cybersecurity Archives | Page 18 of 37 | Digital Watch Observatory

Dutch Ministry of Defence expands recruitment of cyber reservists to support national cybersecurity efforts

The Dutch Ministry of Defence has announced plans to expand its cyber defence capabilities by recruiting additional cyber reservists, according to NOS. The initiative is part of the Ministry’s strategy to strengthen cybersecurity expertise within its armed forces, with recruitment efforts scheduled to intensify after the summer. Several reservist positions have already been advertised online.

Cyber reservists are civilian professionals with digital security expertise who contribute part-time to the military’s cyber operations. Typically employed under zero-hour contracts, they may be called upon to support defence activities during evenings, weekends, or specific operational periods, while continuing their civilian careers.

The reservist units are part of the Defence Cyber Command (DCC), which currently consists of six platoons. Reservists may also participate in military exercises in the Netherlands or internationally, including NATO operations, with voluntary deployments.

Recruitment targets for cyber reservists were set at 150 over a ten-year period, but this number has not yet been achieved. According to Defence Ministry officials, interest in these positions has increased following the escalation of global cyber threats, particularly after the Russian invasion of Ukraine, though exact figures remain undisclosed for operational security reasons.

Cybersecurity expert Bert Hubert highlighted the distinct nature of cyber reserve work compared to traditional military reservist roles, emphasising the complexity of effective cyber defence operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CISA extends MITRE’s CVE program for 11 months

The US Cybersecurity and Infrastructure Security Agency (CISA) has extended its contract with the MITRE Corporation to continue operating the Common Vulnerabilities and Exposures (CVE) program for an additional 11 months. The decision was made one day before the existing contract was set to expire.

A CISA spokesperson confirmed that the agency exercised the option period in its $57.8 million contract with MITRE to prevent a lapse in CVE services. The contract, which originally concluded on April 17, includes provisions for optional extensions through March 2026.

‘The CVE Program is invaluable to the cyber community and a priority of CISA,’ the spokesperson stated, expressing appreciation for stakeholder support.

Yosry Barsoum, vice president of MITRE and director of its Center for Securing the Homeland, said that CISA identified incremental funding to maintain operations.

He noted that MITRE remains committed to supporting both the CVE and CWE (Common Weakness Enumeration) programs, and acknowledged the widespread support from government, industry, and the broader cybersecurity community.

The extension follows public concern raised earlier this week after Barsoum issued a letter indicating that program funding was at risk of expiring without renewal.

MITRE officials noted that, in the event of a contract lapse, the CVE program website would eventually go offline and no new CVEs would be published. Historical data would remain accessible via GitHub.

Launched in 1999, the CVE program serves as a central catalogue for publicly disclosed cybersecurity vulnerabilities. It is widely used by governments, private sector organisations, and critical infrastructure operators for vulnerability identification and coordination.

Amid recent uncertainty about the program’s future, a group of CVE Board members announced the formation of a new non-profit organisation — the CVE Foundation — aimed at supporting the long-term sustainability and governance of the initiative.

In a public statement, the group noted that while US government sponsorship had enabled the program’s growth, it also introduced concerns around reliance on a single national sponsor for what is considered a global public good.

The CVE Foundation is intended to provide a neutral, independent structure to ensure continuity and community oversight.

The foundation aims to enhance global governance, eliminate single points of failure in vulnerability management, and reinforce the CVE program’s role as a trusted and collaborative resource. Further information about the foundation’s structure and plans is expected to be released in the coming days.

CISA did not comment on the creation of the CVE Foundation. A MITRE spokesperson indicated the organisation intends to work with federal agencies, the CVE Board, and the cybersecurity community on options for ongoing support.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Report highlights growing cyber risks to aviation

A recent report by the Foundation for Defense of Democracies notes that while both government agencies and private sector actors have taken steps to strengthen cybersecurity in aviation, the increasing demands on outdated systems are outpacing current mitigation efforts.

Commercial aviation is operating at near full capacity, placing strain on legacy technologies and logistical frameworks.

According to Jiwon Ma, senior policy analyst at the Foundation for Defense of Democracies’ Center on Cyber and Policy Innovation, these pressures can result in major disruptions even in the absence of cyberattacks.

