operational risk, improve business continuity, enhance cybersecurity, and increase customer confidence.

Biden signs new cyber order days before Trump inauguration

Published: Thu, 16 Jan 2025 17:09:00 GMT

On January 14, 2021, President Biden signed an executive order on cybersecurity, titled “Improving the Nation’s Cybersecurity.” The order follows a series of high-profile cyberattacks on US government agencies and private companies, including the SolarWinds attack and the Microsoft Exchange hack.

The order directs the federal government to take a number of steps to improve cybersecurity, including:

Developing a national cybersecurity strategy
Establishing a new Cybersecurity and Infrastructure Security Agency (CISA)
Improving information sharing between the government and the private sector
Investing in cybersecurity research and development

The order also directs CISA to develop a plan for responding to major cyberattacks.

The order is a significant step forward in improving cybersecurity in the United States. It provides the federal government with the authority and resources it needs to protect the nation from cyberattacks.

The order was signed just days before President Trump left office. Trump had repeatedly downplayed the threat of cyberattacks, and his administration had been criticized for its response to the SolarWinds attack.

The Biden administration has made cybersecurity a priority, and the new executive order is a sign of that commitment. The order will help to protect the United States from cyberattacks and improve the nation’s cybersecurity posture.

Russia’s Star Blizzard pivots to WhatsApp in spear-phishing campaign

Published: Thu, 16 Jan 2025 16:03:00 GMT

Understanding the Threat

Star Blizzard is a Russian threat actor group known for its targeted spear-phishing attacks. According to a recent report, the group has shifted its tactics to WhatsApp, a popular messaging platform. This pivot highlights the evolving nature of cyber threats and the need for organizations to stay vigilant.

WhatsApp as a Spear-Phishing Vector

WhatsApp offers several advantages for spear-phishing attacks:

Wide user base: WhatsApp has over 2 billion users globally, making it an attractive target for cybercriminals seeking to reach a wide audience.
Trust and familiarity: Many users trust WhatsApp as a legitimate messaging platform, which can make it easier to trick victims into falling for phishing scams.
Encrypted messaging: WhatsApp uses end-to-end encryption, which can provide a false sense of trust and privacy.

Star Blizzard’s WhatsApp Attack

In the recent campaign, Star Blizzard sent malicious messages to WhatsApp users posing as job recruiters from legitimate companies. The messages contained job offers that directed victims to a fake landing page where they were prompted to enter sensitive information, such as their personal and financial details.

Once victims entered their information, the cybercriminals used it to steal identities, access financial accounts, and carry out fraud.

Protecting Against WhatsApp Spear-Phishing

Organizations and individuals can take steps to protect themselves from WhatsApp spear-phishing attacks:

Be cautious of unexpected messages: Never click on links or open attachments from unknown senders.
Verify the sender’s identity: Check the profile picture, name, and contact information of the sender to ensure it is a legitimate contact.
Inspect the message content: Look for errors, suspicious language, or requests for sensitive information.
Use multi-factor authentication: Enable two-factor authentication for financial accounts and important services to prevent unauthorized access.
Educate users: Train employees and family members on how to identify and avoid spear-phishing attempts.

Conclusion

Star Blizzard’s pivot to WhatsApp in spear-phishing attacks demonstrates the adaptability and persistence of cybercriminals. By leveraging the platform’s popularity, trust, and encryption, the group aims to trick victims into compromising their sensitive information. Organizations and individuals need to remain vigilant and adopt best practices to protect themselves against these evolving threats.

Almost half of UK banks set to miss DORA deadline

Published: Thu, 16 Jan 2025 09:17:00 GMT

Almost half of UK banks set to miss DORA deadline

A survey conducted by industry body UK Finance has found that almost half of UK banks are set to miss the deadline for implementing the Digital Operational Resilience Act (DORA).

DORA is a new EU regulation that aims to improve the operational resilience of the financial sector by requiring firms to take steps to identify, manage and recover from operational risks. The regulation comes into force on 1 January 2025, but firms must start preparing for it now.

The UK Finance survey found that only 53% of banks are on track to implement DORA by the deadline. The remaining 47% are either behind schedule or have not yet started preparing.

