Network security

Data security measures must be bolstered by Marriott and Starwood

Marriott International and Starwood Hotels have been ordered to improve data security following multiple breaches impacting over 344 million customers. The Federal Trade Commission (FTC) finalised the order on Friday, citing inadequate security practices. Major breaches occurred in 2015, 2018, and 2020, exposing sensitive customer information, including passport details and payment data.

Hackers gained prolonged access to systems during the breaches, with one lasting four years undetected. The companies must now implement measures such as limiting data retention and providing US customers with a way to request the deletion of personal information tied to their accounts.

The FTC accused the hotel chains of misleading consumers with claims of robust data security while failing to address basic vulnerabilities like weak passwords and outdated software. The Connecticut Attorney General’s office also announced a $52 million settlement with Marriott on the same day.

Under the 20-year order, Marriott and Starwood must maintain compliance records, undergo inspections, and ensure transparency about their data handling practices. The ruling is part of broader efforts to hold businesses accountable for safeguarding customer information.

Israeli spyware deal reports denied by US and Israel

Officials from the United States and Israel have refuted claims of approving the sale of Israeli spyware firm Paragon to Florida-based AE Industrial Partners. Reports of the transaction surfaced in Israeli media, suggesting both governments had greenlit the deal, but US and Israeli representatives dismissed these assertions.

The White House clarified that the sale was a private transaction with no formal US approval, while Israel‘s Defence Ministry stated it was still evaluating the deal. Paragon, linked to former Israeli intelligence officers, has faced scrutiny in the US market, including a paused $2 million contract with ICE.

The alleged acquisition has drawn attention due to Paragon’s ties to national security and controversial surveillance software. Both AE and Paragon have not yet commented on the situation.

US charges Russian-Israeli citizen over Lockbit ransomware

The United States has charged Rostislav Panev, a Russian-Israeli dual citizen, for his alleged role as a developer for the Lockbit ransomware group, which authorities describe as one of the world’s most destructive cybercrime operations. Panev, arrested in Israel in August, awaits extradition.

Lockbit, active since 2019, targeted over 2,500 victims across 120 countries, including critical infrastructure and businesses, extorting $500 million. Recent arrests, guilty pleas, and international law enforcement efforts have significantly disrupted the group’s activities.

Experts say law enforcement actions have tarnished Lockbit’s reputation, reducing its attacks and deterring affiliates. Authorities emphasise the importance of holding cybercriminals accountable.

NETSCOUT enhances DDoS protection with AI/ML-Driven adaptive solutions

NETSCOUT SYSTEMS announced significant updates to its Arbor Edge Defense (AED) and Arbor Enterprise Manager (AEM) products as part of its Adaptive DDoS Protection solution. These enhancements are designed to address the growing threats of AI-enabled DDoS attacks, which have surged in sophistication and frequency.

Application-layer and volumetric attacks have increased by 43% and 30%, respectively, with DDoS-for-hire services making attacks easier to execute. To combat these evolving threats, NETSCOUT leverages AI and machine learning (ML) within its ATLAS Threat Intelligence system, which monitors over 550 Tbps of real-time internet traffic across 500 ISPs and 2,000 enterprise sites worldwide.

The AI/ML-powered solution enables dynamic threat identification and mitigation, creating a scalable, proactive defence mechanism. The updated AED and AEM products automate a closed-loop DDoS attack detection and mitigation process, providing real-time protection by adapting to changing attack vectors and applying mitigation recommendations automatically.

NETSCOUT’s solution also offers comprehensive protection across hybrid IT environments, including on-premise infrastructure, private data centres, and public cloud platforms like AWS and Microsoft Azure, with enhancements such as 200 Gbps mitigation capacity, high-performance decryption, and visibility into non-DDoS threats.