Ma referenced past incidents such as the 2022 Southwest Airlines operational failure and the widespread IT outage linked to CrowdStrike in 2024.

As part of the Biden administration’s national cybersecurity strategy, the Transportation Security Administration (TSA) implemented new aviation security measures in 2023.

The Federal Aviation Administration (FAA) declined to detail its specific cybersecurity practices, but a spokesperson stated that the agency employs a comprehensive approach to protect the National Airspace System in coordination with federal and private partners.

The report emerges amid a series of cybersecurity incidents affecting aviation and related infrastructure. In July 2024, Delta Air Lines cancelled thousands of flights due to a software update failure attributed to CrowdStrike, resulting in a $500 million lawsuit against the company.

In August 2024, Seattle-Tacoma International Airport experienced disruptions linked to a Rhysida ransomware attack, which affected key services and prompted the Port of Seattle to issue data breach notifications to approximately 90,000 individuals.

Boeing has also been targeted in recent years, including a 2023 ransomware attack by LockBit that resulted in data leaks, and a 2022 cyber incident affecting its Jeppesen subsidiary, which provides flight navigation and planning tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

MITRE’s CVE program faces funding expiry, raising cybersecurity concerns

A cornerstone of the global cybersecurity ecosystem is facing an uncertain future. US government funding for MITRE Corporation to operate and maintain the Common Vulnerabilities and Exposures (CVE) program is set to expire, an unprecedented development that could significantly disrupt how security flaws are identified, tracked, and mitigated worldwide.

Launched in 1999, the CVE program has become the de facto international standard for cataloging publicly known software vulnerabilities. Managed by MITRE under sponsorship from the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the program has published over 274,000 CVE records to date.

MITRE has warned that the lapse in funding will not only halt its ability to continue developing and modernizing the CVE system but could also impact related initiatives such as the Common Weakness Enumeration (CWE). These tools are essential for vulnerability classification, secure coding practices, and prioritisation of cybersecurity risks.

While Barsoum noted that the US government is working to find a resolution, the looming gap has already prompted independent action. Cybersecurity firm VulnCheck, which acts as a CVE Numbering Authority (CNA), has preemptively reserved 1,000 CVEs for 2025 in an effort to maintain continuity.

Industry experts warn the consequences could be far-reaching. Despite the challenges, MITRE has affirmed its commitment to the CVE program and its role as a global resource. However, unless a new funding arrangement is secured, the future of this foundational infrastructure remains in question.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NATO allies strengthen cyber defenses against critical infrastructure threats

Between 7 and 11 April, representatives from 20 allied governments and national agencies participated in a NATO-led exercise designed to strengthen mutual support in the cyber domain.

The activity aimed to improve coordination and collective response mechanisms for cyber incidents affecting critical national infrastructure. Through simulated threat scenarios, participants practised real-time information exchange, joint decision-making, and coordinated response planning.

According to NATO, cyber activities targeting critical infrastructure, industrial control systems, and public sector services have increased in frequency.

Such activities are considered to serve various objectives, including information gathering and operational disruption.

The role of cyber operations in modern conflict gained increased attention following Russia’s actions in Ukraine in 2022, where cyber activity was observed alongside traditional military operations.

Hosted by Czechia, the exercise served to test NATO’s Virtual Cyber Incident Support Capability (VCISC), a coordination platform introduced at the 2023 Vilnius Summit.

VCISC enables nations to request and receive cyber assistance from designated counterparts across the Alliance.

The support offered includes services such as malware analysis, cyber threat intelligence, and digital forensics. However, the initiative is voluntary, with allies contributing national resources and expertise to mitigate the impact of significant cyber incidents and support recovery.

Separately, in January 2025, the US officials met with her Nordic-Baltic counterparts from Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Norway, and Sweden.

Discussions centred on enhancing regional cooperation to safeguard undersea cable infrastructure—critical to communications and energy systems. Participants noted the broadening spectrum of threats to these assets.

In parallel, NATO launched the Baltic Sentry to reinforce the protection of critical infrastructure in the Baltic Sea region. The initiative is intended to bolster NATO’s posture and improve its capacity to respond promptly to destabilising activities.

