Cybersecurity

Denmark warns of cyber threats to its water infrastructure

Denmark’s national Centre for Cybersecurity (Center for Cybersikkerhed, CCS) has identified a ‘very high’ risk of cyberattacks targeting the country’s water infrastructure following its first official assessment of threats to the sector.

According to CCS acting head Mark Fiedel, the water sector plays a vital role within Denmark’s critical infrastructure, highlighting the potential impacts of disruptions to drinking water supplies.

As an example of the risks faced by the sector, Fiedel noted an incident in December 2024 when hackers accessed a small water plant in Denmark, resulting in a temporary disruption of water services for approximately 50 households.

CCS classifies cyber threats into various categories, including cybercrime, which poses the significant risk to critical infrastructure. Ransomware attacks are among the identified threats, and in 2021, a water plant in Kalundborg reported a ransomware attack that briefly locked technicians out of IT systems.

Japan introduces active cyber defence bill to strengthen national security

Among the 59 bills to be introduced to the Japanese government’s review this year within next 150 days, the Active Cyber Defense Legislation stands out due to its importance for Japan’s national security.

This bill, presented to the Liberal Democratic Party (LDP) on January 16 and swiftly approved, is part of an effort to bolster Japan’s cybersecurity capabilities. We also earlier reported that Japan’s Liberal Democratic Party proposed an ‘active cyber defence’ system, allowing the government to collect telecom metadata to detect and prevent cyberattacks as part of broader national security reforms to strengthen the country’s cybersecurity capabilities.

The proposed legislation includes three main components: improving collaboration between the public and private sectors, allowing the government to access telecommunications data in cases of suspected cyberattacks, and enabling the neutralisation of attackers’ servers. Critical infrastructure sectors such as energy, transportation, and telecommunications would be required to report cyber incidents, with the government offering guidance on damage control and prevention.

The bill also grants the government the ability to monitor specific communications between Japan and foreign nations, but limits this to non-content data to address privacy concerns. In the event of a major cyberattack, the Self-Defense Forces (SDF) may be deployed to defend critical systems.

Although the bill has received widespread support, it faces legal challenges, particularly with regard to Japan’s constitutional protection of communication secrecy and its pacifist defense policies. Despite these concerns, public opinion remains favorable, with a recent poll showing 65% support for the legislation.

The government is moving forward with the proposal, aiming to enhance the protection of Japan’s critical infrastructure from increasing cyber risks. While the Japanese Communist Party opposes the bill, it has gained backing from major opposition parties, highlighting its broad political support.

New hacking group mimics Russia-linked group to target Russian entities, Chinese cybersecurity experts say

A hacking group, named as GamaCopy, has been imitating the tactics of the Russia-linked threat actor Gamaredon to target Russian-speaking victims, according to research by Chinese cybersecurity firm Knownsec.

GamaCopy’s latest campaign employed phishing documents disguised as reports on Russian armed forces’ locations in Ukraine, along with the open-source software UltraVNC for remote access.

However, while GamaCopy mirrors many techniques used by Gamaredon, researchers identified notable differences. For example, GamaCopy primarily uses Russian-language victims, whereas Gamaredon typically targets Ukrainian speakers. Additionally, GamaCopy’s use of UltraVNC represents a unique element in its attack chain.

Since June 2023, GamaCopy has targeted Russia’s defense and critical infrastructure sectors. However, the group is believed to have been active even earlier, i.e. since August 2021. Knownsec’s analysis suggests that GamaCopy’s operations are part of a deliberate false-flag campaign and links the group to another state-sponsored actor known as Core Werewolf, which has similarly targeted Russian defense systems since 2021.

This discovery follows recent reports of other hacker groups, conducting cyber-espionage campaigns against Russian entities, highlighting the increasing complexity and state-backed nature of these threats.

Trump administration ends Cyber Safety Review Board and pauses investigation into Salt Typhoon

The Trump administration has terminated all members of the Cyber Safety Review Board (CSRB), along with the Cybersecurity and Infrastructure Agency’s Cybersecurity Advisory Committee and other Department of Homeland Security (DHS) advisory panels. This move has halted the investigation into hacking group Salt Typhoon’s cyberattack on US telecommunications firms, raising significant concerns among cybersecurity advocates, according to CyberScoop.

