Tanzanian President Samia Suluhu Hassan has called for the integration of AI into the strategies of the Tanzania Police Force to address the escalating threat of cybercrime. Speaking at the 2024 Annual Senior Police Officers’ Meeting and the 60th Anniversary of the Tanzania Police Force, President Samia emphasised that in today’s digital age, leveraging advanced technology is crucial for effectively combating online threats. She highlighted the necessity for the police to adapt technologically to stay ahead of sophisticated cybercriminals, underlining the importance of embracing these advancements.
In her address, President Samia also drew attention to a troubling surge in cybercrime, with incidents increasing by 36.1% from 2022 to 2023. She noted that crimes such as fraud, false information dissemination, pornography distribution, and harassment have become more prevalent, with offenders frequently operating from outside Tanzania. The President’s remarks underscore the urgency of adopting advanced technological tools to address these growing challenges effectively and to enhance the police’s capability to counteract such threats.
Furthermore, President Samia emphasised the need to maintain peace and stability during the upcoming local government and general elections. She tasked the police with managing election-related challenges, including defamatory statements and misinformation, without resorting to internet shutdowns. President Samia underscored that while elections are temporary, safeguarding a stable environment is essential for ongoing development and progress by stressing the importance of preserving national peace amidst political activities.
Mistral AI has launched a new free tier for developers to fine-tune and test apps using its AI models, as well as significantly reducing prices for API access to these models, the startup announced on Tuesday. The Paris-based company, valued at $6 billion, is introducing these updates to remain competitive with industry giants such as OpenAI and Google. These companies also offer free tiers for developers with limited usage. Mistral’s free tier, accessible through its platform ‘la Plateforme,’ enables developers to test its AI models at no cost. However, paid access is required for commercial production.
Mistral has reduced the prices of its AI models, including Mistral NeMo and Codestral, by over 50% and cut the cost of its largest model, Mistral Large, by 33%. This decision reflects the increasing commoditisation of AI models in the developer space, with providers vying to offer more advanced tools at lower prices.
Mistral has integrated image processing into its consumer AI chatbot, le Chat, through its new multimodal model, Pixtral 12B. This model allows users to scan, analyse, and search image files alongside text, marking another advancement in the startup’s expanding AI capabilities.
The US Federal Bureau of Investigation has disrupted another major Chinese hacking group, dubbed ‘Flax Typhoon,’ which had compromised thousands of devices globally. The FBI and officials from several allied countries accused a Chinese company, the Integrity Technology Group, of running the operation under the guise of an IT firm. FBI Director Christopher Wray revealed that the group was gathering intelligence and conducting surveillance for Chinese security agencies, targeting critical infrastructure as well as corporations, media organisations, and universities.
Cybersecurity officials from the UK, Canada, Australia, and New Zealand also joined the US in condemning the hacking group, noting that over 250,000 devices had been compromised as of June. The operation involved hijacking devices through a botnet—a network of infected cameras and storage devices—and was reportedly part of China’s broader cyber-sabotage efforts. Flax Typhoon’s activities mirrored those of another China-backed group, Volt Typhoon, which has been scrutinised for targeting US infrastructure.
The Chinese Embassy in Washington denied the accusations, claiming that the US had made baseless allegations. Despite China’s dismissal, the FBI remains firm, with Wray emphasising that this takedown is only one part of a longer struggle to counter Chinese cyberattacks. The operation faced some retaliation from the hackers, who launched a cyberattack in response but eventually retreated, leaving the FBI in control of the botnet’s infrastructure.
The American Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a key initiative designed to enhance federal cybersecurity across over 100 FCEB agencies. That plan establishes a framework for coordinated support and services, aiming to reduce cyber risks through a unified defence strategy.
The FOCAL Plan prioritises five key areas to advance operational cybersecurity: Asset Management, which focuses on understanding and managing the cyber environment and interconnected assets; Vulnerability Management, aimed at proactively protecting against threats and assessing defensive capabilities; Defensible Architecture, which emphasises building resilient infrastructure; Cyber Supply Chain Risk Management (C-SCRM), to identify and mitigate risks from third parties; and Incident Detection and Response, designed to enhance Security Operations Centers (SOCs) in managing and limiting the impact of security incidents.
The US Cybersecurity and Infrastructure Security Agency (CISA) also notes that while the FOCAL Plan is tailored for federal agencies, it provides valuable insights for public and private sector organisations. It is a practical guide for developing effective cybersecurity strategies and improving coordination across enterprise security capabilities. Rather than offering an exhaustive checklist, the FOCAL Plan prioritises key actions that will drive significant advancements in cybersecurity and alignment goals within the federal sector.
Russia’s Telecommunication Technologies Consortium (TT Consortium), which includes Rostech, Rostelecom, and Element, has raised serious concerns about the country’s new import substitution requirements for telecom equipment. The consortium has formally communicated to the Ministry of Industry and Trade and the Ministry of Digital Transformation that the proposed targets for domestic components are unachievable.
According to the TT Consortium, the domestic market in Russia needs more suitable alternatives to many foreign components, making the mandated thresholds for domestic content impractical. Furthermore, the consortium has warned of potential severe repercussions if the stringent regulations are adopted in their current form. They fear the resolution could lead to the suspension of decisions recognising telecom equipment as domestic starting 1 December 2024. Consequently, this could result in no domestic telecom equipment being available, disrupting supply chains and impacting key sectors, including government operations and critical information infrastructure.
