Cybersecurity

WhatsApp group exposes students to explicit content

Clacton County High School in Essex, UK, has issued a warning to parents about a WhatsApp group called ‘Add Everyone,’ which reportedly exposes children to explicit and inappropriate material. In a Facebook post, the school advised parents to ensure their children avoid joining the group, urging them to block and report it if necessary. The warning comes amid rising concern about online safety for young people, though the school noted it had no reports of its students joining the group.

Parents have reacted strongly to the warning, with many sharing experiences of their children being added to groups containing inappropriate content. One parent described it as ‘absolutely disgusting’ and ‘scary’ that young users could be added so easily, while others expressed relief that their children left the group immediately. A similar alert was issued by Clacton Coastal Academy, which posted on social media about explicit content circulating in WhatsApp groups, though it clarified that no students at their academy had reported it.

UK, Essex Police are also investigating reports from the region about unsolicited and potentially illegal content being shared via WhatsApp. Police emphasised that, while WhatsApp can be useful for staying connected, it can also be a channel for unsolicited and abusive material. The police have encouraged parents and students to use online reporting tools to report harmful content and reminded parents to discuss online safety measures with their children.

US Departments of Energy and Commerce unite for safe AI development under new partnership

The US Department of Energy (DOE) and the US Department of Commerce (DOC) have joined forces to promote the safe, secure, and trustworthy development of AI through a newly established Memorandum of Understanding (MOU). That collaboration, part of the Biden-Harris Administration’s whole-of-government approach, unites the DOE’s technical resources with the regulatory expertise of the National Institute of Standards and Technology (NIST), where the US AI Safety Institute (US AISI) is a central agency for AI safety initiatives.

The partnership aims to address critical areas such as public safety, national security, and infrastructure protection by evaluating AI models for potential chemical and biological risks and advancing privacy safeguards for personal and commercial data. With the DOE’s National Laboratories supporting the US AISI, this agreement strengthens the federal government’s commitment to responsible AI practices.

Additionally, the partnership highlights AI safety as crucial for innovation, especially in research and clean energy. Given AI’s potential, robust testing standards are essential to ensure security and public trust. Through this MOU, the DOE and DOC establish a foundation for secure AI, emphasising governance as vital to the nation’s tech and security strategy.

CISA unveils first international strategic plan for 2025-2026, to enhance global cybersecurity partnerships

The Cybersecurity and Infrastructure Security Agency (CISA) has announced its first International Strategic Plan for 2025-2026, underscoring a robust commitment to securing US critical infrastructure (CI) through global partnerships. Building on its previous 2023-2025 Strategic Plan, this new approach aligns with the National Security Memorandum on Critical Infrastructure Security and Resilience, highlighting the essential role of international cooperation in protecting interconnected cyber and physical systems.

To achieve its mission, CISA has outlined three primary goals for international engagement:

  1. Bolster the Resilience of Foreign Infrastructure on Which the US Depends: Collaborating with foreign partners, CISA aims to fortify international infrastructure, mitigating risks that could disrupt critical US operations.
  2. Strengthen Integrated Cyber Defense: By sharing expertise, resources, and best practices, CISA and its allies can build a unified defence, equipping nations to address emerging threats to critical infrastructure better.
  3. Unify Agency Coordination of International Activities: The agency’s “One CISA” approach seeks to streamline efforts and maximise the impact of global partnerships, reducing redundancy and fostering cohesive international collaboration.

Microsoft accuses Google of running campaigns in Europe to undermine its reputation

Microsoft took the unusual step of publicly accusing Google of conducting ‘shadow campaigns’ in Europe to undermine Microsoft’s reputation with regulators. According to a blog post by Microsoft lawyer Rima Alaily, Google allegedly hired the advisory firm DGA Group to organise the Open Cloud Coalition, enlisting European cloud companies to act as a front while Google finances and directs its operations. The coalition, recently launched, purports to advocate for a ‘fair, competitive, and open cloud industry’ across Europe.

Alaily claims this is part of Google’s pattern of targeting Microsoft, citing Google’s involvement in the Coalition for Fair Software Licensing and a separate effort to sway Cloud Infrastructure Services Providers in Europe with significant financial offers to oppose Microsoft’s proposed antitrust settlement. The conflict adds fuel to the rivalry between the two tech giants, who already compete intensely across cloud infrastructure, online advertising, AI, and productivity software.

