Dragos and Singapore’s Digital and Intelligence Service (DIS) are collaborating to enhance cybersecurity capabilities through a strategic partnership focusing on planning, training, and exchanging information about cyber threats. The agreement, announced during the Critical Infrastructure Defence Exercise (CIDeX) 2024, aims to fortify the defence of Singapore’s critical infrastructure and increase its resilience to cyber attacks.
The partnership builds on Dragos’s long-standing collaboration with Singapore, including a previous agreement in August 2023 with the Cyber Security Agency (CSA) to improve operational technology (OT) cybersecurity. DIS emphasised the importance of expanding cybersecurity partnerships across sectors, while Dragos commended Singapore’s proactive approach to cybersecurity as an example for other nations to follow.
That partnership underscores the shared commitment of both parties to secure critical infrastructure amid an evolving cyber threat landscape. By leveraging their expertise, Dragos and DIS aim to provide Singapore with the necessary tools and knowledge to navigate emerging challenges, ensuring the protection of its infrastructure and citizens.
Hong Kong is advancing its digital economy and smart city initiatives, striving to become a global leader in digital transformation. To support this vision, the Hong Kong Institute of Information Technology (HKIIT) and the Office of the Government Chief Information Officer (OGCIO) have partnered to enhance digital literacy, strengthen cybersecurity, and promote digital transformation in public and government sectors.
The collaboration focuses on specialised training programs covering emerging technologies, cybersecurity, and data analytics to equip public sector employees and industry professionals with critical skills. Practical exercises like real-world cybersecurity simulations aim to improve awareness and resilience against cyber threats. Additionally, data literacy training is prioritised to help public employees utilise data for decision-making and service improvement, aligning with Hong Kong’s goals of innovation and efficiency.
Beyond training, community events like competitions and seminars promote digital awareness, fostering a culture of innovation and collaboration. The initiative builds on prior efforts, such as the ‘Cyber Security Drill 2024’ and certification programs, while future plans aim to expand its reach across more government departments and organisations.
The Vocational Training Council (VTC), Hong Kong’s largest provider of vocational and professional education, plays a key role in these efforts by supporting the city’s innovation agenda and equipping individuals with the skills needed to succeed in a rapidly evolving digital landscape. Through partnerships like the one with OGCIO, VTC institutions such as HKIIT contribute to strengthening the city’s workforce and ensuring its readiness for the challenges of digital transformation.
The White House unveiled a new label, the Cyber Trust Mark, for internet-connected devices like smart thermostats, baby monitors, and app-controlled lights. This new shield logo aims to help consumers evaluate the cybersecurity of these products, similar to how Energy Star labels indicate energy efficiency in appliances. Devices that display the Cyber Trust Mark will have met cybersecurity standards set by the US National Institute of Standards and Technology (NIST).
As more household items, from fitness trackers to smart ovens, become internet-connected, they offer convenience but also present new digital security risks. Anne Neuberger, US Deputy National Security Advisor for Cyber, explained that each connected device could potentially be targeted by cyber attackers. While the label is voluntary, officials hope consumers will prioritise security and demand the Cyber Trust Mark when making purchases.
The initiative will begin with consumer devices like cameras, with plans to expand to routers and smart meters. Products bearing the Cyber Trust Mark are expected to appear on store shelves later this year. Additionally, the Biden administration plans to issue an executive order by the end of the president’s term, requiring the US government to only purchase products with the label starting in 2027. The program has garnered bipartisan support, officials said.
Israeli cybersecurity companies raised $4 billion in 2024, more than doubling the previous year’s total, according to venture capital firm YL Ventures. The sector, a key driver of Israel’s economy, saw strong investment growth despite geopolitical challenges. Cloud security and AI played a significant role in attracting funding, with early-stage startups securing $400 million across 50 seed rounds.
Investment in later-stage cybersecurity firms also surged, with growth-stage funding rounds raising $2.9 billion—an increase of 300% from 2023. The expansion reflects growing global confidence in Israel’s cybersecurity industry, which is increasingly recognised as a leader in the field. YL Ventures highlighted the role of Israeli military intelligence units in fostering a culture of innovation and entrepreneurship that strengthens the sector.
The ongoing war following Hamas’s October 2023 attack has added pressure on tech founders, many of whom have been called into military service. Industry leaders have had to navigate operational challenges while maintaining business continuity. Looking ahead to 2025, venture capital firms anticipate continued investment growth, particularly in early and mid-stage funding rounds, as cybersecurity remains a global priority.
Recent reports reveal that Chinese hackers have compromised a broader range of US telecommunications companies than previously known. In addition to earlier breaches involving AT&T and Verizon, the cyberattacks have now been found to affect Charter Communications, Consolidated Communications, Windstream, Lumen Technologies, and T-Mobile. The hacking group, identified as Salt Typhoon and linked to Chinese intelligence, exploited vulnerabilities in network devices from security vendors such as Fortinet and Cisco Systems.
The Wall Street Journal reports that US National Security Adviser Jake Sullivan informed telecommunications and technology executives in a confidential meeting in late 2023 that these hackers had developed the capability to disrupt critical US infrastructure, including ports and power grids. While companies like AT&T and Verizon have stated that their networks are now secure and that they are collaborating with law enforcement, concerns persist about the extent and impact of these breaches.
China has denied involvement in these cyber activities, accusing the United States of disseminating disinformation. Nonetheless, the revelations have intensified discussions about national security and the resilience of US critical infrastructure against sophisticated cyber threats. The situation underscores the ongoing challenges in safeguarding sensitive communications and infrastructure from state-sponsored cyber espionage.