While Acting DHS Secretary Benjamin Huffman suggested that outgoing members could reapply for their positions, the decision has faced criticism from lawmakers and experts. Representative Bennie Thompson (D-Miss.), of the House Homeland Security Committee, warned that this decision could delay the Salt Typhoon probe, which he emphasised must be ‘completed expeditiously.’

Cybersecurity expert Kevin Beaumont argued that dismantling the CSRB could shield Microsoft from accountability over security lapses tied to a separate Chinese hacking incident. Meanwhile, Jake Williams of IANS Research highlighted the broader implications of this decision, stating that removing such panels could undermine US national security.

However, House Homeland Security Chair Mark Green (R-Tenn.) defended the move, stating it offers the Trump administration an opportunity to appoint new members or reevaluate the mission of the CSRB for more effective oversight.

Iran and Russia sign comprehensive cooperation agreement to strengthen military, security, and cyber ties

An agreement signed between Iran and Russia last week outlines commitments to enhance military, security, cyber and technological cooperation between the two nations. The comprehensive strategic partnership agreement, signed in Moscow by Russian President Vladimir Putin and Iranian President Masoud Pezeshkian, seeks to deepen bilateral relations and includes specific provisions for cooperation in cybersecurity and internet regulation.

The agreement aims to counter the use of information and communication technologies for criminal activities and includes plans to exchange expertise on managing national internet infrastructure. The text also adds that two countries will ‘promote the establishment of a United Nations-led system for ensuring international information security and the creation of a legally binding regime for the prevention and peaceful resolution of conflicts, based on the principles of sovereign equality and non-interference in the internal affairs of states’.

The agreement emphasises strengthening sovereignty and state-centric approach to international information security and internet governance. Other key commitments on cybersecurity also include:

  • Expanding joint efforts to combat the criminal misuse of ICTs, exchanging expertise, and promoting sovereignty in the international information domain.
  • Advocating for the internationalization of internet governance, equal rights for states in managing internet segments, and rejecting limitations on national sovereignty in regulating and securing the internet.
  • Enhancing sovereignty through regulating global ICT companies, sharing expertise on internet management, developing ICT infrastructure, and advancing digital development.

CISA and FBI publish guidance on product security bad practices

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released detailed guidance aimed at software manufacturers to enhance security across the product lifecycle. This document applies to all software products and services, including on-premises software, cloud services, Software as a Service (SaaS), operational technology (OT), and embedded systems. While non-binding, the guidance encourages manufacturers to adopt secure-by-design principles and reduce risks for their customers by avoiding specific bad practices.

The guidance reflects feedback from 78 public comments and introduces three new bad practices:

  1. Using known insecure or outdated cryptographic functions.
  2. Hardcoded credentials.
  3. Insufficient product support periods.

Updates also include:

  • Enhanced context on memory safety and multi-factor authentication (MFA), particularly for OT products.
  • New examples of actions to prevent SQL injection and command injection vulnerabilities.
  • Clear timelines for addressing Known Exploited Vulnerabilities (KEVs).

Some of the recommendation actions to software manufacturers specifically address the critical infrastructure protection. For instance, Software manufacturers are urged to:

  • Prevent command injection vulnerabilities: Use library functions, sanitize inputs with restrictive allowlists, and delineate command inputs.
  • Eliminate default passwords: Implement instance-unique, random passwords; enforce secure credentials during setup; and support phishing-resistant MFA.
  • Patch Known Exploited Vulnerabilities (KEVs): Issue free patches within 30 days of a KEV’s inclusion in CISA’s catalog and communicate risks to users.
  • Support Open Source Software (OSS): Contribute responsibly and sustainably to open-source projects relied upon.

By following this guidance, manufacturers signal their commitment to customer security and contribute to a safer software ecosystem.

