Cybersecurity

Downdetector shows sharp decline in Instagram outage reports

Reports of an Instagram outage in the US fell sharply on Thursday evening, indicating that service had been largely restored. According to outage tracking website Downdetector, incidents dropped from a peak of 19,431 to just 429 by 8:34 p.m. ET.

The cause of the disruption remains unclear, and Instagram owner Meta has not yet responded to requests for comment.

Downdetector compiles outage data from user reports, meaning the actual number of affected users may vary.

Many users in the United States had initially reported problems accessing the platform, but the rapid decline in complaints suggests that most issues have been resolved.

Instagram has experienced occasional service disruptions in the past, with similar outages affecting users worldwide.

For more information on these topics, visit diplomacy.edu.

US judge says Social Security unlawfully shared data with Musk’s aides

A federal judge has ruled that the Social Security Administration (SSA) likely violated privacy laws by granting Elon Musk’s Department of Government Efficiency (DOGE) unrestricted access to millions of Americans’ personal data.

The ruling halts further data sharing and requires DOGE to delete unlawfully accessed records. United States District Judge Ellen Lipton Hollander stated that while tackling fraud is important, government agencies must not ignore privacy laws to achieve their goals.

The case has drawn attention to the extent of DOGE’s access to sensitive government databases, including Numident, which contains detailed personal information on Social Security applicants.

The SSA’s leadership allowed DOGE staffers to review vast amounts of data in an effort to identify fraudulent payments. Critics, including advocacy groups and labour unions, argue that the process lacked proper oversight and risked compromising individuals’ privacy.

The ruling marks a major legal setback for DOGE, which has been expanding its influence across multiple federal agencies. The White House condemned the decision, calling it judicial overreach, while SSA officials indicated they would comply with the order.

The controversy highlights growing concerns over government data security and the limits of executive power in managing public records.

For more information on these topics, visit diplomacy.edu.

Australian police warn of Binance-themed crypto scam targeting users

Australian authorities have issued warnings about a sophisticated scam in which fraudsters impersonate Binance via SMS, tricking users into transferring their crypto assets.

The Australian Federal Police (AFP) revealed that scammers use sender ID spoofing to make fraudulent messages appear in the same thread as legitimate Binance communications.

Victims are falsely informed of a security breach and urged to move their funds to a ‘trust wallet,’ which is controlled by the scammers.

The AFP has identified at least 130 potential victims and launched a campaign to warn them. Cybercrime officials explained that once funds are transferred to the scammers’ wallets, they are swiftly moved across multiple accounts, making recovery difficult.

Similar scams have also targeted users of Coinbase and Gemini, exploiting pre-generated recovery phrases to seize control of wallets.

Binance Chief Security Officer Jimmy Su advised users to verify official communications through Binance’s security tools and website.

The Australian government is taking steps to combat these scams, planning to launch an SMS Sender ID Register in late 2025. The initiative will require telecom providers to verify brand-name messages, reducing the risk of spoofing.

Investment scams remain a significant issue in Australia, with AU$382 million ($269 million) lost in the past year, nearly half of which was crypto-related.

Authorities continue to urge caution, warning users to be sceptical of unsolicited messages and requests for seed phrases or urgent transfers.

For more information on these topics, visit diplomacy.edu

Cyberattack exploits a flaw in ZoneAlarm’s vsdatant.sys driver

A sophisticated cyberattack has targeted vulnerabilities in the vsdatant.sys driver, a component of Checkpoint’s ZoneAlarm antivirus software, allowing attackers to bypass critical Windows security features.

The driver, released in 2016, has been exploited in a Bring Your Own Vulnerable Driver (BYOVD) attack, enabling attackers to elevate privileges and access sensitive data.

The vsdatant.sys driver operates with high kernel-level privileges, containing long-known vulnerabilities that allow attackers to exploit crafted Interrupt Request Packets (IRPs).

These flaws, affecting versions of the driver prior to 7.0.362, allow for arbitrary code execution by improperly validating arguments passed to system function handlers.

BYOVD attacks have become increasingly common, with attackers leveraging legitimate but vulnerable drivers to bypass security measures undetected.

In this case, attackers were able to disable Windows’ Memory Integrity feature, which is designed to protect critical system processes.

By exploiting flaws in vsdatant.sys, the attackers gained full access to the compromised system, enabling them to steal sensitive information.

To mitigate the risk of such attacks, security experts recommend implementing driver blocklisting, enabling Memory Integrity, and ensuring that all security products are kept up to date.

Users are urged to update their ZoneAlarm installations to the latest version to avoid exposure to these vulnerabilities.

For more information on these topics, visit diplomacy.edu.

Data centre surge exposes vulnerabilities in the US grid

A recent incident in Data Center Alley, a region outside Washington DC housing over 200 data centres, exposed a new vulnerability in the US power grid.

Last summer, 60 data centres unexpectedly disconnected from the grid and switched to on-site generators, causing a surge in excess electricity. However, this triggered the need for grid operators to scale back power output to avoid cascading outages.

The disconnection event, caused by a failed surge protector, forced regulators to address the growing risk of power imbalances due to the rapid expansion of data centres, especially those involved in AI and crypto mining.

As these centres consume increasing amounts of energy, grid operators face new challenges in maintaining stability.