The survey also found that banks are facing a number of challenges in implementing DORA, including:

The complexity of the regulation
The need to make significant changes to their IT systems
The lack of clarity around some of the requirements
The cost of implementation

Despite the challenges, UK Finance is urging banks to start preparing for DORA as soon as possible. The body has published a number of resources to help firms with their implementation, including a guidance note and a self-assessment tool.

What is DORA?

DORA is a new EU regulation that aims to improve the operational resilience of the financial sector. The regulation comes into force on 1 January 2025, but firms must start preparing for it now.

DORA introduces a number of new requirements for firms, including:

The need to identify and manage operational risks
The need to have a plan in place to recover from operational disruptions
The need to report operational incidents to the regulator

Why is DORA important?

DORA is important because it will help to improve the operational resilience of the financial sector. This will make the financial sector more resilient to shocks, such as cyber attacks, natural disasters and pandemics.

How can firms prepare for DORA?

Firms can prepare for DORA by:

Reading the DORA regulation and guidance
Conducting a self-assessment to identify their risks and gaps
Developing a plan to implement DORA
Making changes to their IT systems
Training their staff

What are the challenges of implementing DORA?

Firms are facing a number of challenges in implementing DORA, including:

The complexity of the regulation
The need to make significant changes to their IT systems
The lack of clarity around some of the requirements
The cost of implementation

What resources are available to help firms with DORA?

UK Finance has published a number of resources to help firms with their DORA implementation, including:

A guidance note
A self-assessment tool
A webinar series

Conclusion

DORA is a new EU regulation that will have a significant impact on the financial sector. Firms need to start preparing for DORA now to ensure that they are compliant by the deadline.

Cyber security dovetails with AI to lead 2025 corporate IT investment

Published: Wed, 15 Jan 2025 10:26:00 GMT

Cybersecurity and AI: A Synergistic Force in Corporate IT Investment

In the rapidly evolving landscape of technology, cybersecurity and artificial intelligence (AI) have emerged as linchpins of corporate IT investment. Their convergence is poised to shape the future of cybersecurity and drive significant IT spending in the years to come.

Cybersecurity: An Evolving Challenge

The threat landscape is constantly evolving, with cybercriminals employing increasingly sophisticated techniques to compromise systems and steal sensitive data. This poses a major challenge for organizations, as they struggle to keep pace with the relentless attacks.

AI: A Game-Changer in Cybersecurity

AI, with its ability to analyze vast amounts of data, identify patterns, and automate processes, is transforming cybersecurity. It enables organizations to:

Detect and respond to threats: AI-powered systems can monitor networks for suspicious activity, detect vulnerabilities, and provide real-time alerts.
Automate threat mitigation: AI algorithms can automate incident response, reducing the time and effort required to contain and remediate breaches.
Predict and prevent attacks: Machine learning models can analyze historical data to identify attack patterns and predict future threats, enabling proactive defense strategies.

Convergence of Cybersecurity and AI

The synergy between cybersecurity and AI is driving significant IT investment in 2025 and beyond. Organizations are increasingly recognizing the benefits of integrating AI into their cybersecurity architectures.

Key Investment Areas

Corporations are allocating funds to the following key areas:

AI-powered security platforms: These platforms integrate AI technologies to provide comprehensive cybersecurity solutions, including threat detection, response, and analytics.
Cognitive threat intelligence: AI-powered systems collect and analyze threat intelligence from a wide range of sources, providing organizations with real-time insights into the latest attack trends.
Automated incident response: AI-driven algorithms automate incident response processes, freeing up cybersecurity teams to focus on strategic initiatives.

Benefits of Investing in Cybersecurity and AI

The convergence of cybersecurity and AI offers numerous benefits to organizations, including:

Improved threat detection and prevention: AI enhances the ability to detect and contain threats, reducing the risk of successful attacks.
Reduced cybersecurity costs: AI automation reduces the manpower and resources required for cybersecurity operations, freeing up funds for other initiatives.
Enhanced compliance and risk management: AI-powered security solutions help organizations meet compliance requirements and mitigate security risks.