By minimising downtime and safeguarding business-critical services, NETSCOUT’s Adaptive DDoS Protection reduces business risks and protects productivity and reputation. As the threat landscape continues to evolve, organisations can rely on NETSCOUT’s innovative technology to stay ahead of attackers and maintain IT resilience. Industry experts and agencies like the Cybersecurity & Infrastructure Security Agency (CISA) highlight the need for adaptive cybersecurity measures. NETSCOUT’s AI/ML-driven solutions meet these demands by offering robust, future-proof protection for critical IT infrastructure.

WhatsApp wins case as US judge rules against NSO Group

A US judge has ruled against Israel’s NSO Group in a lawsuit brought by WhatsApp, finding the spyware firm liable for hacking and breach of contract. The case, heard in Oakland, California, revolves around allegations that NSO exploited a vulnerability in WhatsApp to install Pegasus spyware, enabling unauthorised surveillance of 1,400 individuals. The court decision moves the case forward to determine damages.

Will Cathcart, head of WhatsApp, described the ruling as a triumph for privacy, emphasising the need for accountability in the spyware industry. WhatsApp expressed gratitude for support from various organisations and pledged continued efforts to safeguard private communications. Cybersecurity experts, including Citizen Lab’s John Scott-Railton, hailed the judgment as a pivotal moment for holding spyware companies accountable.

NSO argued that its Pegasus software serves to combat serious crime and threats to national security. However, the courts previously rejected claims of immunity, noting the company’s activities fell outside the protection of federal law. Appeals by NSO to higher courts, including the US Supreme Court, failed, paving the way for the trial to proceed.

The judgment signals a significant shift in how the spyware industry may be regulated, with implications for firms previously claiming they were not responsible for the misuse of their technology. Experts see it as a warning to surveillance companies that illegal actions will not go unchallenged.

TikTok faces ban in Albania after teen’s death

Albania has announced a one-year nationwide ban on TikTok, citing concerns about the platform’s influence on children. The decision follows the fatal stabbing of a 14-year-old boy in November, reportedly linked to social media disputes. Prime Minister Edi Rama revealed the ban as part of a broader strategy to enhance school safety after consultations with parents and teachers.

The Prime Minister has criticised TikTok and similar platforms for encouraging youth violence. Videos supporting the killing were shared online, raising alarms about the role of social media in such incidents. Rama stated that society, not children, bears responsibility for the issue, describing TikTok as a platform that holds children ‘hostage’.

Several European nations, including France and Germany, have introduced restrictions on social media for children. Albania’s move aligns with a growing global trend, with Australia recently approving a complete social media ban for users under 16.

TikTok responded by seeking clarity from the Albanian government, claiming no evidence linked the involved teens to the platform. A spokesperson suggested another platform might have hosted the content tied to the incident.

Trump signals support for TikTok amid national security debate

President-elect Donald Trump hinted at allowing TikTok to continue operating in the US, at least temporarily, citing the platform’s significant role in his presidential campaign. Speaking to conservative supporters in Phoenix, Arizona, Trump shared that his campaign content had garnered billions of views on TikTok, describing it as a “beautiful” success that made him reconsider the app’s future.

TikTok’s parent company, ByteDance, has faced pressure from US lawmakers to divest the app over national security concerns, with allegations that Chinese control of TikTok poses risks to American data. The US Supreme Court is set to decide on the matter, as ByteDance challenges a law that could force divestment. Without a favourable ruling or compliance with the law, TikTok could face a US ban by January 19, just before Trump takes office.

Trump’s openness to TikTok contrasts with bipartisan support for stricter measures against the app. While the Justice Department argues that Chinese ties to TikTok remain a security threat, TikTok counters that its user data and operations are managed within the US, with storage handled by Oracle and moderation decisions made domestically. Despite ongoing legal battles, Trump’s remarks and a recent meeting with TikTok’s CEO suggest he sees potential in maintaining the platform’s presence in the US market.

