Cybersecurity

Microsoft ramps up cybersecurity efforts following critical review

Microsoft has made significant strides in enhancing its security culture following critical feedback from the United States Cyber Safety Review Board. The company launched its Secure Future Initiative (SFI) in late 2023, leading to the involvement of 34,000 engineers dedicated to cybersecurity efforts. CEO Satya Nadella has prioritised security across the organisation, even tying employee performance reviews to security goals in recent months.

Microsoft has implemented several changes to its security processes, including improvements to its Entra ID and Microsoft Account systems, reducing inactive tenants, and enhancing network tracking for better compliance. The company has also introduced stricter controls, such as limiting personal access tokens and eliminating SSH access for internal engineering repositories.

In its push for greater transparency, Microsoft is now publishing CVEs even when customer action is not required. It has also introduced new standards with a ‘Start Right, Stay Right, and Get Right’ approach to ensure that security protocols are integrated throughout its projects.

To oversee its cybersecurity efforts, Microsoft has established a Cybersecurity Governance Council and appointed several new deputy CISOs. The company has also launched a security skilling academy for employee training, reinforcing its long-term commitment to building a robust security culture.

US intelligence official claims that Russia uses AI to influence US election

Russia has been the most active foreign power using AI to influence the upcoming United States presidential election, according to a US intelligence official. Moscow’s efforts have focused on supporting Donald Trump and undermining Kamala Harris and the Democratic Party. Russian influence actors are employing AI-generated content, such as text, images, and videos, to spread pro-Trump narratives and disinformation targeting Harris.

In July, the US Justice Department revealed the disruption of a Russia-backed operation that used AI-enhanced social media accounts to spread pro-Kremlin messages in the US Additionally, Russian actors staged a false hit-and-run video involving Harris, according to Microsoft research. The intelligence official described Russia as a more sophisticated player in comparison to other foreign actors.

China has also been leveraging AI to shape global perceptions, though it is not focused on influencing the US election outcome. Instead, Beijing is using AI to promote divisive political issues in the US, while Iran has employed AI to generate inauthentic news articles and social media posts, targeting polarising topics such as Israel and the Gaza conflict.

Both Russia and Iran have denied interfering in the US election, with China also distancing itself from attempts to influence the voting process. However, US intelligence continues to monitor the use of AI in foreign influence operations as the November 5 election approaches.

Nokia and Viettel Group partner for nationwide 5G deployment in Vietnam

Nokia and Viettel Group have embarked on a transformative partnership to deploy 5G infrastructure across Vietnam, marking a significant milestone in the country’s digital evolution. The landmark agreement will span 22 provinces, facilitating Viettel’s ambitious strategy to enhance its 5G capabilities and drive digital transformation nationwide.

In addition to rolling out new 5G technology, Nokia will modernise Viettel’s existing 4G infrastructure, ensuring a seamless transition and optimised performance. The deployment will begin this year and will involve installing advanced equipment across 2,500 sites, including AirScale baseband solutions and Massive MIMO radios, all powered by Nokia’s innovative and energy-efficient ReefShark System-on-Chip technology.

That collaboration aligns with the Vietnamese government’s vision of establishing 5G as a critical national infrastructure, anticipated to play a vital role in boosting the digital economy, which is projected to contribute between 20% and 30% of the nation’s GDP by 2030. Together, Nokia and Viettel Group are poised to create new opportunities for economic growth and increased productivity, fostering a robust digital service ecosystem that will benefit consumers and businesses alike.

OpenAI enhances ChatGPT with new voices and smoother conversations

OpenAI is expanding its Advanced Voice Mode (AVM) to more ChatGPT users, beginning with those subscribed to the Plus and Teams plans, while Enterprise and education customers will gain access next week. The updated AVM includes a redesigned interface, now featuring a blue animated sphere, and introduces five new voices: Arbor, Maple, Sol, Spruce, and Vale. These additions bring the total voice options to nine, replacing ‘Sky,’ which was removed after legal issues arose over its similarity to actress Scarlett Johansson’s voice.