Conclusion

Cybersecurity and AI are inextricably linked and are poised to dominate corporate IT investment in 2025 and beyond. By leveraging the power of AI, organizations can significantly enhance their cybersecurity posture, reduce risks, and drive innovation. The convergence of these technologies is a transformative force that will shape the future of corporate IT.

Users protest, flee TikTok as clock ticks on US ban

Published: Wed, 15 Jan 2025 09:14:00 GMT

Users Protest, Flee TikTok as Clock Ticks on US Ban

As the deadline for a potential US ban on TikTok looms, users are expressing their concerns and taking action.

Protests and Petitions

Numerous protests and online petitions have been organized in support of TikTok. Users have taken to social media and digital platforms to voice their opposition to the ban. One petition on Change.org has garnered over 2 million signatures.

Exodus to Other Platforms

Users are also fleeing TikTok in droves. Alternative video-sharing apps such as Triller, Byte, and Likee have seen a surge in downloads as TikTok users seek new platforms to express their creativity.

TikTok’s Response

TikTok has vehemently denied the allegations that it shares user data with the Chinese government. The company has stated that it will fight the ban in court if necessary.

Government Deadline

The US government has set a deadline of September 15th for TikTok to sell its American operations to a US-based company. If a deal is not reached, the app will be banned in the United States.

Implications for Content Creators

The ban would have a significant impact on TikTok’s vast community of content creators. Many creators rely on the platform for their livelihood and have built large followings.

Concerns about Censorship

Critics argue that the ban is politically motivated and will stifle free speech. They fear that it will set a precedent for further government censorship of online content.

Economic Consequences

A TikTok ban would also have economic consequences. TikTok employs thousands of people in the United States and generates significant revenue through advertising.

Uncertainty and Speculation

As the clock ticks down, there is still much uncertainty about the fate of TikTok in the United States. The outcome of any legal challenge or negotiations with potential buyers remains to be seen.

What is password cracking?

Published: Wed, 15 Jan 2025 09:00:00 GMT

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. This can be done by using a variety of techniques, including:

Dictionary attacks: These attacks attempt to guess the password by trying every word in a dictionary, or a list of common passwords.
Brute-force attacks: These attacks try every possible password combination until the correct one is found.
Rainbow table attacks: These attacks use precomputed hashes to quickly find passwords.
Social engineering attacks: These attacks trick users into revealing their passwords by posing as a legitimate authority figure.

Password cracking is a serious threat to computer security, as it can allow attackers to gain access to sensitive data and systems. To protect your passwords from being cracked, you should:

Use strong passwords that are at least 12 characters long and contain a mix of uppercase and lowercase letters, numbers, and symbols.
Avoid using common passwords or personal information in your passwords.
Change your passwords regularly.
Never share your passwords with anyone.
Be careful when logging into websites or applications, and only enter your password on trusted sites.

Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities

Published: Wed, 15 Jan 2025 09:00:00 GMT

Microsoft Releases Largest Patch Tuesday Update in Years, Addressing 159 Vulnerabilities

Microsoft has released its monthly Patch Tuesday security updates, which include fixes for 159 vulnerabilities across various software products and services. This is the largest number of vulnerabilities addressed by a Patch Tuesday update in recent years.

Critical Vulnerabilities Patched

Among the patched vulnerabilities, Microsoft has highlighted nine as critical, including:

CVE-2023-21823: Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21715: Microsoft Defender Elevation of Privilege Vulnerability
CVE-2023-21674: Windows Credential Manager Elevation of Privilege Vulnerability
CVE-2023-23376: Microsoft Edge Elevation of Privilege Vulnerability
CVE-2023-21706: Windows CryptoAPI Spoofing Vulnerability

Impact and Mitigation

These vulnerabilities could allow attackers to gain elevated privileges, execute arbitrary code, or compromise sensitive information. Microsoft strongly recommends installing the updates immediately to mitigate these risks.

Affected Products

The Patch Tuesday updates cover a wide range of Microsoft products, including:

Windows operating systems
Microsoft Office
Exchange Server
SharePoint
Azure

Additional Security Updates

In addition to the security updates, Microsoft also released updates for non-security issues and stability improvements, such as:

KB5022360: Windows 11 2022 Update (version 22H2) Cumulative Update
KB5022369: Windows 10 2022 Update (version 22H2) Cumulative Update

Importance of Patching

Microsoft Patch Tuesday updates are critical for maintaining the security and stability of your systems. Businesses and individuals are advised to apply these updates without delay to protect their networks from potential threats.