Healthcare organizations in the US may face stricter cybersecurity rules to address the growing threat of data breaches. Proposals introduced by the Biden administration seek to prevent sensitive patient information from being leaked through hacking or ransomware attacks. Measures include mandatory encryption and compliance checks to enhance network security.
Data breaches have exposed the healthcare information of over 167 million people in 2023 alone, according to Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology. The updated standards, introduced by the Office for Civil Rights under the Health Insurance Portability and Accountability Act (HIPAA), are estimated to cost $9 billion in the first year and $6 billion annually in subsequent years.
Officials highlighted the rising danger of healthcare cyberattacks, with hacking and ransomware incidents increasing by 89% and 102% respectively since 2019. Hospitals often face operational disruption, while leaked data can lead to blackmail. A 60-day public comment period will allow stakeholders to provide input before finalising the rules.
The new standards are designed to safeguard healthcare networks and protect Americans’ private information, including mental health records. Strengthened cybersecurity is expected to reduce vulnerabilities and ensure the safety of critical healthcare systems.
The Diriyah Company has partnered with the Saudi Federation for Cybersecurity, Programming, and Drones (SAFCSP) to enhance the city’s digital security and align with the goals of Saudi Vision 2030. That collaboration aims to protect Diriyah’s digital infrastructure as it transforms into a cultural and heritage hub.
As part of the agreement, Diriyah Co. will join BugBounty, the Middle East’s first cybersecurity research platform, to identify and address software vulnerabilities. Additionally, the partnership includes initiatives such as conferences, workshops, and public awareness campaigns to foster a culture of cybersecurity.
To further strengthen capabilities, SAFCSP will provide Diriyah Co. access to its professional database for recruiting cybersecurity specialists. It will also offer specialised training programs to employees and identify top-performing students for advanced training opportunities.
The partnership supports innovation and collaboration across government and private sectors by integrating advanced cybersecurity measures and prioritising talent development. These efforts aim to create a secure and sustainable digital future for Diriyah, empowering the next generation with advanced technology and driving cultural, economic, and technological growth in line with Saudi Vision 2030.
OpenAI’s ChatGPT search tool is under scrutiny after a Guardian investigation revealed vulnerabilities to manipulation and malicious content. Hidden text on websites can alter AI responses, raising concerns over the tool’s reliability. The search feature, currently available to premium users, could misrepresent products or services by summarising planted positive content, even when negative reviews exist.
Cybersecurity researcher Jacob Larsen warned that the AI system in its current form might enable deceptive practices. Tests revealed how hidden prompts on webpages influence ChatGPT to deliver biased reviews. The same mechanism could be exploited to distribute malicious code, as highlighted in a recent cryptocurrency scam where the tool inadvertently shared credential-stealing instructions.
Experts emphasised that while combining search with AI models like ChatGPT offers potential, it also increases risks. Karsten Nohl, a scientist at SR Labs, likened such AI tools to a ‘co-pilot’ requiring oversight. Misjudgments by the technology could amplify risks, particularly as it lacks the ability to critically evaluate sources.
OpenAI acknowledges the possibility of errors, cautioning users to verify information. However, broader implications, such as how these vulnerabilities could impact website practices, remain unclear. Hidden text, while traditionally penalised by search engines like Google, may find new life in manipulating AI-based tools, posing challenges for OpenAI in securing the system.
The United Nations General Assembly has adopted a landmark treaty to combat cybercrime, marking the culmination of five years of negotiations. The UN Convention against Cybercrime is set to become the first global instrument for global efforts to combat cybercrime and enhance international cooperation and technical assistance.
The UN Office on Drugs and Crime (UNODC), which acted as secretariat throughout the negotiations, celebrated the treaty as a victory for global cooperation.
‘Adopting this landmark convention is a major victory for multilateralism, marking the first international anti-crime treaty in 20 years. It is a crucial step forward in our efforts to address crimes like online child sexual abuse, sophisticated online scams and money laundering,’ said UNODC Executive Director Ghada Waly.
The General Assembly adopted the resolution by consensus, underscoring widespread support. Negotiations included contributions from civil society, academia, and the private sector, ensuring the treaty reflects diverse perspectives. However, many non-state actors raisedconcerns about the latest draft.
The treaty will open for signature during a formal ceremony in Vietnam in 2025 and will enter into force 90 days after being ratified by at least 40 member states. In addition, UNODC will continue its role as the secretariat for the Ad Hoc Committee, which is tasked with drafting a supplementary protocol to the Convention and supporting the future Conference of States Parties.
For more details about the Convention and negotiations process, please follow the dedicated page.
A recent cybersecurity breach involving US healthcare platform ConnectOnCall has compromised sensitive information belonging to more than 910,000 patients. The telehealth service, owned by Phreesia, experienced unauthorised access between February and May 2024, exposing names, phone numbers, medical details, and in some cases, Social Security numbers. Phreesia promptly took action after discovering the breach, enlisting cybersecurity experts and notifying federal authorities.
ConnectOnCall facilitates after-hours communication for healthcare providers, making the data theft particularly alarming due to the permanent and sensitive nature of health records. Cybercriminals may use this information for identity theft, fraudulent insurance claims, and targeted phishing attacks. Phreesia has since taken the service offline, offering identity and credit monitoring to affected patients, while working to implement more robust security measures.
The breach highlights the growing threat posed by cyberattacks on US healthcare platforms, where data is not only invaluable but also irreplaceable. Experts urge vigilance, such as monitoring accounts, using strong passwords, and employing identity theft protection. With incidents like this on the rise, calls are growing for stricter regulations to safeguard patient information and prevent similar breaches in the future.
