A Russian national has been arrested in Florida on charges of illegally exporting drone-related technology to Russia. Authorities allege that 44-year-old Denis Postovoy, residing in Sarasota, smuggled microelectronic components with military applications to Russia following the 2022 invasion of Ukraine.
Postovoy is accused of violating US law by shipping technology that could enhance Russia’s military capabilities in the conflict. The Department of Justice stated that the exported components are used in drones and have dual-use potential for military purposes.
To conceal his activities, Postovoy allegedly worked through a network of companies in Russia and Hong Kong. He is said to have purchased the components from US distributors and sent them to intermediary locations before reaching Russia.
While the Russian embassy has acknowledged Postovoy’s detention, it noted no official communication from US law enforcement regarding the arrest has been received.
The company behind the popular AI chatbot ChatGPT, OpenAI, has announced that its newly established Safety and Security Committee will now operate independently to oversee the development and deployment of its AI models. This decision follows the committee’s recent recommendations, which were released publicly for the first time. Formed in May, the committee’s goal is to enhance and refine OpenAI’s safety practices amid growing concerns about AI’s ethical use and potential biases.
The committee will be led by Zico Kolter, a professor at Carnegie Mellon University and a member of OpenAI’s board. Under its guidance, OpenAI plans to implement an ‘Information Sharing and Analysis Center’ to facilitate cybersecurity information exchange within the AI industry. Additionally, the company is focusing on improving internal security measures and increasing transparency regarding the capabilities and risks associated with its AI technologies.
In a related development, OpenAI has also partnered with the US government to research and evaluate its AI models further. This move underscores the company’s commitment to addressing both the opportunities and challenges posed by AI as it continues to evolve.
The Cybersecurity and Infrastructure Security Agency (CISA) have urged federal agencies to either remove or upgrade an outdated Ivanti appliance that has been exploited in recent attacks.
Ivanti updated its advisory, warning that a ‘limited number of customers’ had been breached due to the vulnerability CVE-2024-8190, which was disclosed earlier in the week. The flaw affects Ivanti’s Cloud Service Appliance (CSA), a tool used for secure internet communication and managing devices connected to central consoles. Exploitation of this bug, which the CISA confirmed, allows hackers to gain access to the affected device.
CISA has mandated that all federal civilian agencies remove the appliance or upgrade to version 5.0 by October 4. Ivanti advised customers to check for any new or modified administrative users, which could indicate exploitation of the bug, and to monitor security alerts with specific tools.
This advisory came just one day after another Ivanti vulnerability raised concerns. The company, which faced significant scrutiny after a series of high-profile nation-state attacks exploited its products earlier this year, has committed to a security overhaul.
Microsoft is developing an alternative platform for cybersecurity companies that currently rely on deep access to its operating system’s kernel layer, following a global IT crisis caused by a faulty CrowdStrike update. In response to customer and partner demand, Microsoft announced plans to design a ‘new platform capability’ that would allow security vendors to operate without needing kernel-level access, which is the most critical layer of the OS.
This initiative aims to improve system reliability while maintaining strong security. The shift will require significant changes not only for Microsoft but also for external cybersecurity firms that use kernel access to detect threats. Microsoft explained that newer versions of Windows provide more ways for cybersecurity vendors to offer services outside of the kernel layer. However, some in the security industry believe kernel access is still essential for innovation and advanced threat detection.
Sophos’ Chief Research Officer, Simon Reed, emphasised that kernel access is vital for security products, describing it as fundamental to both Sophos’ offerings and Windows endpoint security in general. ESET echoed this sentiment, supporting changes to the Windows ecosystem as long as they do not weaken security or limit cybersecurity solution options. Both companies argue that restricting kernel access would hinder innovation and the detection of future threats.
The debate over kernel access is unlikely to result in major changes soon, as security companies fear it could give Microsoft’s own security products an unfair advantage. Given Microsoft’s antitrust history, this issue could end up in court, with government officials from the US and Europe closely monitoring developments.
PLDT and CICC have launched a major initiative called PROTECTA Pilipinas to enhance the security and resilience of the Philippines’ telecommunications infrastructure. This public-private partnership brings together key players in the telecom sector, including PLDT, Smart Communications, and the CICC, along with other stakeholders like the Philippine Chamber of Telecommunication Operators, CitizenWatch Philippines, Infrawatch PH, and others.
The primary goal of this alliance is to implement comprehensive protection measures that address cybersecurity and physical infrastructure security. The initiative focuses on enhancing network resilience through redundancy and disaster recovery plans while bolstering cybersecurity protocols to protect against digital threats. On the physical side, PROTECTA Pilipinas aims to tackle issues such as equipment theft and vandalism and will establish monitoring systems to assess the health and performance of telecom facilities regularly.
PLDT and CICC focus on timely reporting and legal protections as part of PROTECTA Pilipinas. The alliance will develop mechanisms for reporting suspicious activities and advocate for legal measures to protect telecom infrastructure from vandalism and theft. Additionally, they will collaborate with government bodies to align on policies and regulations, creating a robust framework to secure critical telecom assets and promote best practices across the Philippines.