In response, a Google spokesperson noted that Microsoft’s cloud licensing practices create vendor lock-in, potentially stifling competition, cybersecurity, and innovation. Hours after Microsoft published accusations, the Open Cloud Coalition formally announced its formation, listing Google as a member and calling on European authorities to intensify scrutiny on cloud competition issues. In September, Google said it was filing a complaint against Microsoft with the European Commission over what Google considers unfair practices for licensing the Windows Server operating system. 

Democratic senators urge Biden administration to address human rights in UN Cybercrime Convention

Six Democratic senators have urged the Biden administration to address critical concerns about human rights and cybersecurity in the upcoming United Nations Cybercrime Convention, which is set for a vote at the UN General Assembly. In a letter to top officials, including Secretary of State Antony Blinken and National Security Adviser Jake Sullivan, the senators—Tim Kaine, Jeff Merkley, Ed Markey, Chris Van Hollen, Ron Wyden, and Cory Booker—expressed alarm over the convention’s handling of privacy rights, freedom of expression, and cybersecurity.

The letter warns that the current version of the treaty, supported by US lead negotiator Ambassador Deborah McCarthy, risks aligning the US with repressive regimes under the pretence of cybersecurity. The senators voiced concerns that the treaty, which originated as a Russian proposal in 2017, could enable authoritarian states to legitimise surveillance, suppress dissent, and infringe on human rights globally.

While the Biden administration tried to revise the text, the senators argued that these changes needed revision. The treaty’s provisions require countries to enact laws that allow local law enforcement access to electronic data, threaten privacy rights, and potentially enable surveillance without judicial oversight. The top diplomat warned of serious fallout if the US fails to back the treaty.

The letter also criticises the treaty for lacking clear protections for journalists and security researchers, whose work often involves uncovering vulnerabilities that malicious actors could exploit. The senators warn that this oversight could weaken cybersecurity without explicit safeguards, making sensitive systems more vulnerable to attack.

Rapid7 explores sale as buyout firms show interest

Boston-based cybersecurity company Rapid7, valued at roughly $2.5 billion, is exploring acquisition options after attracting interest from private equity firms. Working with investment advisors Goldman Sachs and JPMorgan, the firm is reportedly in early discussions with major private equity groups, including Advent, Bain Capital, and EQT. Sources suggest that while talks are ongoing, Rapid7 may ultimately decide against a sale.

The company, a provider of vulnerability management tools helping organisations assess and monitor cybersecurity risks, has been under increased pressure to consider a sale. Activist investor Jana Partners recently acquired a 5.8% stake in Rapid7, urging it to explore strategic options as it faces strong competition from larger players like Tenable and Qualys.

Rapid7 has seen its shares fall around 32% this year amid rising challenges in the cybersecurity market, as clients cut back on spending due to economic pressures. However, news of a potential sale lifted the company’s stock by over 4% on Monday. Interest in cybersecurity acquisitions remains strong, with private equity firms actively pursuing opportunities in the sector, highlighted by major deals such as Advent’s $14 billion acquisition of McAfee in 2021 and Vista Equity’s $4.6 billion buyout of KnowBe4 last year.

CTGT helps firms deploy AI with safety and transparency

CTGT, a startup founded by Cyril Gorlla and Trevor Tuttle, aims to improve the safety and transparency of AI models. Operating in a field known as ‘explainable AI,’ CTGT’s platform identifies biased outputs and hallucinations in AI models, with a particular focus on applications in healthcare, finance, and other high-stakes industries. Rather than training additional models to oversee the AI, CTGT employs mathematically-guaranteed interpretability techniques, allowing companies to identify errors more efficiently and accurately.

CEO Gorlla highlighted the dangers of relying on inaccurate or biased AI decisions, emphasising that models are increasingly deployed in critical areas where errors can have serious consequences. CTGT’s clients include three unnamed Fortune 10 companies, one of which used the platform to correct biases in a facial recognition system. By offering both managed and on-premises solutions, CTGT also addresses data privacy concerns, giving companies control over their information without compromising security.

CTGT has gained support from major investors, including Mark Cuban and the co-founder of Zapier, and is a graduate of the Character Labs accelerator. As the startup expands, it plans to build out its engineering team and enhance its platform to meet the rising demand for AI interpretability. Analytics firm Markets and Markets estimates that the explainable AI sector could reach $16.2 billion by 2028, a promising outlook for companies focused on AI safety and transparency.

