The Pakistan Software Houses Association (P@SHA) has warned that Pakistan’s new internet firewall could cost the economy up to $300 million. The firewall, designed to monitor and regulate online content, has already led to significant disruptions including prolonged internet outages and unstable VPN performance, threatening business operations across the country. P@SHA describes these issues as a severe blow to the industry’s viability.
The government, which denies using the firewall for censorship, has faced criticism for its lack of transparency. This yhas sparked fears among internet users and international IT clients about data privacy and security. The firewall’s impact on the economy is exacerbated by existing restrictions, such as the blocking of the social media platform X.
P@SHA has called for an immediate halt to the firewall, urging the government to collaborate with the industry to establish a robust cybersecurity framework. IT sector of Pakistan, which recorded a significant increase in exports this year, stands to suffer considerable losses if the disruptions continue.
California is set to vote on SB 1047, a bill designed to prevent catastrophic harm from AI systems. The bill targets large AI models—those costing over $100 million to train and using immense computing power—requiring their developers to implement strict safety protocols. These include emergency shut-off mechanisms and third-party audits. The Frontier Model Division (FMD) will oversee compliance and enforce penalties for violations.
Supporters of the bill, including State Senator Scott Wiener and prominent AI researchers, contend that preemptive regulation is essential to safeguard against potential AI disasters. They believe it’s crucial to establish regulations before serious incidents occur. The bill is expected to be approved by the Senate and is now awaiting a decision from Governor Gavin Newsom.
If passed, SB 1047 would not take effect immediately, with the FMD scheduled to be established by 2026. The bill is anticipated to face legal challenges from various stakeholders who are concerned about its implications for the tech industry.
Hackers connected to Russian intelligence have been targeting Kremlin critics worldwide through phishing emails, as revealed by research from Citizen Lab and Access Now. The cyberattacks, which began in 2022, have affected Russian opposition figures in exile, former US officials, and EU non-profits, among others. These attacks are part of a broader internet espionage operation aimed at accessing sensitive networks and contacts.
A key feature of the campaign is the use of malicious emails that appear to come from known contacts, making them particularly deceptive. Victims include a former US ambassador to Ukraine, who received an email impersonating a colleague. Many of those targeted fell for the scam, which led them to fake login pages designed to steal their credentials.
The hacking groups behind the attacks, identified as Cold River and Coldwastrel, have been linked to Russia’s Federal Security Service (FSB). Cold River, known for its prolific activity since 2016, has intensified its efforts against Kyiv’s allies since the invasion of Ukraine. Some of its members have faced sanctions from the US and Britain.
Citizen Lab warns that the consequences of these cyberattacks could be severe, particularly for those still in Russia, where successful breaches could lead to imprisonment. Despite the serious implications, the Russian embassy has not commented on the allegations, continuing to deny involvement in previous hacking incidents.
GitHub, a major platform for developers and code repositories, experienced a significant outage on Wednesday, affecting its website and multiple services. The issues were linked to changes in the platform’s database infrastructure, which have since been rolled back. As of 8:26PM ET, GitHub confirmed that all services are now fully operational.
Earlier, many users encountered an error message when trying to access the site, which stated, ‘no server is currently available to service your request.’ Alongside this message, users were greeted by an image of an angry unicorn. The outage impacted core services, including pull requests, GitHub Pages, Copilot, and the GitHub API.
The outage escalated quickly, with GitHub’s first status message at 7:11PM ET, followed by reports of issues with several key services. According to Downdetector, more than 10,000 users reported problems within minutes of the first alert. International outages were confirmed by internet monitoring service NetBlocks just two minutes later.
GitHub, which was acquired by Microsoft in 2018, has not yet provided a detailed comment on the incident. However, services have now returned to normal, and the platform continues to monitor its systems for any lingering issues.
The White House and the Department of Homeland Security (DHS) have announced an $11 million initiative to explore and enhance the security of open-source software (OSS) used in critical infrastructure sectors such as healthcare, transportation, and energy production. This effort, known as the Open-Source Software Prevalence Initiative (OSSPI), aims to map out the use of open-source software across these vital areas, enabling the federal government and private sector to bolster national cybersecurity.
The initiative was officially announced by the White House, and further details were shared over the weekend at the DEF CON cybersecurity conference by National Cyber Director Harry Coker. A key component of this initiative is the formation of a public-private working group, set to be established later this year, to develop strategies for enhancing the security of OSS. Although specific details about the initiative are not known yet, the White House released a summary report last year containing a dozen recommendations from the cybersecurity community on areas for federal focus in open source security.
The report outlines several ongoing and planned activities, including:
Securing software package repositories
Strengthening collaboration between the federal government and open-source communities
Expanding the use of Software Bill of Materials (SBOMs)
Enhancing the security of the software supply chain
Establishing an ‘Open-Source Program Office’
Implementing vulnerability severity metrics
Boosting educational initiatives
Phasing out legacy software
While the White House has clarified that it does not intend to penalise underfunded open-source developers, Coker has repeatedly stressed that software manufacturers must be held accountable when they prioritize speed over security. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly echoed these sentiments at the Black Hat cybersecurity conference, advocating for a software liability regime with clear standards of care and safe harbor provisions for vendors who prioritise secure development practices.