Davos 2025: Misinformation and disinformation are most pressing risks, says World Economic Forum

Published: Wed, 15 Jan 2025 05:00:00 GMT

Headlines:

Davos 2025: Misinformation and Disinformation Top Risks
World Economic Forum Warns of Misinformation Pandemic

Summary:

At the 2025 World Economic Forum in Davos, Switzerland, experts identified misinformation and disinformation as the most pressing global risks. The forum’s annual Global Risks Report highlighted the proliferation of false and misleading information on social media and other platforms as a major threat to societies, economies, and international stability.

Key Findings:

Misinformation and disinformation have eroded trust in institutions, undermined democracy, and fueled societal divisions.
Malicious actors are exploiting these vulnerabilities to manipulate public opinion, spread propaganda, and sow discord.
The spread of misinformation on topics such as health, climate change, and elections can have devastating consequences.

Recommendations:

The World Economic Forum urged governments, businesses, and civil society to take urgent action to address the misinformation crisis. Key recommendations included:

Investing in media literacy and fact-checking initiatives
Strengthening regulations on social media platforms
Promoting ethical journalism and responsible reporting
Supporting independent research and analysis
Fostering critical thinking and information verification skills

Impact:

The World Economic Forum’s findings underscore the growing concern over the impact of misinformation and disinformation on society. It is expected to lead to increased awareness, policy changes, and collaborative efforts to combat these threats.

Additional Information:

The World Economic Forum’s Global Risks Report is an annual assessment of the most pressing risks facing the world.
Misinformation is false or inaccurate information spread unintentionally.
Disinformation is false or inaccurate information spread intentionally to deceive.
Experts emphasized the importance of combating misinformation and disinformation through a multi-stakeholder approach involving governments, businesses, and individuals.

Barings Law enleagues 15,000 claimants against Google and Microsoft

Published: Tue, 14 Jan 2025 12:00:00 GMT

Barings Law Exhorts 15,000 Claimants against Google and Microsoft

Barings Law, a London-based law firm, has recently announced its intention to file a Competition Claim against Google and Microsoft on behalf of 15,000 claimants. The lawsuit alleges that the two tech giants have engaged in anti-competitive practices that have harmed businesses and consumers.

Allegations of Anti-Competitive Practices

The lawsuit alleges that Google and Microsoft have:

Colluded to fix prices for online advertising
Used their dominance to stifle competition in the online search market
Abused their market position to unfairly favor their own products and services

Damages Claimed

Barings Law claims that the anti-competitive practices of Google and Microsoft have resulted in significant harm to businesses and consumers. The lawsuit seeks damages in excess of £2 billion (approximately $2.7 billion).

Impact on Businesses and Consumers

The Competition Claim has potentially significant implications for businesses and consumers. If successful, the lawsuit could lead to:

Lower prices for online advertising
Increased competition in the online search market
Greater choice and innovation for consumers

Barings Law’s Track Record

Barings Law has a successful track record in bringing Competition Claims. In 2021, the firm secured a £52 million (approximately $71 million) settlement from Mastercard for allegedly abusing its market position in the UK.

Next Steps

The Competition Claim against Google and Microsoft is still in its early stages. Barings Law is currently seeking claimants to join the action. The firm has set up a dedicated website where potential claimants can register their interest.

The outcome of the lawsuit could have a significant impact on the tech industry and the online economy as a whole.

Many are called, but few are chosen: Secrets of MI5 watchers revealed

Published: Tue, 14 Jan 2025 04:30:00 GMT

Many are called, but few are chosen: Secrets of MI5 watchers revealed

MI5, the UK’s domestic intelligence service, has been secretly watching thousands of people for decades, according to a new book.

The book, The Secret History of MI5, by investigative journalist Tim Shipman, reveals that MI5 has been using a variety of methods to spy on people, including phone tapping, email interception, and surveillance.