The AVM update also includes improvements like better accent recognition and smoother conversations. OpenAI has incorporated customisation options, including Custom Instructions, which allow users to personalise ChatGPT’s responses, and Memory, which enables ChatGPT to recall past conversations. However, previously showcased features such as video and screen-sharing remain unavailable, with no confirmed timeline for their release.

Despite the updates, AVM is not yet available in certain regions, including the EU, the UK, and several others. OpenAI is actively refining the feature based on early user feedback, working to resolve glitches and improve overall performance for a smoother experience.

Ellison faces prison for role in FTX collapse

Caroline Ellison, former CEO of Alameda Research, has been sentenced to two years in prison for her involvement in the collapse of the cryptocurrency exchange FTX. The case, one of the largest financial scandals in US history, saw Ellison plead guilty to fraud charges and cooperate extensively with authorities to secure the conviction of FTX founder Sam Bankman-Fried, who received a 25-year prison sentence.

Ellison’s legal team had requested time served and supervised release, emphasising her crucial role in helping federal investigators uncover the misuse of billions in customer funds. However, District Judge Lewis A. Kaplan, while acknowledging her cooperation, ruled that Ellison must still serve time and forfeit around $11 billion.

Her cooperation with prosecutors has been central in exposing the FTX scandal, but the court concluded that her involvement in the mismanagement of funds warranted a prison sentence, drawing attention from legal experts and the broader crypto community.

CrowdStrike apologises for global IT outage after faulty update

A senior executive at CrowdStrike apologised to a US House of Representatives subcommittee for a software update that caused a global IT outage in July. Adam Meyers, the company’s senior vice president for counter-adversary operations, explained that a faulty content configuration update to the Falcon Sensor security software led to widespread system crashes. Meyers assured lawmakers that CrowdStrike has reviewed its systems and is improving its update procedures to prevent future issues.

The 19 July incident, though not caused by a cyberattack or AI, led to widespread disruptions across various industries, including airlines, healthcare, media, and banks. Millions of Microsoft Windows devices were impacted, with the outage causing flight cancellations and service interruptions globally. Delta Air Lines, which cancelled 7,000 flights, is pursuing legal action against CrowdStrike, although the company denies responsibility for the airline’s losses.

In the wake of the incident, CrowdStrike lowered its revenue and profit forecasts, acknowledging that the financial impact of the faulty update could affect the company for up to a year.

Quad leaders set principles for Digital Public Infrastructure

The Quad leaders, comprising the United States, India, Japan, and Australia, outlined principles to guide the development and deployment of Digital Public Infrastructure (DPI) during their 6th Quad Leaders’ Summit in Wilmington, Delaware. Recognising the transformative power of digital technologies, they emphasised the need for DPI to foster inclusivity, ensure security, and promote scalability while respecting privacy and human rights.

The principles aim to provide a blueprint for governments and private sectors to collaborate on creating secure, interoperable digital systems. These systems would offer equitable access, support public service delivery, and drive sustainable development by addressing key challenges such as digital divides, privacy concerns, and cybersecurity risks. They focus on creating an inclusive, safe, and transparent digital ecosystem that can adapt to evolving demands, especially in pursuit of the UN 2030 Agenda for Sustainable Development.

Among the core principles are:

Inclusivity: Governments should strive to close digital divides by eliminating barriers that hinder access and ensuring no erroneous biases are embedded in digital systems.

Interoperability: DPI should be based on open standards that ensure compatibility across systems, balancing legal and technical requirements.

Scalability: Infrastructure should be designed to accommodate growing demand without significant disruptions.

Security and Privacy: DPI must integrate privacy-enhancing technologies and cybersecurity features to protect users’ data and ensure system resilience.

Collaboration: A culture of openness is encouraged by involving community actors and innovators throughout the DPI’s lifecycle.

Human Rights and Governance: DPI must respect human rights and be governed transparently to maximise public trust and benefit.

Sustainability: DPI should be built with sustainability in mind, ensuring long-term financial and technological viability.

These principles highlight the Quad’s commitment to ensuring that digitalisation leads to equitable, reliable, and sustainable outcomes for societies, strongly emphasising maintaining democratic values and human rights.

UN adopts ‘Pact for the Future’

On 22 September 2024, world leaders convened in New York to adopt the ‘Pact for the Future’ – a comprehensive agreement designed to reimagine global governance in response to contemporary and future challenges.