Federal regulators like the North American Electric Reliability Corporation (NERC) are now studying the impact of such events and the risks posed by unannounced data centre disconnections.

The power consumption of data centres has tripled over the last decade and is projected to continue rising, prompting calls for updated reliability standards.

Industry stakeholders, including major tech companies, have expressed concerns about the potential costs and risks of requiring data centres to remain connected during voltage fluctuations.

With the growing presence of large data users, grid operators face a tough balancing act to ensure power stability while accommodating the demands of the data centre industry.

For more information on these topics, visit diplomacy.edu.

Microsoft invests $2.2 billion in Malaysian cloud expansion

Microsoft is set to launch its first cloud region in Malaysia, featuring three data centres in the greater Kuala Lumpur area.

The centres, known as Malaysia West, will begin operations by mid-year, marking a significant step in the company’s $2.2 billion investment in the country.

However, this move is part of Microsoft’s broader plan to expand its cloud and AI services in Southeast Asia. Microsoft estimates the investment will generate $10.9 billion in revenue and create over 37,000 jobs in Malaysia over the next four years.

Laurence Si, managing director of Microsoft Malaysia, stated that the company’s operations in Malaysia remain on track despite concerns over US export controls on semiconductor chips.

Microsoft remains confident in its relationships with stakeholders and its ability to meet its investment commitments.

Local businesses are expected to benefit from enhanced cloud and AI capabilities, with the country aiming to become a leading hub for technological innovation in the region.

For more information on these topics, visit diplomacy.edu.

Ofcom backs broadband competition to expand full-fibre coverage

Britain should maintain competition in the broadband market to boost full-fibre coverage to 96% of premises by 2027 while capping prices on slower-speed services, UK telecoms regulator Ofcom announced on Thursday.

The cap would limit what BT’s Openreach can charge for connections up to 80Mbit/s, an increase from the current 40Mbit/s limit.

Ofcom’s previous measures, including encouraging new providers to use Openreach’s infrastructure, have helped increase full-fibre coverage from under 25% to nearly 70% of homes.

It now proposes keeping high-speed broadband prices free from regulation until 2031 while ensuring affordability for those relying on older copper-fibre connections.

In rural areas where commercial networks are less viable, Ofcom plans to support Openreach in expanding full-fibre access. The regulator’s consultation on these proposals will run until June 12, with final decisions expected in March 2026. BT shares rose 0.5% following the announcement.

For more information on these topics, visit diplomacy.edu.

Baidu dismisses claims of leaked user information

Chinese tech giant Baidu has denied claims of an internal data breach after the teenage daughter of a senior executive was accused of sharing users’ personal information online.

The controversy erupted when internet users alleged that the daughter of Baidu vice president Xie Guangjun had posted private details, including phone numbers, following an online dispute.

Baidu insisted that neither employees nor executives have access to user data and claimed the information came from illegally obtained ‘doxing databases’ on foreign platforms.

The company has filed a police report regarding false claims, including allegations that Xie had given his daughter access to Baidu’s databases.

Xie apologised, stating that the data had been sourced from overseas social networking sites.

The case comes amid ongoing crackdown in China on data privacy breaches, with stricter laws in place to prevent unauthorised sharing of personal details.

The controversy has impacted investor confidence, with Baidu’s shares falling more than 4% in Hong Kong trading.

For more information on these topics, visit diplomacy.edu.

New HP printers designed to withstand quantum computing attacks

HP has introduced the 8000 Series printers, designed to protect against future cyber threats posed by quantum computing.

Announced at the Amplify 2025 event, the new models include the HP Color LaserJet Enterprise MFP 8801, Mono MFP 8601, and LaserJet Pro Mono SFP 8501. These printers are built to resist sophisticated attacks that could exploit vulnerabilities at the firmware level.

To enhance security, HP has integrated quantum-resistant cryptography within the printers’ ASIC chips. These chips provide digital signature verification, reducing the risk of unauthorised firmware modifications and potential data breaches.

HP emphasised that, without these safeguards, printers could be fully compromised by malicious firmware updates, allowing attackers to gain persistent control over the devices.

The new printers are also designed to integrate seamlessly with Zero Trust network architectures, reinforcing security within enterprise environments.

By incorporating advanced cryptographic measures, HP aims to future-proof its printing solutions against emerging cybersecurity threats.

For more information on these topics, visit diplomacy.edu.

Amazon considers further appeal after losing GDPR case

Amazon has lost its appeal against a €746 million fine imposed by Luxembourg’s data protection regulator for breaching EU privacy laws.

The country’s administrative court upheld the penalty in a ruling on 18 March, siding with the National Commission for Data Protection (CNPD), which found Amazon had unlawfully processed personal data under the General Data Protection Regulation (GDPR).

The fine remains the largest issued under the EU privacy rules.

The CNPD also ordered Amazon to implement corrective measures, although enforcement will be suspended during the appeal period.

Amazon criticised the decision, arguing the fine was based on subjective legal interpretations without prior guidance from regulators. The company confirmed it is considering further legal action.

Europe has taken a strict stance on data privacy violations, with GDPR setting a global benchmark for consumer protections.

The ruling against Amazon reinforces the EU’s commitment to holding major tech companies accountable for their handling of personal data.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.