TikTok ‘money glitch’ results in JP Morgan fraud cases

JP Morgan Chase has initiated lawsuits against customers accused of exploiting a glitch to withdraw large sums from its ATMs. The viral ‘infinite money glitch’ trend on TikTok involved users writing large cheques to themselves, depositing them, and withdrawing the money before the cheques were returned as invalid.

The lawsuits target two individuals and two businesses, demanding the return of funds with interest, reimbursement of overdraft fees, and coverage of legal expenses. In a court filing, JP Morgan revealed that one incident involved a $335,000 cheque deposited on 29 August, with over $290,000 still owed after the cheque was deemed counterfeit.

Bank officials stressed their commitment to fraud prevention, describing bank fraud as a serious crime in court documents. The total amount linked to the defendants in the lawsuits exceeds $660,000. Typically, banks permit customers to withdraw only part of a cheque’s value until it clears.

The Wall Street Journal recently reported that the bank closed the loophole shortly after the glitch went viral. An ongoing investigation by JP Morgan is reviewing thousands of potential fraud cases tied to the incident.

Luxottica founder’s son involved in alleged data access scheme, faces probe

Italian authorities have placed Leonardo Maria Del Vecchio, son of the late billionaire founder of Luxottica, and three others under house arrest as part of a probe into suspected illegal access to state databases. Del Vecchio, whose father created the Ray-Ban eyewear empire, is accused of employing a private intelligence agency, allegedly managed by a former police officer, to gather confidential data. The alleged access was reportedly linked to a family dispute over inheritance.

Del Vecchio’s lawyer, Maria Emanuela Mascalchi, said her client is “eagerly awaiting” the investigation’s conclusion, maintaining he has “nothing to do” with the allegations and is more a victim of the situation. Prosecutors allege that the intelligence agency illegally accessed data from state systems, including tax, police, and financial databases, which were reportedly used to blackmail business figures or sold to third parties.

The probe, which extends back to at least 2019 and continued until March 2024, highlights concerns about a lucrative market for sensitive information in Italy. Italy’s national anti-mafia prosecutor, Giovanni Melillo, remarked that the case has raised alarm over the existence of an underground market for confidential data, now operating on an industrial scale.

This case follows a recent investigation into a significant data breach at Italy’s largest bank, Intesa Sanpaolo, suggesting a wider issue of data misuse in the country.

Meta opposes Malaysia’s new social media licensing requirements

Meta Platforms has expressed concerns over Malaysia’s plan to require social media platforms to obtain regulatory licenses by 1 January 2025. The Malaysian government’s new regulation aims to combat online threats like scams, cyberbullying, and sexual crimes. However, Meta’s director of public policy for Southeast Asia, Rafael Frankel, criticised the timeline, arguing it’s ‘exceptionally accelerated’ and lacks clear guidelines, potentially hindering digital innovation and economic growth.

Malaysia announced in July that any social media or messaging service with over eight million users would need to comply or face legal repercussions. The policy has sparked backlash from industry groups, including Meta, which asked the government in August to reconsider. Communications Minister Fahmi Fadzil reiterated that tech companies must align with local laws to continue operating in Malaysia, signalling no plans for delay.

Frankel emphasised that Meta has yet to decide whether to apply for the license due to the vague regulatory framework, pointing out that similar regulations typically take years to finalise to avoid stifling innovation. While Malaysia’s communications ministry has yet to comment, Fahmi recently met with Meta representatives, thanking them for their cooperation but urging more action against harmful content, particularly regarding minors.

Meta has stated its shared commitment to online safety and is collaborating with Malaysian authorities to remove harmful content. Frankel argued that Meta already prioritises online safety and doesn’t require a licensing framework. Despite ongoing concerns, Meta hopes to work with the government to find a middle ground on the regulations before implementation.

Why does it matter?

Malaysia’s strict stance on harmful online content comes in response to a rise in social media-related issues. The government has been vocal about requiring platforms like Meta and TikTok to intensify content monitoring, especially around gambling, scams, child protection, cyberbullying, and sensitive topics related to race, religion, and royalty.

Diplo chatbot can make mistakes. Consider checking important information.