The ground-breaking Pact includes a Global Digital Compact and a Declaration on Future Generations, aiming to update the international system established by previous generations. The Secretary-General stressed the importance of aligning global governance structures with the realities of today’s world, fostering a more inclusive and representative international system.

The Pact covers many critical areas, including peace and security, sustainable development, climate change, digital cooperation, human rights, and gender equality. It marks a renewed multilateral commitment to nuclear disarmament and advocates for strengthened international frameworks to govern outer space and prevent the misuse of new technologies. To bolster sustainable development, the Pact aims to accelerate the Sustainable Development Goals (SDGs), reform international financial architecture, and enhance measures to tackle climate change by committing to net-zero emissions by 2050.

Digital cooperation is notably addressed through the Global Digital Compact, which outlines commitments to connect all people to the internet, safeguard online spaces, and govern AI. The Compact promotes open-source data and sets the stage for global data governance. It also ensures increased investment in digital public goods and infrastructure, especially in developing countries.

Why does it matter?

The ‘Pact for the Future’ encapsulates a detailed, optimistic vision geared toward creating a sustainable, just, and peaceful global order. The Summit of the Future, which facilitated the adoption of this Pact as an extensively inclusive process, involves millions of voices and contributions from diverse stakeholders. The event was attended by over 4,000 participants, including global leaders and representatives from various sectors, and was preceded by Action Days, which drew more than 7,000 attendees. Such a forum shows firm global commitments to action, including pledges amounting to USD 1.05 billion to advance digital inclusion.

Snapchat’s balance between user safety and growth remains a challenge

Snapchat is positioning itself as a healthier social media alternative for teens, with CEO Evan Spiegel emphasising the platform’s different approach at the company’s annual conference. Recent research from the University of Amsterdam supports this view, showing that while platforms like TikTok and Instagram negatively affect youth mental health, Snapchat use appears to have positive effects on friendships and well-being.

However, critics argue that Snapchat’s disappearing messages feature can facilitate illegal activities. Matthew Bergman, an advocate for social media victims, claimed the platform has been used by drug dealers, citing instances of children dying from fentanyl poisoning after buying drugs via the app. Despite these concerns, Snapchat remains popular, particularly with younger users.

Industry analysts recognise the platform’s efforts but highlight its ongoing challenges. As Snapchat continues to grow its user base, balancing privacy and safety with revenue generation remains a key issue, especially as it struggles to compete with bigger players like TikTok, Meta, and Google for advertising.

Snapchat’s appeal lies in its low-pressure environment, with features like disappearing stories and augmented reality filters. Young users, like 14-year-old Lily, appreciate the casual nature of communication on the platform, while content creators praise its ability to offer more freedom and reduce social pressure compared to other social media platforms.

Iran-related hackers planted backdoors across Middle East critical infrastructure, according to Mandiant

In a report released on 19 September, Google-owned Mandiant detailed the activities of a group it identified as UNC1860. The report highlighted the group’s advanced tools and hidden backdoors, which continue to be leveraged by other Iranian hacking operations.

The report notes that an Iranian cyber unit within the Ministry of Intelligence and Security (MOIS) has emerged as a key facilitator for the nation’s hackers, offering persistent access to critical systems in the Middle East, particularly in telecommunications and government sectors.

Mandiant adds that these groups allegedly provided initial access for cyberattacks, including operations in late 2023 against Israel using BABYWIPER malware and in 2022 against Albania with ROADSWEEP. While Mandiant couldn’t verify UNC1860’s direct involvement, they identified software designed to support such handoff operations.

UNC1860’s toolkit includes a variety of utilities that enable initial access and lateral movement within networks. These tools are engineered to bypass security software and provide covert access, which could be used for espionage or network attacks.

Mandiant describes UNC1860 as a highly capable threat actor that likely supports a range of goals, from spying to direct network assaults. The firm also reported UNC1860’s collaboration with other MOIS-associated groups like APT34, known for breaching government systems in countries like Jordan, Israel, and Saudi Arabia. A recent APT34 operation was uncovered targeting Iraqi officials.

Diplo chatbot can make mistakes. Consider checking important information.