Privacy and data protection

Ukrzaliznytsia shifts to offline ticket sales after IT system failure

Ukraine’s state-owned railway company, Ukrzaliznytsia, has been hit by a large-scale cyberattack, affecting its online systems.

While train services remain operational without delays, the company has been working to restore its IT infrastructure. Passengers were advised to buy tickets offline on Monday as backups were recovered.

The cyberattack, described by Ukrzaliznytsia as ‘systemic, non-trivial and multi-level,’ was first reported on Sunday.

The railway has become a critical part of Ukraine’s transport network since the Russian invasion in 2022, with airspace closed and trains serving as the primary mode of domestic and international travel. Last year, it transported 20 million passengers and 148 million tonnes of freight.

Efforts to fully restore online systems are ongoing as authorities investigate the incident.

Cyberattacks targeting Ukraine’s infrastructure have increased since the start of the war, with railways playing a crucial role in both civilian and military logistics. Officials have not yet attributed responsibility for the attack.

For more information on these topics, visit diplomacy.edu.

Meta agrees to halt targeted ads in landmark UK privacy case

Meta, the owner of Facebook and Instagram, has agreed to stop targeting a UK citizen with personalised adverts as part of a settlement in a landmark privacy case.

The case, which avoided a high court trial, was brought by human rights campaigner Tanya O’Carroll in 2022, who claimed Meta had violated UK data laws by processing her personal data for targeted advertising without her consent.

O’Carroll’s case received support from the UK’s data watchdog, the Information Commissioner’s Office (ICO), which stated that users have the right to opt out of targeted ads.

The settlement has been hailed as a victory for O’Carroll, with potential implications for millions of social media users in the UK. Meta, however, disagreed with the claims. Instead of this, the company was considering introducing a subscription model in the UK for users who want an advert-free version of its platforms.

The ICO’s stance in favour of privacy rights could prompt similar lawsuits in the future, as users are increasingly demanding control over how their data is used online.

O’Carroll argued that the case demonstrated the growing desire for more control over surveillance advertising and said that the ICO’s support could encourage more people to object to targeted ads.

Meta, which generates most of its revenue from advertising, emphasised that it took its privacy obligations seriously and was exploring the option of a paid, ad-free service for UK users.

For more information on these topics, visit diplomacy.edu.

AI agents take centre stage in Oracle fusion

Oracle has launched its AI Agent Studio, a new platform designed to let businesses orchestrate and customise AI agents within its Fusion Applications suite.

Announced during the OracleCloud World Tour in London, the studio enables companies to coordinate teams of AI agents that handle tasks across enterprise resource planning, HR, supply chain, and customer experience systems.

The AI Agent Studio allows businesses to adapt prebuilt Oracle agents to suit their own processes. Users can modify agents by adjusting logic, integrating external tools, or adding custom prompts.

It also offers flexibility in choosing from a range of large language models optimised for Oracle or industry-specific use cases, such as Llama and Cohere.

Oracle’s move builds on earlier AI deployments in its cloud applications, where agents have been embedded to manage routine operations like invoice processing or recruitment steps.

The new platform advances that effort by allowing these agents to operate collaboratively and be tailored to more complex workflows.

Industry leaders including Accenture, Deloitte, and PwC have praised the development, calling it a significant step toward smarter enterprise automation.

Analysts echo this sentiment, noting that Oracle’s approach allows businesses to maximise AI efficiency across departments without added cost, offering a powerful edge in today’s rapidly evolving digital workplace.

For more information on these topics, visit diplomacy.edu.

Hackers use fake Semrush ads to steal Google accounts

Cybercriminals are using fake adverts for popular SEO platform Semrush to trick users into giving up access to their Google accounts, researchers have warned.

The malvertising campaign features ads that link to a bogus Semrush login page, which only allows users to sign in via Google, a tactic designed to steal high-value credentials.

According to Malwarebytes, Semrush accounts are often linked to critical Google services such as Analytics and Search Console.

