The Hong Kong government has banned most civil servants from using widely used apps, including WhatsApp, WeChat, and Google Drive, on work computers to reduce security risks. The Digital Policy Office’s updated IT security guidelines allow government workers to access these services on personal devices at work, and managers can grant exceptions to the ban if required.
Experts in cybersecurity agree with the policy, pointing to similar restrictions in other governments, including the United States and China, amid increasing concerns over data leaks and hacking threats. Sun Dong, Secretary for Innovation, Technology and Industry, noted that stricter controls were essential given the growing complexity of cybersecurity challenges.
The ban is intended to minimise potential breaches by preventing malware from bypassing security measures through encrypted messages, according to Francis Fong, the honorary president of the Hong Kong Information Technology Federation. Anthony Lai, director of VX Research Limited, called the decision prudent, citing low cybersecurity awareness among some staff and limited monitoring of internal systems.
Data breaches have previously compromised tens of thousands of Hong Kong citizens’ personal information, raising public concern about government cybersecurity protocols. The updated guidelines aim to address these vulnerabilities while increasing overall data security.
Five individuals in Austria have received prison sentences for their roles in a $21.6 million cryptocurrency scam that deceived around 40,000 investors. The fraud, linked to EXW Wallet and EXW token, involved charges of commercial fraud, money laundering, and operating pyramid schemes, marking one of Austria’s largest financial crime cases. The trial, held at the Klagenfurt Regional Court, lasted over 300 hours, with Judge Claudia Bandion-Ortner delivering the sentences.
Two of the defendants were sentenced to five years, while others received shorter terms, with additional perpetrators still on the run. Investigations revealed extravagant spending from the stolen funds, including luxury cars, private jets, and parties in Dubai, as well as a shark tank in a Bali villa. Prosecutors stated that the operation’s scale could reach between €14 million and €120 million, far exceeding original estimates.
Although the defence argued the scheme began with genuine investment intentions, the prosecution maintained it was fraudulent from the start. With appeals expected, the defendants face additional compensation and legal costs, while related investigations continue.
Apple is raising the stakes in its commitment to data security by offering up to $1M to researchers who can identify vulnerabilities in its new Private Cloud Compute service, set to debut next week. The service will support Apple’s on-device AI model, Apple Intelligence, enabling more powerful AI tasks while prioritising user privacy. The bug bounty program targets serious flaws, with the top rewards reserved for exploits that could allow remote code execution on Private Cloud Compute servers.
Apple’s updated bug bounty program also includes rewards up to $250,000 for any vulnerability that could expose sensitive customer information or user prompts processed by the private cloud. Security issues affecting sensitive user data in less critical ways can still earn researchers substantial rewards, signaling Apple’s broad commitment to protecting its users’ AI data.
With this move, Apple builds on past security initiatives, including its specialised research iPhones designed to enhance device security. The new Private Cloud Compute bug bounty is part of Apple’s approach to ensure that as its AI capabilities grow, so does its infrastructure to keep user data secure.
LinkedIn has been fined 310 million euros by European Union regulators for breaching the bloc’s strict data privacy rules. The penalty targets the Microsoft-owned platform for improperly using personal data to target users with ads.
Ireland’s Data Protection Commission (DPC) issued the fine, criticising LinkedIn for failing to handle user data lawfully, fairly, and transparently. As LinkedIn’s European headquarters is in Dublin, the DPC acts as the platform’s lead privacy regulator across the EU.
The investigation found LinkedIn lacked a lawful basis to collect personal information for advertising, violating the General Data Protection Regulation (GDPR). Regulators have ordered the company to align its practices with GDPR standards.
LinkedIn maintains it was operating within the rules but confirmed it is adjusting its advertising practices to meet compliance requirements. Deputy Commissioner Graham Doyle stressed that processing data without legal grounds undermines the fundamental right to privacy.
Taiwan Semiconductor Manufacturing Company (TSMC) has halted chip shipments to a client after discovering its components were found in a Huawei product. This action came about two weeks ago, triggering a detailed investigation to assess the situation’s full scope. A Taiwanese trade official, speaking anonymously, confirmed the development due to its sensitive nature.
The incident has raised alarms due to potential violations of US export controls. TSMC notified both US and Taiwanese authorities, categorising the discovery as a significant internal warning. While the client involved remains undisclosed, TSMC is cooperating with officials but has refrained from commenting further.
The controversy follows a report by TechInsights, which disassembled a Huawei device and found TSMC chips. Such findings suggest the chips may have bypassed US restrictions designed to limit China’s access to advanced technology, particularly to curb military advancements. Taiwan, mindful of growing regional tensions, enforces strict export rules in alignment with the US.
Huawei has long been a focal point of US efforts to control the flow of advanced technology to Chinese entities. Despite these restrictions, Chinese companies have sought workarounds, including using cloud platforms like Amazon’s to gain access to advanced US chips. Taiwan continues to monitor such risks closely, aiming to uphold compliance with international export regulations.