In July 2024, NATO also announced the expansion of the role of its Integrated Cyber Defence Centre (NICC).

The Centre is tasked with enhancing the protection of NATO and allied networks, as well as supporting the operational use of cyberspace. It provides commanders with insights into potential cyber threats and vulnerabilities, including those related to civilian infrastructure essential to military operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DW Weekly #207 – China disagrees with Trump over $54B TikTok deal due to tariffs rise

6 – 14 April 2025

People, Person, Crowd, Face, Head, Audience

Dear readers,

Last week, we saw the TikTok saga unfold as the Chinese government has not agreed to sell the ByteDance daughter company to a US majority TikTok entity, so US President Donald Trump extended the deadline to find a non-Chinese buyer by another 75 days, pushing the cutoff to mid-June after a near-miss on 5 April.

Amid the tariff rise turmoil, President Donald Trump’s administration has granted exemptions from steep tariffs on smartphones, laptops, and other electronics, relieving tech giants like Apple and Dell.

The cryptocurrency landscape was waved by a blockchain analytics firm, which has alleged that the team behind the Melania Meme (MELANIA) cryptocurrency moved $30 million worth of tokens, allegedly taken from community reserves without explanation.

In the ever-evolving world of AI, two leading AI systems, OpenAI’s GPT-4.5 and Meta’s Llama-3.1, have passed a key milestone by outperforming humans in a modern version of the Turing Test.

On the cybersecurity stage, Oracle Health has reportedly suffered a data breach that compromised sensitive patient information stored by US hospitals.

The European Union has firmly ruled out dismantling its strict digital regulations in a bid to secure a trade deal with Donald Trump. Henna Virkkunen, the EU’s top official for digital policy, said the bloc remained fully committed to its digital rulebook instead of relaxing its standards to satisfy US demands.

Meta’s existence is threatened by a colossal antitrust trial which commenced in Washington, with the US Federal Trade Commission (FTC) arguing that the company’s acquisitions of Instagram in 2012 and WhatsApp in 2014 were designed to crush competition with monopoly aims instead of fostering innovation.

Elon Musk’s legal saga with OpenAI intensifies, as OpenAI has filed a countersuit accusing the billionaire entrepreneur of a sustained campaign of harassment intended to damage the company and regain control over its AI developments.

For the main updates and reflections, consult the Radar and Reading Corner below.

DW Team

RADAR

Highlights from the week of 6 – 14 April 2025

Former Facebook executive says Meta misled over China

Wynn-Williams says Meta executives prioritised business growth in China over national security.

Algorithms confront tariffs featured image

Tech stocks rally after Trump halts tariffs

The Nasdaq jumped over 12%, its best day in decades, following a temporary halt on trade tariffs by the Trump administration.

DeepSeek highlights the risk of data misuse

Data stored today could be vulnerable to decryption in the near future.

Meta to block livestreaming for under 16s without parental permission

Instagram users under 16 won’t be able to livestream or view blurred nudity in messages unless approved by a parent, Meta announced.

openAI Sam Altman TED 2025 ChatGPT users

ChatGPT hits 800 million users after viral surge

OpenAI is developing agents that can act autonomously on behalf of users, with safeguards.

Google rolls out AI to improve US power grid connections

Energy connection delays face AI-powered fix through Google’s new initiative.

Google offers steep discounts to US federal agencies

The 71% discount on Google Workspace is part of a cost-cutting initiative under President Trump’s government reform, targeting federal spending efficiency.

Japan’s FSA proposes new framework for regulating crypto assets in Japan

A discussion paper on crypto regulation in Japan highlights issues like market access, insider trading, and classification of assets into funding and non-funding categories.

Microsoft pauses $1 billion data centre project in Ohio

As AI demand shifts, Microsoft has slowed down major data centre projects, including the one in Ohio, and plans to invest $80 billion in AI infrastructure this year.

View all updates

READING CORNER

Navigating the AI maze: How to choose the right AI platform or tool – Diplo

With over 10,000 AI applications available, selecting the right AI tool can be daunting. Diplo advocates starting with a ‘good enough’ tool to avoid paralysis by analysis, tailoring it to specific needs through practical use.