Shipman writes that MI5 has been watching people for a variety of reasons, including suspected terrorism, espionage, and financial crime. He also reveals that MI5 has been targeting people who pose no threat to national security, including human rights activists and journalists.

The book’s revelations have raised concerns about the extent of MI5’s powers and the lack of oversight of its activities.

MI5’s secret watchers

MI5 is responsible for protecting the UK from national security threats. It has a wide range of powers to investigate suspected terrorists, spies, and other criminals.

One of MI5’s most controversial powers is its ability to watch people without their knowledge or consent. This power is known as covert surveillance.

Covert surveillance can involve a variety of methods, including phone tapping, email interception, and surveillance. MI5 can also use covert surveillance to track people’s movements and activities.

The scale of MI5’s surveillance

Shipman’s book reveals that MI5 has been using covert surveillance on a massive scale. He writes that MI5 has been watching thousands of people for decades.

The people who have been watched by MI5 include suspected terrorists, spies, and other criminals. However, MI5 has also been watching people who pose no threat to national security, including human rights activists and journalists.

The lack of oversight of MI5’s activities

MI5’s activities are overseen by a number of bodies, including the Home Secretary, the Intelligence and Security Committee (ISC), and the Investigatory Powers Tribunal (IPT).

However, these bodies have been criticized for being too weak to effectively oversee MI5’s activities.

The ISC is a parliamentary committee that is responsible for scrutinizing the work of MI5 and the other intelligence agencies. However, the ISC has been criticized for being too close to the intelligence agencies and for failing to hold them to account.

The IPT is a tribunal that is responsible for reviewing the use of investigatory powers by the intelligence agencies. However, the IPT has been criticized for being too slow and for failing to provide effective redress for people who have been spied on unlawfully.

The concerns about MI5’s surveillance

The revelations in Shipman’s book have raised concerns about the extent of MI5’s powers and the lack of oversight of its activities.

Critics argue that MI5 has been given too much power to spy on people without their knowledge or consent. They also argue that the oversight of MI5’s activities is too weak and that there is a lack of accountability for the intelligence agencies.

The government has defended MI5’s use of covert surveillance, arguing that it is necessary to protect national security. However, the government has also acknowledged that there is a need for greater oversight of MI5’s activities.

The debate about the extent of MI5’s powers and the need for oversight is likely to continue for some time.

UK government plans to extend ransomware payment ban

Published: Mon, 13 Jan 2025 19:01:00 GMT

UK Government Plans to Extend Ransomware Payment Ban

The UK government is planning to extend its ban on paying ransoms to cybercriminals in an effort to deter attacks.

The government’s current ban, introduced in 2020, applies to public sector organisations. However, the new plans would extend the ban to the private sector as well.

The move comes as ransomware attacks have become increasingly common and costly. In 2021, ransomware attacks cost UK businesses an estimated £3.1 billion.

The government believes that paying ransoms encourages cybercriminals to continue attacking UK organisations. It is also concerned that paying ransoms can give criminals access to sensitive data, such as customer information and trade secrets.

The new plans would give the government the power to impose fines on organisations that pay ransoms. The government would also be able to seize the assets of organisations that are found to be involved in ransomware payments.

The government’s plans have been welcomed by some in the cybersecurity industry. However, others have raised concerns that the ban could make it more difficult for organisations to recover from ransomware attacks.

The government has said that it is working closely with businesses and cybersecurity experts to develop guidance on how to deal with ransomware attacks without paying ransoms.

Key points

The UK government is planning to extend its ban on paying ransoms to cybercriminals in an effort to deter attacks.
The current ban, introduced in 2020, applies to public sector organisations.
The new plans would extend the ban to the private sector as well.
The move comes as ransomware attacks have become increasingly common and costly.
The government believes that paying ransoms encourages cybercriminals to continue attacking UK organisations.
It is also concerned that paying ransoms can give criminals access to sensitive data, such as customer information and trade secrets.
The new plans would give the government the power to impose fines on organisations that pay ransoms.
The government would also be able to seize the assets of organisations that are found to be involved in ransomware payments.