Tech giants join forces for US defence contracts, FT says

Data analytics firm Palantir Technologies and defence tech company Anduril Industries are leading efforts to form a consortium of technology companies to bid jointly for US government contracts, according to a report from the Financial Times. The group is expected to include SpaceX, OpenAI, Scale AI, autonomous shipbuilder Saronic, and other key players, with formal agreements anticipated as early as January.

The consortium aims to reshape the defence contracting landscape by combining cutting-edge technologies from some of Silicon Valley’s most innovative firms. A member involved in the initiative described it as a move toward creating “a new generation of defence contractors.” This collective effort seeks to enhance the efficiency of supplying advanced defence systems, leveraging technologies like AI, autonomous vehicles, and other innovations.

The initiative aligns with President-elect Donald Trump’s push for greater government efficiency, spearheaded in part by Elon Musk, who has been outspoken about reforming Pentagon spending priorities. Musk and others have criticised traditional defence programs, such as Lockheed Martin’s F-35 fighter jet, advocating instead for the development of cost-effective, AI-driven drones, missiles, and submarines.

With these partnerships, the consortium hopes to challenge the dominance of established defence contractors like Boeing, Northrop Grumman, and Lockheed Martin, offering a modernised approach to defence technology and procurement in the US.

North Korean hackers linked to surge in stolen cryptocurrency

Cryptocurrency theft reached $2.2bn (£1.76bn) in 2024, with North Korean hackers reportedly responsible for $1.3bn, according to a Chainalysis report. The total marks a 21% increase from 2023, though it remains lower than peak years.

The study highlights that hackers often target private keys used to access crypto platforms, causing severe losses for centralised exchanges. Significant breaches included a $300m theft from Japan‘s DMM Bitcoin and a $235m loss from India-based WazirX. Many attacks were linked to citizens of North Korea posing as remote IT workers.

The United States government has accused Pyongyang of using stolen funds to evade sanctions and finance weapons programmes. Recently, 14 North Koreans were indicted in a federal court for alleged extortion schemes, while the State Department announced a $5m reward for information on these activities.

US CISA unveils draft update to National Cyber Incident Response Plan

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a draft update to the National Cyber Incident Response Plan (NCIRP) for public feedback, reflecting changes in cybersecurity, law, policy, and operational processes since the plan’s 2016 release. Developed in collaboration with the Joint Cyber Defense Collaborative (JCDC) and the Office of the National Cyber Director (ONCD), the update aims to improve national preparedness for the growing complexity of cyber threats.

Key updates include clarifying how non-federal stakeholders, such as private sector entities, can participate in cyber incident response efforts, enhancing usability by aligning the plan with the incident response lifecycle, and incorporating the latest legal and policy changes. The NCIRP will now undergo regular updates to stay relevant as threats and technologies evolve.

The NCIRP coordinates efforts across federal agencies, state and local governments, the private sector, and international partners as a strategic framework. It outlines four critical lines of effort (LOEs): Asset Response, Threat Response, Intelligence Support, and Affected Entity Response, ensuring cohesive and coordinated actions during a cyber incident.

The plan also defines two key phases—Detection and Response—focusing on identifying significant incidents and then containing, eradicating, and recovering from them. Coordination between government agencies, private sector entities, and other stakeholders is vital to managing the response and minimising the impact on national security, the economy, and public health.

Collaboration and continuous improvement are central to the NCIRP’s success. The JCDC, Cyber Unified Coordination Group (Cyber UCG), and Cyber Response Group (CRG) ensure all stakeholders are aligned in their efforts, with the CRG overseeing policy coordination and broader strategic responses.

The NCIRP will be regularly reviewed and updated based on feedback and post-incident assessments, allowing it to adapt to new threats and technological changes. CISA is committed to strengthening the nation’s ability to respond to cyber incidents, emphasising the need for an agile, effective framework to keep pace with evolving cyber risks.

Diplo chatbot can make mistakes. Consider checking important information.