OpenAI launches AI assistant for everyday tasks

OpenAI has launched an advanced AI agent, Operator, designed to automate repetitive online tasks such as ordering groceries or booking restaurants. Operator uses its own browser to interact with buttons, menus, and text fields, removing the need for custom API integrations.

The tool operates independently once enabled, but it is designed to seek user approval for actions involving sensitive information like logins or payments. Its functionality relies on OpenAI’s GPT-4o vision model and advanced reasoning capabilities, allowing it to self-correct mistakes or transfer control back to users when needed.

Operator is currently in a research preview phase, available exclusively to US-based ChatGPT Pro subscribers. Feedback from early adopters will shape its future development before it becomes accessible to more users.

OpenAI is collaborating with companies including DoorDash, Uber, and StubHub to align Operator with real-world needs and industry norms, ensuring practicality and reliability for diverse applications.

Trump orders AI action plan to enhance US dominance

US President Donald Trump has signed an executive order aimed at solidifying the country’s dominance in artificial intelligence. The directive includes creating an Artificial Intelligence Action Plan within 180 days to promote economic competitiveness, national security, and human well-being. The White House confirmed this initiative as part of efforts to position the nation as a global AI leader.

Trump has also instructed his AI and national security advisers to dismantle policies implemented by former President Joe Biden. Among these is a 2023 order requiring AI developers to submit safety test results to the government for systems with potential risks to national security, public safety, or the economy.

Biden’s policies aimed to regulate AI development under the Defence Production Act to minimise risks posed by advanced technologies. Critics argue the approach imposed unnecessary constraints, while supporters viewed it as a safeguard against potential misuse of AI.

The latest move reflects Trump’s broader strategy to reshape the nation’s AI framework, focusing on economic growth and innovation while rolling back measures seen as restrictive.

Rivian and Volkswagen explore software deals

Rivian, the US electric vehicle maker, and Volkswagen are in talks with other automakers about supplying them with software and electrical architecture through their joint venture. This collaboration, which began in November with Volkswagen’s $5.8 billion investment, aims to integrate advanced electrical infrastructure and Rivian’s software technology into both companies’ future EVs. Rivian’s streamlined vehicle architecture, which reduces weight and manufacturing complexity, also allows for over-the-air software updates, an area where traditional automakers have struggled to catch up.

Rivian‘s Chief Software Officer, Wassym Bensaid, revealed that other automakers are interested in the joint venture’s technology, though he declined to name them or provide details on the ongoing discussions. The venture is a key opportunity for established automakers to quickly access the technology they have long sought to develop themselves. For Rivian, the partnership provides higher volumes, better supplier deals, and a chance to reduce costs, especially important as EV demand slows.

Rivian focuses on launching its smaller, more affordable R2 SUV by 2027, while also expanding the integration of its technology into Volkswagen’s other brands. With increasing interest from additional OEMs, the joint venture is poised to become a significant player in the global EV market, particularly in the West, alongside Tesla. Analysts suggest the partnership helps Rivian address its capital concerns and positions it as a key player in the transition to software-defined vehicles.

Stargate venture to support OpenAI, according to FT.

Stargate, a new joint venture formed by OpenAI, SoftBank, and Oracle, aims to build data centres across the US to support the growing demands of AI. According to a report by the Financial Times on Thursday, these data centres will be dedicated solely to OpenAI, the company behind the popular ChatGPT. The collaboration between these tech giants underscores the increasing importance of robust infrastructure to power the next wave of AI innovation.

The exclusive focus on OpenAI’s needs comes when AI technologies rapidly expand, with the demand for high-performance computing capabilities soaring. The partnership will allow OpenAI to scale its operations and provide the necessary computing power for its cutting-edge AI models. As companies worldwide race to develop more advanced AI tools, the infrastructure provided by Stargate is expected to play a crucial role in supporting the next generation of AI services.

Oracle and SoftBank’s involvement brings significant expertise in cloud infrastructure and global telecom, making the venture a powerful alliance in the competitive AI landscape. The project highlights the growing intersection of cloud computing, data storage, and AI as companies like OpenAI push the boundaries of what AI can achieve.

Diplo chatbot can make mistakes. Consider checking important information.