These tools store confidential business insights, which threat actors could exploit for strategic and financial gain. The scammers may also access names, phone numbers, business details, and partial card information through compromised Semrush accounts.

By impersonating Semrush support, attackers could deceive users into revealing full card details under the pretence of payment or billing updates. However, this may open the door to wider fraud, such as redirecting funds from vendors or business partners.

With Semrush serving over 117,000 customers, including a significant share of Fortune 500 firms, the attack underscores the growing risks of malvertising on platforms like Google.

Security experts are urging businesses to tighten account access controls and remain cautious when engaging with search ads, even from seemingly reputable brands.

For more information on these topics, visit diplomacy.edu.

MetaAI rolls out in Europe after regulatory hurdles

MetaAI, Meta’s AI chat function, is set to launch across Europe after delays caused by regulatory scrutiny regarding the use of personal data to train its models.

The European Commission is reviewing a risk assessment from Meta to ensure that the new feature complies with the EU’s Digital Services Act (DSA). However, this regulation mandates companies to submit risk assessments in advance of deploying new functions.

MetaAI was first launched in the US in September 2023, followed by India in June 2024, and the UK in October.

However, its European rollout was delayed last summer after the Irish Data Protection Commission raised concerns about using data from Facebook and Instagram users for AI training.

Meta faced criticism over Europe’s regulatory approach, with company officials, including CEO Mark Zuckerberg, expressing frustration with the delays.

Despite the regulatory hurdles, Meta is now moving forward with its plans to bring MetaAI to the EU, with the company noting that the process has taken longer than expected due to Europe’s complex regulatory landscape.

For more information on these topics, visit diplomacy.edu.

Apple plans to add cameras to future Apple Watch

Apple is reportedly planning to introduce cameras to its Apple Watch lineup within the next two years, integrating advanced AI-powered features like Visual Intelligence.

According to Bloomberg’s Mark Gurman, the standard Apple Watch Series will have a camera embedded within the display, while the Apple Watch Ultra will feature one on the side near the digital crown.

These cameras will allow the smartwatch to observe its surroundings and use AI to provide real-time, useful information to users.

Apple is also exploring similar camera technology for future AirPods, aiming to enhance their functionality with AI-driven capabilities.

The concept builds on the Visual Intelligence feature introduced with the iPhone 16, which allows users to extract details from flyers, identify locations, and more using the phone’s camera.

While the current system relies on external AI models, Apple is working on its in-house AI technology, and it is expected to power these features by 2027, when the camera-equipped Apple Watch and AirPods are likely to be released.

The move is part of Apple’s broader push into AI, led by Mike Rockwell, who previously spearheaded the Vision Pro project.

Rockwell is now overseeing the upgrade of Siri’s language model, which has faced delays, and contributing to visionOS, the operating system expected to support AI-enhanced AR glasses in the future. Apple’s increasing focus on AI suggests a shift towards more intelligent, context-aware wearable devices.

For more information on these topics, visit diplomacy.edu.

New Airbyte connectors support AI and data privacy

San Francisco-based data startup Airbyte has unveiled a new set of enterprise tools aimed at helping companies move and manage data more securely, especially as AI becomes more central to operations. The updates, announced Thursday, include new connectors for apps such as NetSuite, SAP, and ServiceNow, as well as support for extracting unstructured data from platforms like Google Drive and SharePoint.

A key highlight of the release is compatibility with Apache Iceberg, an open-source format that enables businesses to centralise data into a single, AI-compatible “lakehouse.” This allows companies to better control how and where their data flows while preserving the flexibility needed for high-performance analytics and machine learning.

Airbyte co-founder and CEO Michel Tricot stressed the importance of data sovereignty in an AI-driven era. He noted that while AI tools can be powerful, giving away sensitive internal data, like employee compensation or strategic business metrics, to external services is a risk many companies are no longer willing to take. Airbyte’s approach ensures that only the enterprise sees and manages its data pipelines.

