Microsoft’s productivity software suite experienced an outage affecting more than 16,000 users on Thursday, as reported by Downdetector. The disruption impacted access to Microsoft 365 services, with reports peaking at around 23,000 before signs of recovery emerged.
The company acknowledged the issue, stating it was investigating problems affecting multiple services. Microsoft‘s Azure cloud platform added that connectivity issues might have been related to AT&T networks, though AT&T had not yet responded to queries.
This outage followed a similar incident two months ago when a faulty update from CrowdStrike disrupted operations on 8.5 million Windows devices. While the number of affected users began decreasing, some reported on social media that services had returned to normal.
Downdetector showed more than 16,500 users struggling with Microsoft 365 access, and around 4,000 AT&T users reported issues. The exact cause and timeline for a full recovery had yet to be clarified by Microsoft.
US authorities have taken down over 350 websites selling gun silencers and parts from China used to convert semiautomatic pistols into fully automatic machine guns. The move follows an investigation that started in August 2023, targeting illegal sales of these dangerous devices.
Undercover operations revealed shipments from China, falsely labelled as items such as ‘necklaces’ or ‘toys’. Instead, these packages contained machine gun conversion devices, known as ‘switches’, and ‘silencers’, both banned under the National Firearms Act. Some websites even sold counterfeit goods, misusing the trademark of gun manufacturer Glock Inc.
Acting US Attorney Joshua Levy emphasised the importance of seizing these websites to halt the influx of illegal and dangerous contraband. Law enforcement has so far seized over 700 machine gun conversion devices, 87 illegal suppressors, 59 handguns, and 46 long guns.
Officials highlighted the growing problem of such devices being easily accessible, posing a serious threat to public safety. The seizures are part of a broader effort to tackle the illegal gun parts trade and protect communities.
OpenAI is reportedly in talks to secure $6.5 billion in funding, aiming for a $150 billion valuation. Such a move would significantly boost its position among the world’s top startups, following an earlier $86 billion valuation this year.
Led by CEO Sam Altman and backed by Microsoft, OpenAI’s success with the ChatGPT chatbot has driven its rapid rise. The firm has revived Silicon Valley’s interest in AI, further solidifying its position. A significant portion of the new funding may come in the form of a revolving credit facility, adding $5 billion in debt from banks.
The capital injection will help OpenAI remain a private company, avoiding the regulatory challenges and stock market volatility that often come with public listings. Many high-profile startups are choosing to stay private for longer, bolstered by private equity funding.
Some investors, however, may push for liquidity through a public offering or company sale. Meanwhile, OpenAI has been added to Forge Global’s prestigious list of “Private Magnificent Seven” startups, further highlighting its dominance in the AI sector.
BT has reported detecting 2,000 potential cyberattacks on its network every second. The rise is attributed to criminals deploying disposable ‘bots’ to bypass existing security measures.
In July, digital surveillance activity by hackers using malicious scanning bots surged by 1,200% compared to the previous year. The telecom giant revealed that these attacks are targeting a wide range of sectors, including retail, education, hospitality, defence, and financial services.
Tris Morgan, BT’s managing director of security, stated that hackers are probing connected devices every 90 seconds in their attempts to breach systems. However, this reflects a significant escalation in cyber threats.
At its Secure Tomorrow cybersecurity event, BT showcased its advanced quantum secure communications and AI-driven cyber defence technologies.
The Department of Telecommunications (DoT) and the Telecom Regulatory Authority of India (TRAI) are taking significant steps to enhance the security and quality of telecom services. To combat spam and cyber fraud, TRAI has implemented measures to disconnect and blacklist entities involved in bulk spam operations, resulting in the removal of over 3.5 lakh spam numbers and the blacklisting of 50 entities.
Additionally, the DoT’s Sanchar Saathi platform allows citizens of India to report suspicious activity, leading to the disconnection of over one crore fraudulent connections and the blocking of 2.27 lakh handsets involved in cybercrime. Concurrently, TRAI has updated its Quality of Service (QoS) regulations to enforce stricter benchmarks for network performance metrics such as call drop rates, packet drop rates, and latency. Effective 1 October 2024, these regulations will introduce monthly monitoring from April 2025, enhancing oversight and accountability to improve network quality.
DoT and TRAI are also implementing proactive measures to tackle the issue of unregistered telemarketers. For that, TRAI is considering immediate service suspensions for telemarketers not registered, based on a predefined threshold of complaints, and is working on proactive detection of suspected spammers.
These initiatives are part of a broader strategy to create a more secure and user-friendly telecom environment. Through these collaborative efforts, the DoT and TRAI ensure ongoing enhancements in telecom services, infrastructure, and quality assurance, aiming to provide users with a more reliable and customer-centric experience.
Microsoft is set to host a cybersecurity summit on Tuesday, following a significant global IT outage in July caused by a faulty software update from security firm CrowdStrike. The outage, which affected nearly 8.5 million Windows devices and disrupted industries like airlines, banks, and healthcare, highlighted vulnerabilities in the cybersecurity landscape.
The summit, held at Microsoft’s Redmond headquarters, will bring together government representatives to discuss ways to strengthen cybersecurity systems. The July incident raised concerns about organisations’ ability to handle system failures and the risks of relying heavily on a single vendor for security solutions.
One of the most impacted companies, Delta Air Lines, reported mass flight cancellations due to the outage, resulting in losses of at least $500 million. The airline is now pursuing legal action against both CrowdStrike and Microsoft.