Don’t waste the crisis: How AI can help reinvent International Geneva – Diplo

International Geneva faces significant challenges, including financial constraints, waning multilateralism, and escalating geopolitical tensions. To remain relevant, it must embrace transformative changes, particularly through Artificial Intelligence (AI).

Microsoft at 50 – A journey through code, cloud, and AI

Founded by Bill Gates and Paul Allen in 1975, Microsoft grew from a small startup into the world’s largest software company. Through strategic acquisitions, the company expanded into diverse sectors,…

On the origins of ideas – Diplo

Do ideas have origins? From medieval communes to WWI, Aldo Matteucci shows how political thought, like a river, is shaped by experience, institutions, and historical context — not just theory.

UPCOMING EVENTS

www.diplomacy.edu

GITEX Africa 2025 – Diplo Event

GITEX Africa 2025 Jovan Kurbalija will participate at GITEX Africa (14-16 April 2025 in Marrakech, Morocco).

www.diplomacy.edu

Tech attache briefing: WSIS+20 and AI governance negotiations – Updates and next steps – Diplo Event

Tech attache briefing: WSIS+20 and AI governance negotiations – Updates and next steps. The event is part of a series of regular briefings the Geneva

Internet Platform (GIP) is delivering for diplomats at permanent missions and delegations in Geneva following digital policy issues. It is an invitation-only event.

23 April 2025

Demystifying AI: How to prepare international organisations for AI transformation?

The event will provide a timely discussion on methods, approaches, and solutions for AI transformation of International Organisaitons.

dig.watch

WIPO Conversation 11: AI and IP: Infrastructure for rights holders and innovation

WIPO’s 11th Conversation on IP and AI will take place on April 23-24, 2025, focusing on the role of copyright infrastructure in supporting both rights holders and AI-driven innovation. As…

Malware hidden in fake Office add-ins targets crypto users

Hackers are using bogus Microsoft Office extensions uploaded to SourceForge to spread malware. Cybersecurity firm Kaspersky has warned that the malware is designed to steal cryptocurrency.

One listing, posing as ‘officepackage,’ contains genuine Office add-ins. However, it also hides ClipBanker — a virus that swaps copied crypto wallet addresses with those belonging to attackers.

The malware tricks users by mimicking legitimate Office add-in pages, complete with download buttons and developer-style layouts. Once installed, ClipBanker monitors the clipboard and replaces wallet addresses without users’ knowledge.

It also gathers IP addresses, usernames, and system data, which it sends to the attackers via Telegram. In some cases, the virus checks for antivirus software or previous infections and self-deletes if detected.

Kaspersky noted that the malicious files are suspiciously small or padded with junk data to appear legitimate. While the primary goal is to steal cryptocurrency, attackers may sell access to infected systems to other malicious actors.

The malware’s interface is in Russian, and most victims so far — over 4,600 — have been located in Russia.

To stay safe, Kaspersky advises downloading software only from trusted sources. The company noted a growing trend of hackers hiding malware in pirated or unofficial software to exploit users chasing free apps.

For more information on these topics, visit diplomacy.edu.

Apple challenges UK government over encrypted iCloud access order

A British court has confirmed that Apple is engaged in legal proceedings against the UK government concerning a statutory notice linked to iCloud account encryption. The Investigatory Powers Tribunal (IPT), which handles cases involving national security and surveillance, disclosed limited information about the case, lifting previous restrictions on its existence.

The dispute centres on a government-issued Technical Capability Notice (TCN), which, according to reports, required Apple to provide access to encrypted iCloud data for users in the UK. Apple subsequently removed the option for end-to-end encryption on iCloud accounts in the region earlier this year. While the company has not officially confirmed the connection, it has consistently stated it does not create backdoors or master keys for its products.

The government’s position has been to neither confirm nor deny the existence of individual notices. However, in a rare public statement, a government spokesperson clarified that TCNs do not grant direct access to data and must be used in conjunction with appropriate warrants and authorisations. The spokesperson also stated that the notices are designed to support existing investigatory powers, not expand them.