The Government of Malta has initiated a public consultation to establish a comprehensive legal framework for ethical hackers, also known as security researchers, who identify and disclose vulnerabilities in ICT systems to bolster cybersecurity. That initiative aims to clearly define the role of ethical hackers, ensuring that their activities are regulated and protected by law, enabling them to operate within a transparent and legitimate framework.
In addition, the Government of Malta has proposed that ICT system owners, especially those managing critical infrastructure, implement Coordinated Vulnerability Disclosure Policies (CVDP) to handle better the detection and resolution of security flaws identified by ethical hackers. Overseen by the Directorate for Critical Infrastructure Protection (CIPD), this policy comes in response to an incident where four computer science students were arrested after discovering a vulnerability in the FreeHour app.
Despite acting in good faith, the students faced legal consequences, highlighting the urgent need for clearer protections and legal guidance for ethical hackers. The proposed framework aims to formalise the process, encouraging cooperation between public and private entities and ensuring that cybersecurity research is conducted safely and responsibly.
Open to public input until 7 October 2024, the consultation is expected to lead to legislative reforms that distinguish ethical hacking from illegal activities, providing much-needed clarity for those working to enhance cybersecurity.
SITA has introduced its new cybersecurity solution, SITA Managed NAC (Network Access Control), designed to enhance airport and airline digital infrastructure security. That innovative solution addresses the increasing threats to digital networks in complex environments like airports, providing essential protection for critical communication systems.
SITA Managed NAC offers advanced security features for Local Area Network (LAN) and Wireless LAN communications. Specifically, it incorporates additional layers of identification checks and network segmentation, which ensure compliance with industry standards while safeguarding passenger systems and operational efficiency.
Furthermore, the solution provides granular control over network access, including detailed logging capabilities and the ability to quarantine non-compliant devices. As a result, it supports airports and airlines in meeting stringent cybersecurity recommendations from authorities such as the US Transportation Security Agency (TSA) and the Airports Council International (ACI).
Moreover, SITA Managed NAC integrates seamlessly with the existing SITA Campus Network product, leveraging Cisco’s Identity Services Engine (ISE) platform to enforce identity-based access controls and policies. Adopting a Zero Trust security model, the solution continuously authenticates and authorises access requests, significantly reducing the risk of unauthorised access and potential breaches.
Dubai has introduced a pioneering AI security policy through the Dubai Electronic Security Center, led by H.E. Amer Sharaf. This landmark initiative is designed to address the unique challenges and vulnerabilities associated with AI. The policy focuses on three critical pillars: data integrity, protection of critical infrastructure, and ethical AI usage.
By establishing robust guidelines and best practices, Dubai aims to ensure that AI systems are resilient against emerging threats and operate securely. This comprehensive approach not only sets a high standard for AI security but also positions Dubai as a global leader in digital innovation in accordance with the UAE National Strategy for Artificial Intelligence 2031.
As part of its broader strategy to drive digital transformation, Dubai has implemented a pioneering AI security policy that plays a crucial role in its ambition to become a leading global digital city. Integrating advanced security measures into its AI initiatives allows Dubai to mitigate risks while effectively creating an environment conducive to innovation. That policy underpins ambitious projects such as self-driving vehicles and smart health systems, highlighting Dubai’s commitment to fostering a secure and dynamic digital landscape that aligns with its forward-looking vision.
Oprah Winfrey aired a special titled ‘AI and the Future of Us,’ featuring guests like OpenAI CEO Sam Altman, tech influencer Marques Brownlee, and FBI director Christopher Wray. The discussion was largely focused on the potential risks and ethical concerns surrounding AI. Winfrey highlighted the need for humanity to adapt to AI’s rapid development, while Altman emphasised the importance of safety regulations.
Altman defended AI’s learning capabilities but acknowledged the need for government involvement in safety testing. However, his company has opposed California’s AI safety bill, which experts believe would provide essential safeguards. He also discussed the dangers of deepfakes and urged caution as AI technology advances.
Wray pointed out AI’s role in rising cybercrimes like sextortion and disinformation. He warned of its potential to be exploited for election interference, urging the public to remain vigilant in the face of increasing AI-generated content.
For balance, Bill Gates expressed optimism about AI’s positive impact on education and healthcare. He envisioned AI improving medical transcription and classroom learning, though concerns about bias and misuse remain.
Top legislative body in China has approved changes to its statistics law to combat data fraud. The move addresses growing concerns over the reliability of economic figures in the world’s second-largest economy. Amended regulations aim to prevent statistical manipulation and penalise officials involved in falsifying economic reports.
Authorities have acknowledged persistent problems with statistical fraud, which has led to public mistrust in economic data. The issue has become a major focus for lawmakers, as many believe it harms the accuracy of important economic indicators.
External analysts have long questioned the authenticity of Chinese data, particularly as the country grapples with an economic slowdown. The new law is part of ongoing efforts to restore confidence by cracking down on fraudulent reporting.
Government in China has vowed to investigate and penalise officials involved in data manipulation, seeking to improve transparency and the overall quality of economic statistics.