Portugal’s new centre-right government has upheld the previous administration’s ban on Chinese equipment in its 5G networks, citing security concerns. This move, initially imposed in May 2023 by the country’s cybersecurity board (CSSC), also applies to 4G platforms supporting 5G, dealing a setback to Chinese tech giant Huawei’s attempts to expand its presence in Portugal.
Infrastructure Minister Miguel Pinto Luz confirmed the continuation of the ban, emphasising the importance of maintaining security measures, especially in light of the growing geopolitical tensions between global powers. While Portugal’s position aligns closely with US policy, it is stricter than that of other European nations, as Huawei challenges the ban in court.
Telecom operators like Altice, NOS, and Vodafone have already opted not to use Huawei’s technology in their 5G networks. However, a recent study suggests the exclusion could cost Portugal’s economy over 1 billion euros, including significant replacement costs. The minister, however, downplayed the financial impact, stating operators have ample time to transition.
Germany’s domestic intelligence agency has warned about a Russian cyber group tied to the military intelligence agency, GRU. Known as Unit 29155 or UNC2589, the group has been accused of launching cyberattacks against NATO and the EU countries, escalating concerns about Russian interference. In a coordinated effort, Germany’s Bundesverfassungsschutz issued the alert in collaboration with the FBI, US cybersecurity agencies, and other international partners.
The warning follows a wave of suspicion across Europe regarding Russian cyber activities, particularly since the invasion of Ukraine in 2022. Earlier this year, Germany accused Russia of targeting the Social Democratic Party as well as industries like defence, aerospace, and logistics. These attacks have been attributed to UNC2589, also known by other names such as Cadet Blizzard or Ember Bear.
The cyber group is reportedly involved in espionage and sabotage, with tactics that include defacing websites and leaking stolen data. The GRU unit to which it belongs is notorious for its alleged role in the poisoning of former Russian double agent Sergei Skripal and his daughter Yulia in Britain in 2018, further cementing its reputation as a severe threat to international security.
Japan and Australia have recently strengthened their collaboration to enhance economic security for Pacific Island nations, responding to China’s growing influence in the region. The initiative was formalised during a ‘two-plus-two’ meeting of foreign and defence ministers, where both countries committed to establishing the Japan-Australia Pacific Digital Development Initiative.
That framework aims to support the development of telecommunications infrastructure, including installing submarine cables, which are crucial for secure communication. By investing in these projects, Japan and Australia aim to reduce the reliance of Pacific Island nations on Chinese technology, which poses potential security risks due to vulnerabilities in data extraction and disruption.
Additionally, Japan and Australia are upgrading their Economic Security Dialogue and enhancing military collaboration as part of their broader security initiative. The Economic Security Dialogue will explore practical cooperation against economic coercion from China, focusing on enhancing the financial resilience of Pacific Island nations. The two countries are also dispatching a liaison officer from Japan’s Self-Defense Forces to Australia’s Joint Operations Command to improve operational coordination and strengthen their collective defence posture.
Furthermore, both nations have reaffirmed their strong opposition to unilateral attempts to alter the status quo in the East and South China Seas, emphasising their commitment to regional stability and international law.
US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Identity Guidelines, introducing updates for government contractors in cybersecurity, identity verification, and AI use. The guidelines propose expanded identity proofing methods, including remote and onsite verification options. These enhancements aim to improve the reliability of identity systems used by government contractors to access federally controlled facilities and information. By providing different assurance levels for identity verification, NIST ensures that contractors can implement secure and appropriate measures based on the context and location of the verification process.
A significant focus of the guidelines is on continuous evaluation and monitoring. Organisations are now required to implement ongoing programs that track the performance of identity management systems and evaluate their effectiveness against emerging threats. The guidelines also emphasise the importance of proactive fraud detection. Contractors and credential service providers (CSPs) must continuously assess and update their fraud detection methods to align with the evolving threat landscape.
One of the notable updates in the guidelines is the introduction of syncable authenticators and digital wallets. This allows contractors to manage their digital credentials more efficiently by storing them securely in digital wallets. These wallets provide flexibility in how contractors present their identity attributes when accessing different federal systems.
The guidelines also introduce a risk-based approach to authentication, where authentication levels are tailored to the sensitivity of the system or information being accessed. That gives government agencies the flexibility to assign different authentication methods depending on the security needs of the transaction. For example, accessing highly sensitive systems would require stronger multi-factor authentication (MFA) measures, including biometrics, while less critical systems may have less stringent requirements.
Why does this matter?
The use of AI and ML in identity systems is another key aspect of the Draft Guidelines. NIST emphasises transparency and accountability in integrating AI and ML into these systems. Organisations must document how AI is used, disclose the datasets for training models, and ensure that AI systems are evaluated for risks like bias and inequitable outcomes. The guidelines address the concern that AI technologies could exacerbate existing inequities or produce biassed results in identity verification processes. Organisations are encouraged to adopt NIST’s AI Risk Management Framework to mitigate these risks and consult its guidance on managing bias in AI.
Lastly, the guidelines highlight the importance of privacy, equity, and usability in digital identity systems. Ensuring broad participation and access to digital services, especially for individuals with disabilities, is a core requirement. NIST stresses that digital identity systems must be designed to be inclusive and accessible to all contractors, addressing any potential usability challenges while maintaining security.