T-Mobile has been fined $60 million by a US committee focused on national security for failing to prevent and report unauthorised access to sensitive data. The penalty, imposed by the Committee on Foreign Investment in the US (CFIUS), is linked to violations of a mitigation agreement T-Mobile signed during its 2020 acquisition of Sprint Corp.
The data breach occurred in 2020 and 2021, during the integration of Sprint into T-Mobile’s operations. T-Mobile, controlled by Deutsche Telekom, explained that technical issues affected a small number of law enforcement data requests, but emphasised that the information never left the law enforcement community and was swiftly addressed.
The $60 million fine is the largest ever imposed by CFIUS, signalling a stronger approach to enforcement. Officials noted that the transparency of the penalty is intended to deter future violations, highlighting the committee’s commitment to holding companies accountable.
In the past 18 months, CFIUS has issued six penalties, including the one against T-Mobile, far surpassing the number of fines levied in the previous decades. The delay in T-Mobile’s reporting hampered the committee’s efforts to investigate and mitigate potential risks to US national security.
Japan’s Defense Ministry is preparing to launch a new research institute in Tokyo this October to develop cutting-edge defence technologies with the potential to transform future warfare. The institute, which will be housed at the Ebisu Garden Place commercial complex, is inspired by the US Defense Advanced Research Projects Agency (DARPA) and will collaborate closely with the private sector. With a team of around 100 personnel, half of whom will be experts from outside the ministry, the institute will focus on key areas like AI, robotics, and advanced particle research.
The new institute, provisionally named the Defense Innovation Technology Institute, aims to drive ‘breakthrough research’ by deploying innovative defence technologies within three years using existing technologies. Projects may include the development of autonomous uncrewed vehicles and advanced submarine detection methods. Additionally, the institute will serve as a think tank, monitoring global trends in cutting-edge technologies and managing subsidies for dual-use technologies that have applications in both defence and civilian sectors.
The initiative is part of Japan’s broader National Defense Strategy, which emphasises finding and developing multi-use technologies to bolster the country’s defence capabilities. The creation of the institute, backed by a 21.7 billion yen budget for the current fiscal year, marks a significant step in Japan’s largest defence buildup since World War II, driven by concerns over growing influence from China and nuclear and missile threats from North Korea.
WhatsApp is expanding its sticker options, offering users more ways to express themselves through its platform. Despite the availability of hundreds of emojis and sticker packs, many users may struggle to find the perfect expression for their emotions. To address this, WhatsApp has integrated AI and GIPHY, enhancing the experience.
Users can now access an extensive collection by tapping the sticker icon and searching with text or emojis. Additionally, WhatsApp allows users to create custom ones from their existing images. By simply opening a photo, the app automatically removes the background, leaving only the subject for further customisation.
They can be cropped, drawn upon, and decorated before being saved automatically in the sticker section. WhatsApp now lets users preview and reorganize packs by dragging them within the sticker tray, offering greater control over their collection.
The Turkish National Intelligence Organization (MIT), in collaboration with the Turkish Gendarmerie General Command and the National Cyber Incident Response Center (USOM), has dismantled a global cyber espionage network responsible for stealing personal data from thousands of individuals worldwide, including in Turkey. The operation, led by the Ankara Chief Public Prosecutor’s Office, resulted in the arrest of 11 suspects.
According to MIT, the network had international ties and was sharing stolen data with various entities, including terrorist organisations. The network had been under long-term surveillance, during which MIT discovered that the stolen information was being used to support terrorist activities.
As part of the operation, several websites associated with the network were shut down, 11 suspected criminals were arrested, and the investigation continues, with the seized data undergoing thorough examination. MIT has announced plans to expand its cyber operations to protect sensitive personal data and investigate the network’s international connections further.
Enzo Biochem has agreed to pay $4.5 million to settle claims that it failed to protect sensitive patient data, leading to a significant cyberattack in April 2023. The breach compromised the personal and health information of approximately 2.4 million patients, including Social Security numbers and health histories. The settlement, announced by New York Attorney General Letitia James, involves payments to New York, New Jersey, and Connecticut.
The attack was made possible by shared login credentials among Enzo employees, including one password that hadn’t been updated in ten years. The attackers installed malware on the company’s systems, which went undetected for several days due to insufficient monitoring. The company has since taken steps to enhance its security measures, such as enforcing stronger passwords, implementing two-factor authentication, and improving its response plan for future incidents.
Enzo began notifying affected patients in June 2023. The breach impacted 1.46 million New Yorkers, including 405,000 whose Social Security numbers were compromised. New York will receive $2.8 million from the settlement. Attorney General James emphasised the importance of protecting patient information, particularly in the context of medical services.
Enzo Biochem has not commented on the settlement. The company previously exited the clinical lab testing business in August of the previous year. The settlement marks a significant reminder of the importance of robust cybersecurity protocols in protecting sensitive data.