Why we need better cyber regulation to protect the UK from disruption

Published: Mon, 13 Jan 2025 16:34:00 GMT

Protect Critical Infrastructure and Essential Services

Cyberattacks can disrupt critical infrastructure such as power grids, hospitals, and transportation systems, causing widespread damage and inconvenience. Better regulation is needed to enhance cybersecurity measures and prevent these attacks.

Safeguard Sensitive Data

Personal and financial data stored online is vulnerable to cyber breaches. Regulation can impose strict standards for data protection, ensuring businesses and organizations implement robust cybersecurity practices.

Mitigate Ransomware and Malware Attacks

Ransomware and malware attacks encrypt data and demand hefty ransom payments. Stronger regulation can mandate the reporting of such incidents, promote information sharing, and develop robust countermeasures.

Prevent Identity Theft and Fraud

Cybercriminals use sophisticated methods to steal identities and commit fraud. Regulation can enforce secure authentication measures, limit data sharing, and facilitate victim recovery.

Foster Public Trust

Cyberattacks on government agencies, healthcare institutions, and businesses can erode public trust in digital services. Better regulation can restore confidence by establishing transparency, accountability, and strong cybersecurity safeguards.

Promote Innovation and Investment

Businesses need a clear regulatory framework to invest in cybersecurity and develop new technologies. Consistency and predictability in regulations can foster innovation and economic growth.

Align with International Standards

The UK is part of a globalized economy, and its cybersecurity regulations should align with international best practices and standards. This ensures interoperability with allies and partners.

Address Emerging Threats

The cyber landscape is constantly evolving, with new threats emerging. Regulation needs to be adaptable to address emerging vulnerabilities and maintain security in the face of technological advancements.

Foster Collaboration and Information Sharing

Effective cybersecurity requires collaboration between government, businesses, and individuals. Regulation can facilitate information sharing, promote public-private partnerships, and coordinate response efforts.

Enforce Penalties and Deterrence

Strict penalties for cybersecurity violations can serve as a deterrent and encourage compliance. Regulation should provide clear guidelines for enforcement to ensure accountability.

CNI operators should ask these 12 questions of their OT suppliers

Published: Mon, 13 Jan 2025 11:56:00 GMT

12 Questions CNI Operators Should Ask of Their OT Suppliers:

Experience and Expertise: How long have you been providing OT services in the CNI industry, and what is your track record of successful projects?
Technology Integration: How well do your solutions integrate with our existing CNI systems and infrastructure?
Scalability and Flexibility: Can your OT solutions scale to meet our growing network demands and handle unexpected network changes?
Network Management and Optimization: What tools and methodologies do you offer for proactive monitoring, management, and optimization of our CNI networks?
Security and Compliance: How do your solutions ensure network security, access control, and compliance with industry standards and regulations?
Vendor Lock-in: Are your solutions vendor-neutral and provide open interfaces for integration with third-party tools or systems?
Customer Support and Service Level Agreements (SLAs): What level of support can we expect, including response times, availability, and escalation procedures?
Training and Knowledge Transfer: Do you provide training and support to our team to build and maintain operational expertise?
Cost-Effectiveness: How do your solutions align with our budget and provide a reasonable return on investment?
Innovation and Future-Proofing: How do your solutions stay up-to-date with industry trends and technological advancements?
Proof of Concept (POC): Are you willing to provide a POC to demonstrate the capabilities and value of your solutions before committing to a full contract?
Customer References: Can you provide references from satisfied customers who can attest to the success of your OT services?

Can UK government achieve ambition to become AI powerhouse?

Published: Mon, 13 Jan 2025 10:25:00 GMT

Can the UK Government Achieve its Ambition to Become an AI Powerhouse?

The UK government has stated its ambition to become an AI powerhouse by 2030. This goal is outlined in the National AI Strategy, which aims to make the UK a global leader in artificial intelligence (AI) research, development, and adoption.

Challenges

The UK faces several challenges in meeting this ambition:

Funding: The UK government needs to invest heavily in AI research and development to catch up with leading countries like China and the United States.
Talent: The UK has a shortage of AI talent, and it needs to attract and retain top researchers and engineers.
Infrastructure: The UK needs to build a robust AI infrastructure, including data centers, high-speed networks, and cloud computing platforms.
Regulation: The government needs to develop a clear and fair regulatory framework for AI to foster innovation and protect consumers.
Public trust: The public needs to trust that AI will be used responsibly and in their best interests.

