UN Cyber OEWG to host simulation exercise for states

The UN Office for Disarmament Affairs (ODA) will conduct a simulation exercise in early 2025 to help Member States engage with the Global Points of Contact (POC) Directory.

The directory ensures quick and effective responses to cybersecurity incidents by providing a reliable channel for diplomatic and technical contacts across countries. It is part of broader efforts to implement the agreed confidence-building measures (CBMs) and promote cyber stability and security globally, particularly under frameworks such as the UN’s Open-Ended Working Group (OEWG) on the security of ICTs. Most states have recently appointed their POCs and participated in the first ‘ping’ test (a test conducted by the directory manager to verify that the information in the directory is up-to-date).

In hybrid format, the exercise aims to familiarise nominated POCs with practical aspects of participating in the directory and clarify the roles of diplomatic and technical contacts. In collaboration with the UN Institute for Disarmament Research (UNIDIR) and the International Telecommunications Union (ITU), the event will occur virtually, with an in-person debrief.

UK Minister warns that NATO must adapt to AI threats

The UK government has announced the launch of a Laboratory for AI Security Research (LASR), an initiative to protect against emerging AI-driven threats and bolster Britain’s cyber resilience. The lab, backed by an initial £8.22 million in government funding, will bring together experts from academia, industry, and government to address AI’s evolving challenges to national security.

Speaking at the NATO Cyber Defence Conference in London, the Chancellor of the Duchy of Lancaster emphasised that AI is revolutionising national security and noted that ‘[…]as we develop this technology, there’s a danger it could be weaponised against us. Our adversaries are exploring how to use AI on the physical and cyber battlefield’.

LASR will collaborate with leading institutions, including the Alan Turing Institute, Oxford University, Queen’s University Belfast, and Plexal, alongside government agencies such as GCHQ, the National Cyber Security Centre, and the MOD’s Defence Science and Technology Laboratory. Partnerships will extend to NATO allies and Five Eyes countries, fostering an international approach to AI security.

In addition to LASR, the government announced a £1 million incident response project to help allies respond more effectively to cyberattacks. This initiative will further enhance international cooperation in managing cyber incidents.

The official communication highlights that this announcement aligns with the government’s broader agenda, including the forthcoming Cyber Security and Resilience Bill (to be introduced to Parliament in 2025) and the designation of data centres as critical national infrastructure (CNI) to secure the UK’s position as a global leader in cybersecurity and AI innovation.

France eyes strategic tech control in Atos deal

French IT giant Atos has entered discussions with the government for a potential €500 million ($524 million) acquisition of its advanced computing division. Known for its crucial role in securing communications for the French military and manufacturing supercomputer servers, Atos is restructuring to address its mounting debt. The government has prioritised retaining control over the company’s strategic technology assets to safeguard national interests.

The proposed deal includes an initial payment of €150 million upon signing, expected before the exclusivity period ends on May 31. The offer could rise to €625 million with performance-based earn-outs. French Finance Minister Antoine Armand emphasised the state’s duty to ensure the survival and development of industries critical to national sovereignty. Atos’ advanced computing and cybersecurity unit, employing 4,000 people and generating €900 million annually, is seen as a vital asset.

As part of its restructuring, Atos announced plans to sell its cybersecurity unit’s Critical Systems and Cyber Products. With this deal factored in, the company forecasts its financial leverage for 2027 to be between 1.8 and 2.1 times core earnings. Meanwhile, France‘s parliament is considering an amendment that could pave the way for Atos’ nationalisation, underscoring the government’s commitment to protecting key technologies.

Italy targets cybercrime with tough new measures

Italy is ramping up its fight against cybercrime with a draft decree aimed at tackling unauthorised access to sensitive computer systems. The move follows high-profile breaches, including incidents involving state and financial databases, prompting urgent government action. The legislation, which will be discussed by the cabinet on 25 November 2024, focuses on systems critical to military, public safety, health, and civil protection.

The draft gives Italy’s chief anti-mafia prosecutor expanded authority to oversee investigations into cases of extortion linked to data breaches. This comes on the heels of several arrests tied to illicit access to state systems, with dozens more under investigation, including individuals connected to prominent figures like Leonardo Maria Del Vecchio.

Separately, authorities in Bari are probing a potential breach at Italy‘s largest bank, Intesa Sanpaolo, which may have compromised Prime Minister Giorgia Meloni’s account. These incidents underscore the urgency of the proposed crackdown as Italy seeks to safeguard its digital infrastructure.

FCC targets video doorbell maker from China over security flaws

The Federal Communications Commission (FCC) has proposed a $735,000 fine against Chinese video doorbell manufacturer Eken over security issues and false information. Investigations revealed the devices exposed sensitive data, including users’ home IP addresses and WiFi details, while enabling unauthorised access to photos and videos through simple proximity-based actions.

The FCC also flagged that Eken’s registered US agent address was invalid, sparking broader scrutiny. The devices, sold on platforms such as Amazon and Walmart, prompted additional concerns earlier this year when Senator Marco Rubio criticised their lack of adequate security protections. He highlighted the risk of hackers accessing private images and videos from homes.

Eken’s case forms part of wider US efforts to address security risks from Chinese-made technology. FCC Chair Jessica Rosenworcel announced an audit of certifications tied to similar agents, warning about the potential for misuse ranging from domestic abuse risks to state-backed surveillance. Retailers were previously urged to stop selling such insecure Internet of Things (IoT) devices.