Nvidia’s CEO Jensen Huang announced that a design flaw impacting the company’s Blackwell AI chips has been resolved with assistance from TSMC, its long-term Taiwanese manufacturing partner. The production glitch had delayed chip shipments, initially set for the second quarter, affecting clients such as Google, Microsoft, and Meta.
Huang acknowledged Nvidia was solely responsible for the flaw, which had reduced production yields. He dismissed reports of tensions with TSMC, crediting the manufacturer for helping restore manufacturing efficiency. The chips, which involve the integration of seven different components, are now expected to ship in the fourth quarter.
Blackwell chips, Nvidia’s latest innovation, feature two silicon squares fused into a single unit, delivering speeds 30 times faster than previous models. They are designed for advanced tasks, including AI-driven responses from chatbots. Shares in Nvidia fell by 2% in early trading following news of the delay.
Huang made the announcement during a visit to Denmark, where he introduced Gefion, a new supercomputer featuring 1,528 GPUs. Built in partnership with the Novo Nordisk Foundation and Denmark’s Export and Investment Fund, Gefion is expected to enhance high-performance computing in the region.
The Australian Competition and Consumer Commission (ACCC) is enhancing its cybersecurity capabilities throughout FY25 as part of a broader strategy to improve compliance and maturity in line with the Australian Cyber Security Centre’s Essential Eight framework. The initiative addresses the ACCC’s expanding regulatory role within Australia’s cybersecurity landscape, particularly with the launch of the national anti-scam centre and digital ID, set to take effect on 1 December.
The ACCC will be responsible for accrediting digital ID services, approving participants in the government’s digital ID service, and enforcing compliance regulations, resulting in a heightened workload and increased resource demand. To tackle these challenges, the ACCC aims to elevate its cybersecurity maturity to level two of the Essential Eight framework, prioritising risk management and improvement initiatives.
To strengthen its cybersecurity posture, the uplift will be supported by leveraging various Microsoft technologies, including Active Directory, Group Policy, Defender, Sentinel, and Intune. Recognising the importance of robust defences against cyber threats, the ACCC is committed to allocating the necessary resources to support its enhanced cybersecurity efforts. By elevating its maturity level and effectively managing emerging risks, the ACCC seeks to ensure the resilience of its operations and safeguard consumer interests in an increasingly complex cyber landscape.
Moro Hub and the UAE Space Agency have signed a Memorandum of Understanding (MoU) to establish a strategic partnership to enhance digital transformation within the space sector. The collaboration seeks to leverage Moro Hub’s advanced digital solutions to support the operational goals of the UAE Space Agency.
The key objectives of the MoU include improving operational efficiency through cloud services and cybersecurity, enhancing customer engagement with innovative digital platforms, and creating a competitive advantage that positions the UAE Space Agency as a leader in both the regional and global space sectors. That partnership marks a milestone in the technological evolution of the UAE Space Agency, as it aims to accelerate digital capabilities essential for successful space missions and aligns with the broader vision of the UAE government to reinforce innovation across various sectors.
The enthusiasm surrounding this collaboration highlights its potential to reshape operations and drive advancements, ultimately contributing to the UAE’s ambition to explore new frontiers in space and technology.
Georgia‘s secretary of state’s office recently thwarted a cyberattack aimed at crashing the website used by voters to request absentee ballots. The attack, believed to have originated from a foreign entity, involved hundreds of thousands of IP addresses flooding the system with fake traffic. Despite briefly slowing the site, the attack did not disrupt the ability of voters to request ballots, thanks in part to support from cybersecurity firm Cloudflare.
Officials have yet to confirm the foreign origin, though Gabe Sterling, an election official in Georgia, suggested the attack had “the hallmarks of a foreign power.” The FBI and the US Cybersecurity and Infrastructure Security Agency are involved in the investigation. This incident highlights ongoing attempts by hackers, including foreign-linked groups, to interfere with the democratic process as the US presidential election approaches.
Georgia has previously dealt with cyber threats, including a cyberattack in Coffee County earlier this year, underscoring the continuous risk to election infrastructure. However, no cyber activity has affected the actual casting or counting of votes so far.
The United States Justice Department introduced new rules on Monday to safeguard federal and personal data from foreign adversaries such as China, Russia, and Iran. The regulations aim to limit certain business transactions that could transfer sensitive American data to these countries.
The proposal implements an executive order from President Biden and seeks to prevent the misuse of American financial, health, and genomic data by foreign governments for purposes like espionage and cyber attacks. Countries such as Venezuela, Cuba, and North Korea are also included in the list of nations targeted by the rule.
Among the data types restricted from transfer are human genomic data on more than 100 individuals, and financial or health data on over 10,000 people. Geolocation data on more than 1,000 US devices will also be restricted under the new rule.
The Justice Department plans to enforce compliance through both civil and criminal penalties. Apps like TikTok could potentially violate the new regulations if they transfer sensitive data to their Chinese parent companies.
