A major tech outage on Friday disrupted operations across various industries worldwide. Airlines such as American, Delta, and United grounded flights due to communication issues, while airports in Tokyo, Amsterdam, and Berlin reported delays. The disruption extended to financial services, with banks and stock exchanges experiencing significant interruptions. Microsoft’s cloud services and Amazon’s AWS were also impacted, further complicating matters.
The root cause of the outage was traced to a software update by cybersecurity firm CrowdStrike. Their Falcon Sensor software caused Microsoft Windows systems to crash, displaying the notorious ‘Blue Screen of Death.’ CrowdStrike has begun rolling back the problematic update, offering a manual workaround to mitigate the issue. Despite the widespread impact, there was no indication that the outage was due to a cyberattack.
The outage’s ripple effect was felt globally, hitting healthcare and media sectors. Sky News went off air in the UK, and doctors’ booking systems were down. In Australia, telecom companies and banks faced disruptions linked to CrowdStrike’s software issues. As companies work to restore their systems, the global scope of the outage underscores the interconnected nature of modern technology infrastructure.
A US judge has dismissed most of an SEC lawsuit against software company SolarWinds, which accused it of defrauding investors by concealing security weaknesses linked to a Russia-backed cyberattack. Judge Paul Engelmayer ruled that claims against SolarWinds and its chief information security officer, Timothy Brown, were based on ‘hindsight and speculation’ and lacked concrete evidence.
The judge dismissed most claims related to statements made before the cyberattack, except for one regarding a statement on SolarWinds’ website about its security controls. The SEC had alleged that SolarWinds hid its cybersecurity vulnerabilities before the attack and downplayed its severity afterwards. SolarWinds expressed satisfaction with the decision, calling the remaining claim factually inaccurate.
The cyberattack, known as Sunburst, targeted SolarWinds’ Orion software platform and compromised several US government networks, including the Departments of Commerce, Energy, Homeland Security, State, and Treasury. The US government has attributed the attack to Russia, which has denied involvement.
This case, filed last October, was notable for being one of the first where the SEC sued a company that was a victim of a cyberattack without announcing a settlement. It is also rare for the SEC to sue public company executives not closely involved in preparing financial statements.
Google’s Gemini AI has been discovered scanning PDF files on Google Drive without user consent, sparking concerns over AI safety and privacy. Senior Advisor Kevin Bankston revealed that the AI generated a summary of a private tax return without permission, raising significant privacy issues.
Bankston shared his struggles to disable the feature, which continued to operate despite attempts to find the correct controls. The difficulty in managing Gemini’s integration in Google Drive has led to questions about Google’s handling of user data and privacy settings.
Google previously assured users that Workspace data would not be used to train AI or target ads. However, this incident has raised doubts about data hygiene and privacy.
Bankston’s experience suggests that prior participation in Google Workspace Labs might have influenced Gemini’s behaviour, highlighting the need for better user control and consent as AI technology advances.
Germany has finalised a significant agreement with telecom providers to exclude Chinese firms like Huawei and ZTE from its 5G network by 2029, announced Interior Minister Nancy Faeser. The decision, hailed as crucial for digital security in Europe’s largest economy, follows intensive negotiations with Deutsche Telekom, Vodafone, and Telefonica Deutschland. The aim is to safeguard Germany’s critical infrastructure from potential security risks associated with Chinese technology.
Faeser emphasised that Berlin informed Beijing about the agreement and did not anticipate retaliatory actions despite China’s embassy warning Germany of the consequences. The embassy criticised the move as an attempt to stifle competition, asserting that no conclusive evidence has been provided by any country regarding Huawei’s security risks.
The phased-out approach, initially removing Chinese technology from 5G core networks by 2026 and extending to components like antennas by 2029, marks Germany’s delayed adherence to the EU security measures. While telecom operators have resisted the costly transition, Huawei has condemned the politicisation of cybersecurity in Germany. The minister did not disclose further details of the agreement.
NATO has announced the establishment of the NATO Integrated Cyber Defence Centre (NICC) at its headquarters in Belgium, aimed at bolstering the alliance’s cyber defence capabilities. The following move, unveiled during the 2024 NATO Summit in Washington, DC, comes as NATO marks its 75th anniversary. The NICC will serve to alert military commanders about potential cyber threats and vulnerabilities, enhancing the protection of NATO’s networks and operational use of cyberspace.
The decision to create the NICC is driven by the increasing frequency and sophistication of cyberattacks targeting NATO and its member nations, especially following the Russian invasion of Ukraine in 2022. Notable Russian cyber threat actors like APT 29 and APT 28, along with various hacktivist groups, have been responsible for major cyberattacks, including the 2020 SolarWinds hack and recent attacks on tech companies and the EU diplomatic entities.
NATO spokesperson Farah Dakhlallah announced the creation of the NICC on social media, highlighting its role in leveraging advanced technologies to boost situational awareness in cyberspace and enhance collective resilience and defence. The new centre will integrate civilian and military personnel from NATO countries and involve experts from the cybersecurity industry. Additionally, it will incorporate privately owned civilian critical infrastructure to support NATO’s military activities.