Founded in 2020, Airbyte now serves over 7,000 enterprise clients, including names like Invesco and Calendly, and has secured more than $181 million in funding. As businesses continue to prioritise secure, scalable infrastructure for AI, Airbyte’s offerings are positioning it as a go-to partner for data portability without compromise.

For more information on these topics, visit diplomacy.edu.

Apple accused of misleading AI advertising

Apple is facing a class-action lawsuit in the United States over delays in delivering its much-promoted Apple Intelligence features.

The legal action, filed in a US based San Jose federal court, claims the company misled customers by advertising advanced AI tools that have yet to materialise on supported devices.

The complaint argues that buyers of new iPhones and other Apple products were promised ‘transformative’ AI capabilities at launch, only to find these features were either severely limited or completely absent.

According to the plaintiffs, Apple’s marketing created a “reasonable consumer expectation” that was ultimately not met.

This legal challenge adds to mounting pressure on the company, which has struggled to roll out its next-generation AI tools.

A recent Bloomberg report suggested internal tensions, revealing that CEO Tim Cook has reportedly lost confidence in AI chief John Giannandrea’s ability to deliver on the company’s ambitions.

The case reflects growing scrutiny of tech firms’ promises around AI, especially as consumer trust becomes more closely tied to the reality behind flashy announcements.

For more information on these topics, visit diplomacy.edu.

US judge says Social Security unlawfully shared data with Musk’s aides

A federal judge has ruled that the Social Security Administration (SSA) likely violated privacy laws by granting Elon Musk’s Department of Government Efficiency (DOGE) unrestricted access to millions of Americans’ personal data.

The ruling halts further data sharing and requires DOGE to delete unlawfully accessed records. United States District Judge Ellen Lipton Hollander stated that while tackling fraud is important, government agencies must not ignore privacy laws to achieve their goals.

The case has drawn attention to the extent of DOGE’s access to sensitive government databases, including Numident, which contains detailed personal information on Social Security applicants.

The SSA’s leadership allowed DOGE staffers to review vast amounts of data in an effort to identify fraudulent payments. Critics, including advocacy groups and labour unions, argue that the process lacked proper oversight and risked compromising individuals’ privacy.

The ruling marks a major legal setback for DOGE, which has been expanding its influence across multiple federal agencies. The White House condemned the decision, calling it judicial overreach, while SSA officials indicated they would comply with the order.

The controversy highlights growing concerns over government data security and the limits of executive power in managing public records.

For more information on these topics, visit diplomacy.edu.

Cyberattack exploits a flaw in ZoneAlarm’s vsdatant.sys driver

A sophisticated cyberattack has targeted vulnerabilities in the vsdatant.sys driver, a component of Checkpoint’s ZoneAlarm antivirus software, allowing attackers to bypass critical Windows security features.

The driver, released in 2016, has been exploited in a Bring Your Own Vulnerable Driver (BYOVD) attack, enabling attackers to elevate privileges and access sensitive data.

The vsdatant.sys driver operates with high kernel-level privileges, containing long-known vulnerabilities that allow attackers to exploit crafted Interrupt Request Packets (IRPs).

These flaws, affecting versions of the driver prior to 7.0.362, allow for arbitrary code execution by improperly validating arguments passed to system function handlers.

BYOVD attacks have become increasingly common, with attackers leveraging legitimate but vulnerable drivers to bypass security measures undetected.

In this case, attackers were able to disable Windows’ Memory Integrity feature, which is designed to protect critical system processes.

By exploiting flaws in vsdatant.sys, the attackers gained full access to the compromised system, enabling them to steal sensitive information.

To mitigate the risk of such attacks, security experts recommend implementing driver blocklisting, enabling Memory Integrity, and ensuring that all security products are kept up to date.

Users are urged to update their ZoneAlarm installations to the latest version to avoid exposure to these vulnerabilities.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.