Additionally, the Telecommunication Technologies Consortium has criticised the draft government decree’s ambitious targets, which require telecom equipment to include 10% domestic components by 2026, 30% by 2028, and 60% by 2030. Manufacturers within the consortium argue that redesigning equipment to meet these requirements is daunting, given the current state of domestic component availability. They assert that such redesigns could lead to significant operational disruptions and hinder their ability to supply essential equipment to government clients and critical infrastructure entities.
A Russian national has been arrested in Florida on charges of illegally exporting drone-related technology to Russia. Authorities allege that 44-year-old Denis Postovoy, residing in Sarasota, smuggled microelectronic components with military applications to Russia following the 2022 invasion of Ukraine.
Postovoy is accused of violating US law by shipping technology that could enhance Russia’s military capabilities in the conflict. The Department of Justice stated that the exported components are used in drones and have dual-use potential for military purposes.
To conceal his activities, Postovoy allegedly worked through a network of companies in Russia and Hong Kong. He is said to have purchased the components from US distributors and sent them to intermediary locations before reaching Russia.
While the Russian embassy has acknowledged Postovoy’s detention, it noted no official communication from US law enforcement regarding the arrest has been received.
The company behind the popular AI chatbot ChatGPT, OpenAI, has announced that its newly established Safety and Security Committee will now operate independently to oversee the development and deployment of its AI models. This decision follows the committee’s recent recommendations, which were released publicly for the first time. Formed in May, the committee’s goal is to enhance and refine OpenAI’s safety practices amid growing concerns about AI’s ethical use and potential biases.
The committee will be led by Zico Kolter, a professor at Carnegie Mellon University and a member of OpenAI’s board. Under its guidance, OpenAI plans to implement an ‘Information Sharing and Analysis Center’ to facilitate cybersecurity information exchange within the AI industry. Additionally, the company is focusing on improving internal security measures and increasing transparency regarding the capabilities and risks associated with its AI technologies.
In a related development, OpenAI has also partnered with the US government to research and evaluate its AI models further. This move underscores the company’s commitment to addressing both the opportunities and challenges posed by AI as it continues to evolve.
The Cybersecurity and Infrastructure Security Agency (CISA) have urged federal agencies to either remove or upgrade an outdated Ivanti appliance that has been exploited in recent attacks.
Ivanti updated its advisory, warning that a ‘limited number of customers’ had been breached due to the vulnerability CVE-2024-8190, which was disclosed earlier in the week. The flaw affects Ivanti’s Cloud Service Appliance (CSA), a tool used for secure internet communication and managing devices connected to central consoles. Exploitation of this bug, which the CISA confirmed, allows hackers to gain access to the affected device.
CISA has mandated that all federal civilian agencies remove the appliance or upgrade to version 5.0 by October 4. Ivanti advised customers to check for any new or modified administrative users, which could indicate exploitation of the bug, and to monitor security alerts with specific tools.
This advisory came just one day after another Ivanti vulnerability raised concerns. The company, which faced significant scrutiny after a series of high-profile nation-state attacks exploited its products earlier this year, has committed to a security overhaul.
Microsoft is developing an alternative platform for cybersecurity companies that currently rely on deep access to its operating system’s kernel layer, following a global IT crisis caused by a faulty CrowdStrike update. In response to customer and partner demand, Microsoft announced plans to design a ‘new platform capability’ that would allow security vendors to operate without needing kernel-level access, which is the most critical layer of the OS.
This initiative aims to improve system reliability while maintaining strong security. The shift will require significant changes not only for Microsoft but also for external cybersecurity firms that use kernel access to detect threats. Microsoft explained that newer versions of Windows provide more ways for cybersecurity vendors to offer services outside of the kernel layer. However, some in the security industry believe kernel access is still essential for innovation and advanced threat detection.
Sophos’ Chief Research Officer, Simon Reed, emphasised that kernel access is vital for security products, describing it as fundamental to both Sophos’ offerings and Windows endpoint security in general. ESET echoed this sentiment, supporting changes to the Windows ecosystem as long as they do not weaken security or limit cybersecurity solution options. Both companies argue that restricting kernel access would hinder innovation and the detection of future threats.
The debate over kernel access is unlikely to result in major changes soon, as security companies fear it could give Microsoft’s own security products an unfair advantage. Given Microsoft’s antitrust history, this issue could end up in court, with government officials from the US and Europe closely monitoring developments.
A group of US Senate Democrats has called on the nation’s largest Bitcoin ATM operators to step up efforts in preventing fraud targeting elderly Americans. The Senators, led by Senate Judiciary Committee Chair Dick Durbin, addressed the growing number of scams using Bitcoin ATMs, urging companies to take immediate action to protect vulnerable populations.
Data from the Federal Trade Commission reveals that in the first half of this year alone, Bitcoin ATM-linked fraud amounted to $65 million. Older adults, particularly those aged 60 and over, were disproportionately affected, being three times more likely to report financial losses than younger users. Senators, including Elizabeth Warren, pointed to recent reports showing scammers coercing elderly individuals into sending funds through Bitcoin ATMs.
The Senators have asked major Bitcoin ATM firms to respond by early October, detailing their measures to combat fraud. This comes amid broader concerns over the rise in crypto scams, with the FBI reporting a significant increase in overall crypto-related fraud this year.