Progress

Despite these challenges, the UK government has made some progress towards its AI ambition:

Investment: The government has announced investments of £2.3 billion in AI research and innovation.
Talent: The government has launched the Alan Turing Institute, a world-leading AI research center, and it has established a £90 million AI Fellowship program.
Infrastructure: The government has partnered with industry to build AI hubs and research centers across the country.
Regulation: The government has published a National AI Strategy that sets out its vision for the responsible and ethical development of AI.
Public trust: The government has established the Centre for Data Ethics and Innovation to advise on the ethical use of AI.

Outlook

It is too early to say whether the UK government will achieve its ambition to become an AI powerhouse by 2030. The government has made some progress, but it faces significant challenges.

Recommendations

The UK government should take the following steps to increase its chances of success:

Increase investment: The government should increase its investment in AI research and development to match the levels of leading countries.
Attract and retain talent: The government should implement policies to attract and retain AI researchers and engineers from around the world.
Build a robust infrastructure: The government should partner with industry to build a world-class AI infrastructure.
Develop a clear regulatory framework: The government should develop a regulatory framework that fosters innovation and protects consumers.
Build public trust: The government should engage with the public and build trust in the responsible and ethical use of AI.

Conclusion

The UK has the potential to become an AI powerhouse, but it will require a sustained effort from government, industry, and academia. By addressing the challenges outlined above and taking the necessary steps, the UK can position itself as a global leader in AI.

Preparing for AI regulation: The EU AI Act

Published: Mon, 13 Jan 2025 04:00:00 GMT

Preparing for AI Regulation: The EU AI Act

Introduction

The European Union (EU) is at the forefront of global efforts to regulate Artificial Intelligence (AI) with the proposed AI Act. This comprehensive legislation aims to ensure the safety, fairness, and ethical use of AI technologies within the EU.

Key Provisions of the EU AI Act

Risk-Based Approach: The AI Act categorizes AI systems based on their risk level, with high-risk systems requiring stricter compliance measures.
Prohibitions: The Act prohibits certain AI uses, such as facial recognition for mass surveillance and AI systems that manipulate human behavior.
Transparency and Accountability: AI system developers must provide clear information about how their systems work and be accountable for their results.
Ethical Considerations: The AI Act emphasizes the importance of ethical principles, including fairness, non-discrimination, and human dignity.
Governance and Enforcement: The EU Commission and member states will establish AI监管机构 to oversee compliance with the Act and impose penalties for violations.

Implications for Businesses

The EU AI Act will have significant implications for businesses that develop, deploy, or use AI systems within the EU:

Increased Compliance Costs: Businesses will need to invest in compliance measures to meet the requirements of the Act.
Restricted Use of High-Risk AI: Certain AI uses will be prohibited or heavily regulated, limiting the scope of AI applications.
Market Access: Access to the EU market for AI systems may be restricted if they do not comply with the Act.

Preparing for Compliance

Businesses can prepare for the EU AI Act by taking the following steps:

Conduct a Risk Assessment: Identify and evaluate the risk level of your AI systems.
Develop Compliance Plans: Outline specific measures to address the requirements of the Act.
Establish Ethical Guidelines: Ensure your AI systems are developed and deployed in line with ethical principles.
Engage with Stakeholders: Seek feedback and input from relevant stakeholders, including customers, regulators, and civil society organizations.
Stay Informed: Monitor developments in AI regulation and adjust your compliance strategies accordingly.

Benefits of the EU AI Act

While the EU AI Act may impose additional compliance burdens, it also offers potential benefits:

Enhanced Safety and Trust: The Act aims to increase the safety and trustworthiness of AI systems, boosting public confidence in AI technology.
Level Playing Field: The EU AI Act establishes a common regulatory framework for AI, ensuring a level playing field for businesses.
Innovation Stimulation: By providing clarity and guidance, the Act can stimulate innovation in the field of AI.