The IPT allowed the basic facts of the case to be released following submissions from media outlets, civil society organisations, and members of the United States Congress. These parties argued that public interest considerations justified disclosure of the case’s existence. The tribunal concluded that confirming the identities of the parties and the general subject matter would not compromise national security or the public interest.

Previous public statements by US officials, including the former President and the current Director of National Intelligence, have acknowledged concerns surrounding the TCN process and its implications for international technology companies. In particular, questions have been raised regarding transparency and oversight of such powers.

Legal academics and members of the intelligence community have also commented on the broader implications of government access to encrypted platforms, with some suggesting that increased openness may be necessary to maintain public trust.

The case remains ongoing. Future proceedings will be determined once both parties have reviewed a private judgment issued by the court. The IPT is expected to issue a procedural timetable following input from both Apple and the UK Home Secretary.

For more information on these topics, visit diplomacy.edu.

Hackers exploit ESET vulnerability to deploy malware, Kaspersky warns

A recently disclosed software vulnerability in ESET security products has been identified as a potential vector for discreet malware installation, according to findings published by the cybersecurity company Kaspersky.

Catalogued as CVE-2024-11859, the flaw permits the execution of a malicious dynamic-link library (DLL) by leveraging ESET’s own antivirus scanning process. If exploited, the technique allows unauthorised code to run silently, bypassing standard system warnings and activity logs.

ESET, headquartered in Slovakia, acknowledged the issue in an advisory and issued a software update addressing the flaw. The company assigned it a medium severity rating, with a Common Vulnerability Scoring System (CVSS) score of 6.8 out of 10. ESET further indicated there is no current evidence that the vulnerability has been actively exploited in operational environments.

Kaspersky attributed the technique to a threat actor group known as ToddyCat, which has been observed since 2020 conducting operations against governmental and defence-related targets. While Kaspersky referenced the use of two specific DLLs in its analysis, ESET reported that it had not received samples of the files and could not independently confirm the attribution.

The malicious tool deployed in this case, named TCDSB by researchers, was disguised as a legitimate Windows DLL and designed to evade monitoring tools. The code appears to be a modified variant of EDRSandBlast, a known framework used to circumvent endpoint detection systems.

Modifications introduced in TCDSB are believed to enable interference with operating system components, suppressing alerts typically generated when new processes are initiated or external files loaded. Kaspersky reported multiple instances of the tool but did not identify affected organisations.

While no specific nation-state connection has been confirmed, ToddyCat has previously been associated with activities targeting institutions in Europe and Asia, as well as digital infrastructure in locations such as Taiwan and Vietnam. Some prior research has linked the group to broader cyber-espionage efforts attributed to Chinese interests.

According to ESET, successful use of the CVE-2024-11859 vulnerability requires existing administrative access to the target system, limiting the attack vector to post-compromise scenarios.

Kaspersky noted that the group employs a range of tunnelling techniques for data exfiltration, including abuse of virtual private networks and cloud services, often maintaining multiple exfiltration routes to ensure persistence even when individual channels are disrupted.

For more information on these topics, visit diplomacy.edu.

Osney Capital invests in the UK’s cybersecurity innovation

Osney Capital has launched the UK’s first specialist cybersecurity seed fund, focused on investing in promising cybersecurity startups at the Pre-Seed and Seed stages.

The fund, which raised more than its initial £50 million target, will write cheques between £250k and £2.5 million and has the capacity for follow-on investments in Series A rounds.

Led by Adam Cragg, Josh Walter, and Paul Wilkes, the Osney Capital team brings decades of experience in cybersecurity and early-stage investing. Instead of relying on generalist investors, the fund will offer tailored support to early-stage companies, addressing the unique challenges in the cybersecurity sector.

The UK cybersecurity industry has grown to £13.2 billion in 2025, driven by complex cyber threats, regulatory pressures, and the rapid adoption of AI. The fund aims to capitalise on this growth, tapping into the strong talent pipeline boosted by UK universities and specialised cybersecurity programs.

Supported by cornerstone investments from the British Business Bank and accredited by the UK’s National Security Strategic Investment Fund, Osney Capital’s mission is to back the next generation of cybersecurity founders and help them scale globally competitive businesses.

For more information on these topics, visit diplomacy.edu.