The NICC will be based at NATO’s Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium, home to NATO’s Allied Command Operations. Further details about the NICC and its operations are expected to be disclosed in the coming months.
Amazon Web Services (AWS) has announced AWS App Studio, a new generative AI service designed to enable financial institutions, fintech firms, and other organisations to create applications in minutes, a task that would typically take professional developers days.
Revealed at the AWS Summit New York, the service is intended for IT project managers, data engineers, and enterprise architects without software development skills, allowing them to quickly develop and manage internal apps using AWS.
Development resources for custom applications are often scarce, pushing users towards low-code tools, which can have a steep learning curve and may not meet security requirements. AWS App Studio addresses these issues by enabling users to describe the desired application, its functions, and the data sources it should integrate with. Users can make modifications through a point-and-click interface, guided by a generative AI-powered assistant.
AWS App Studio empowers individuals with some technical experience to build enterprise-grade applications without needing to write underlying code. The service generates an outline to verify the user’s intent, creating a multi-page UI, a data model, and business logic.
Dilip Kumar, vice president of applications at AWS, stated that AWS App Studio opens application development to a new set of builders, enhancing productivity for businesses of all sizes by allowing technical professionals to create custom applications tailored to their unique needs.
Australia has instructed all government entities to review their technology assets for risks of foreign control or influence. The directive aims to address increasing cyber threats from hostile states and financially motivated attacks. The Australian Signals Directorate (ASD) recently warned of state-sponsored Chinese hacking targeting Australian networks.
The Department of Home Affairs has issued three legally-binding instructions requiring over 1,300 government entities to identify Foreign Ownership, Control or Influence (FOCI) risks in their technology, including hardware, software, and information systems. The organisations in question must report their findings by June 2025.
Additionally, government entities are mandated to audit all internet-facing systems and services, developing specific security risk management plans. They must also engage with the ASD for threat intelligence sharing by the end of the month, ensuring better visibility and enhanced cybersecurity.
The new cybersecurity measures are part of the Protective Security Policy Framework, following Australia’s ban on TikTok from government devices in April 2023 due to security risks. The head of the Australian Security Intelligence Organisation (ASIO) has highlighted the growing espionage and cyber sabotage threats, emphasising the interconnected vulnerabilities in critical infrastructure.
The Nigerian Government has announced the development of a locally-made blockchain called ‘Nigerium’, designed to secure national data and enhance cybersecurity. The National Information Technology Development Agency (NITDA) is leading this initiative to address concerns about reliance on foreign blockchain technologies, such as Ethereum, which may not align with Nigeria’s interests.
NITDA Director General Kashifu Abdullahi introduced the ‘Nigerium’ project during a visit from the University of Hertfordshire Law School delegation in Abuja. He highlighted the need for a blockchain under Nigeria’s control to maintain data sovereignty and position the country as a leader in the competitive global tech landscape. The project, proposed by the University of Hertfordshire, aims to create a blockchain tailored to Nigeria’s unique requirements and regulatory framework.
The indigenous blockchain offers several advantages, including enhanced security, data control, and economic growth. By managing its own blockchain, Nigeria can safeguard sensitive information, improve cyber defence capabilities, and promote trusted transactions within its digital economy. The collaboration between the private and public sectors is crucial for the success of ‘Nigerium’, marking a significant step towards technological autonomy.
If successful, ‘Nigerium’ could place Nigeria at the forefront of blockchain technology in Africa, ensuring a secure and prosperous digital future. This initiative represents a strategic move towards maintaining data sovereignty and fostering innovation, positioning Nigeria to better control its technological destiny.
Several Macau government websites were hacked, prompting a criminal investigation, Chinese state media reported on Wednesday. The hacked sites included those of the office of the secretary for security, the public security police, the fire services department, and the security forces services bureau, causing service disruptions.
Security officials in Macau’s Special Administrative Region believe the cyberattack originated from overseas. However, no further details have been disclosed at this time.
In response, authorities collaborated with telecommunications operators to restore the affected services as quickly as possible. The investigation into the source of the intrusion is ongoing.
With the instances of scammers using AI-generated photos and videos on dating apps, Bumble has added a new feature that lets users report suspected AI-generated profiles. Now, users can select ‘Fake profile’ and then choose ‘Using AI-generated photos or videos’ among other reporting options such as inappropriate content, underage users, and scams. By allowing users to report such profiles, Bumble aims to reduce the misuse of AI in creating misleading profiles.
Earlier in February this year, Bumble introduced the ‘Deception Detector’, which combines AI and human moderators to detect and eliminate fake profiles and scammers. Following this measure, Bumble has witnessed a 45% overall reduction in reported spam and scams. Another notable feature of Bumble is its ‘Private Detector‘ AI tool that blurs unsolicited nude photos.
Risa Stein, Bumble’s VP of Product, emphasised the importance of creating a safe space and stated, ‘We are committed to continually improving our technology to ensure that Bumble is a safe and trusted dating environment. By introducing this new reporting option, we can better understand how bad actors and fake profiles are using AI disingenuously so our community feels confident in making connections.’