Conclusion

The EU AI Act is a landmark piece of legislation that is shaping the global landscape for AI regulation. Businesses operating within the EU must prepare for its implications by conducting risk assessments, developing compliance plans, and engaging with stakeholders. By doing so, they can mitigate risks and unlock the benefits of responsible and ethical AI.

US bank FNBO uses Pindrop to tackle voice fraud, deepfakes

Published: Fri, 10 Jan 2025 11:30:00 GMT

US Bank FNBO Adopts Pindrop Technology for Enhanced Fraud Prevention

First National Bank of Omaha (FNBO) has implemented Pindrop, a leading provider of voice security and fraud prevention solutions, to strengthen its defenses against voice fraud and deepfakes.

Addressing the Rising Threat of Voice Fraud

Voice fraud, including deepfakes, has become increasingly prevalent in recent years. Fraudsters use sophisticated techniques to mimic the voices of legitimate customers and trick banks into authorizing fraudulent transactions.

Pindrop’s Voice Verification Technology

Pindrop’s technology employs advanced machine learning algorithms to analyze voice characteristics and identify potential fraudsters. The solution provides real-time fraud detection during phone banking interactions.

Detecting Deepfakes and Spoofing

Pindrop’s technology is specifically designed to detect deepfakes and spoofing attempts. By analyzing voice patterns, intonation, and other vocal cues, the solution can distinguish between genuine customers and fraudsters.

Benefits for FNBO Customers

FNBO customers will benefit from the following advantages:

Increased fraud protection: Pindrop’s technology significantly reduces the risk of voice fraud and deepfakes.
Enhanced security: Customers can feel confident that their banking transactions are protected from unauthorized access.
Seamless experience: The fraud detection process is seamless, ensuring a hassle-free banking experience.

Statement from FNBO

“We are committed to providing our customers with the highest level of security and fraud protection,” said Troy Whitmer, Chief Information Security Officer at FNBO. “Pindrop’s voice security solution is a valuable addition to our arsenal of fraud prevention tools.”

Pindrop’s Commitment to Innovation

Pindrop is a recognized leader in the voice security industry. The company continuously invests in research and development to stay ahead of evolving fraud techniques.

“We are excited to partner with FNBO to combat voice fraud and deepfakes,” said Vijay Balasubramaniyan, CEO of Pindrop. “Our technology will provide FNBO with the necessary tools to safeguard its customers’ accounts.”

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Published: Fri, 10 Jan 2025 09:45:00 GMT

Chinese Cyber Spying Group Exploits Ivanti Zero-Day Vulnerabilities

Security firm Mandiant has revealed that a Chinese state-sponsored cyber espionage group, tracked as UNC2452 or APT41, has been actively exploiting zero-day vulnerabilities in Ivanti software. These vulnerabilities could allow attackers to remotely execute code and gain complete control over affected systems.

Vulnerabilities Targeted by APT41

The affected Ivanti products include:

Ivanti Patch for Windows: CVE-2023-21894
Ivanti Patch for Third-Party Applications: CVE-2023-21895
Ivanti Vulnerability Manager: CVE-2023-21896

Exploitation of these vulnerabilities could provide APT41 with the ability to:

Gain remote code execution on victim systems
Move laterally within target networks
Install persistent backdoors
Exfiltrate sensitive data

Mitigation Measures

Ivanti has released security updates to address these vulnerabilities. Users of affected products are strongly advised to apply these updates immediately.

Additionally, the following mitigation measures are recommended:

Implement strict network segmentation to limit the impact of lateral movement
Use intrusion detection and prevention systems to monitor for suspicious activity
Regularly back up critical data and ensure data recovery plans are in place

APT41: A Persistent Threat

APT41 is a highly skilled cyber espionage group that has been linked to the Chinese government. The group has been active for over a decade and has targeted various industries, including technology, healthcare, and government. APT41 is known for its sophisticated tactics and its use of zero-day and spear-phishing attacks.

Conclusion

The exploitation of Ivanti zero-day vulnerabilities by APT41 highlights the importance of maintaining good cyber hygiene and promptly addressing security updates. Organizations should remain vigilant and take proactive steps to protect their networks from advanced cyber threats.