The issue comes as US agencies increase scrutiny on Chinese tech firms. A ban on new equipment authorisations for listed Chinese telecom and surveillance firms is already in place, while the Commerce Department has proposed measures to limit Chinese-made vehicle software.

Senator labels reported China-linked hack on US telecoms as historic breach

US authorities have revealed a massive cyberattack on American telecommunications networks, describing it as the ‘worst telecom hack in our nation’s history.’ Linked to Chinese hackers, the breach targeted multiple telecom companies and allowed the interception of surveillance data meant for US law enforcement. According to a joint FBI and CISA statement, the hackers accessed sensitive call records and communications, particularly involving individuals in government and political roles.

The attack also raised alarms after reports suggested telephones belonging to Donald Trump, JD Vance, and other high-profile political figures were compromised. Senator Mark Warner, chairman of the Senate Intelligence Committee, warned that China’s long-term efforts to infiltrate global telecom systems pose a grave security risk. Hackers reportedly managed to listen to phone calls and read text messages, going beyond what the Biden administration has publicly acknowledged.

China has consistently denied allegations of hacking foreign systems, and its embassy in Washington declined to comment on the latest claims. Warner criticised the lack of sufficient safeguards, stating, “The barn door is still wide open,” as concerns over US telecom infrastructure security intensify.

Elon Musk criticises Australia’s plan to ban social media for kids

Elon Musk has spoken out against Australia’s proposed law to ban social media use for children under 16, calling it a “backdoor way to control access to the Internet by all Australians.” The legislation, introduced by Australia’s centre-left government, includes fines of up to A$49.5 million ($32 million) for systemic breaches by platforms and aims to enforce an age-verification system.

Australia’s plan is among the world’s strictest, banning underage access without exceptions for parental consent or existing accounts. By contrast, countries like France and the US allow limited access for minors with parental approval or data protections for children. Critics argue Australia’s proposal could set a precedent for tougher global controls.

Musk, who has previously clashed with Prime Minister Anthony Albanese’s government, is a vocal advocate for free speech. His platform, X, has faced tensions with Australia, including a legal challenge to content regulation orders earlier this year. Albanese has called Musk an “arrogant billionaire,” underscoring their rocky relationship.

South Korea links 2019 crypto heist to North Korea

South Korean police have confirmed that hackers linked to North Korea’s military intelligence agency were behind a 2019 Ethereum cryptocurrency theft valued at 58 billion won ($41.5 million at the time). Hackers infiltrated a crypto exchange and stole 342,000 Ethereum tokens, which are now worth over 1.4 trillion won ($1 billion).

The stolen funds were laundered through three hacker-controlled crypto exchanges and 51 other platforms, according to South Korea’s National Police Agency. While the exchange targeted was not officially named, South Korea-based Upbit had reported a similar transfer to an unidentified wallet during the incident. The investigation, conducted with the FBI, used IP address analysis and asset tracking to trace the theft to groups reportedly tied to North Korea’s Reconnaissance General Bureau.

This marks the first confirmed instance of North Korean hackers targeting a South Korean crypto exchange. Previously, a UN report linked North Korea to nearly $3.6 billion in crypto heists from 2017 to 2024. South Korean investigators recovered a small fraction of the stolen assets, equivalent to 600 million won, which were returned to the exchange. North Korea denies involvement in such activities despite mounting evidence to the contrary.

Snap challenges New Mexico lawsuit alleging child exploitation risks

Snap Inc., the parent company of Snapchat, has filed a motion to dismiss a New Mexico lawsuit accusing it of enabling child sexual exploitation on its platform. The lawsuit, brought by Attorney General Raul Torrez in September, claims Snapchat exposed minors to abuse and failed to warn parents about sextortion risks. Snap refuted the allegations, calling them ‘patently false,’ and argued that the state’s decoy investigation misrepresented key facts.

The lawsuit stems from a broader push by US lawmakers to hold tech firms accountable for harm to minors. Investigators claimed a decoy account for a 14-year-old girl received explicit friend suggestions despite no user activity. Snap countered that the account actively sent friend requests, disputing the state’s findings.

Snap further argued that the lawsuit violates Section 230 of the 1996 Communications Decency Act, which shields platforms from liability for user-generated content. It also invoked the First Amendment, stating the company cannot be forced to provide warnings about subjective risks without clear guidelines.

Defending its safety efforts, Snap highlighted its increased investment in trust and safety teams and collaboration with law enforcement. The company said it remains committed to protecting users while contesting what it views as an unjustified legal challenge.

CZ warns of exploit threat to Mac users

Former Binance CEO Changpeng Zhao has alerted the crypto community about a new exploit targeting Intel-based Mac users, which could expose their digital assets. Zhao urged users to immediately patch their systems to protect sensitive data, following the discovery of zero-day vulnerabilities on 19 November. These vulnerabilities also affect iPhones and iPads, prompting Apple to release emergency fixes.

The flaws, tracked as CVE-2024-44308 and CVE-2024-44309, allow hackers to exploit JavaScriptCore and WebKit components on macOS Sequoia. This could lead to cross-site scripting attacks, where attackers inject malicious code into trusted websites, enabling them to steal sensitive information and hijack user sessions.

Despite Apple’s strong security reputation, users have been at risk from several high-profile exploits this year. Previous attacks have included crypto-focused malware and vulnerabilities in Apple’s iMessage framework. With hackers exploiting these flaws, crypto users must stay vigilant and update their systems to safeguard their digital assets.