Unacast has informed Norwegian authorities of a data breach involving its subsidiary Gravy Analytics. The announcement was revealed in a notice published by Norwegian broadcaster NRK.
The breach involved a compromised web server using a misappropriated key, with some stolen files potentially containing personal data. Unacast’s legal representatives, BakerHostetler, confirmed the breach was discovered on 4 January, though the exact timing remains under investigation.
Repeated attempts to reach Unacast and its legal team for comment have gone unanswered. Norway’s data protection authority also could not be reached for further statements after business hours on Friday.
Education technology provider PowerSchool has suffered a major data breach, exposing the personal information of millions of students and teachers. Hackers gained access to its systems by exploiting stolen credentials, using a tool within the company’s PowerSource support portal to export sensitive data.
The stolen records include names, addresses, and potentially more sensitive details such as Social Security numbers and medical information in the US and Canada. PowerSchool, which manages academic records for over 60 million K-12 students, assured customers that not all users were affected. However, the breach has left schools scrambling to assess the damage.
PowerSchool insists the hack wasn’t due to a flaw in its software but was a result of unauthorised access using legitimate credentials. The company has engaged cybersecurity experts to investigate and taken steps to improve security, including deactivating compromised accounts and strengthening password controls.
Critics argue that PowerSchool was slow to inform customers, potentially putting students, parents, and educators at greater risk of identity theft. While PowerSchool is offering affected users credit monitoring and identity protection services, the incident has sparked calls for stricter regulations on data security in the education sector.
President Joe Biden is preparing to introduce a new executive order aimed at strengthening cybersecurity standards for federal agencies and contractors. The proposed measures address growing threats from Chinese-linked cyber operations and criminal cyberattacks, which have targeted critical infrastructure, government emails, and major telecom firms. Under the draft order, contractors must adhere to stricter secure software development practices and provide documentation to be verified by the Cybersecurity and Infrastructure Security Agency (CISA).
The order highlights vulnerabilities exposed by recent cyber incidents, including the May 2023 breach of US government email accounts, attributed to Chinese hackers. New guidelines will also focus on securing access tokens and cryptographic keys, which were exploited during the attack. Contractors whose security practices fail to meet standards may face legal consequences, with referrals to the attorney general for further action.
While experts like Tom Kellermann of Contrast Security support the initiative, some criticise the timeline as insufficient given the immediate threats posed by adversaries like China and Russia. Brandon Wales of SentinelOne views the order as a continuation of efforts across the past two administrations, emphasising the need to enhance existing cybersecurity frameworks while addressing a broad range of threats.
The order underscores Biden’s commitment to cybersecurity as a pressing national security issue. It comes amid escalating concerns about foreign cyber operations and aims to solidify protections for critical US systems before the transition to new leadership.
Business email compromise (BEC) scams are on the rise, targeting companies through highly deceptive tactics. These scams involve cybercriminals hacking into legitimate email accounts and tricking victims into transferring large sums of money. Recently, a small business narrowly avoided a major financial loss when a scammer posed as its owner, sending fraudulent wiring instructions to the company’s bank. Quick action by the business owner and a vigilant banker prevented the funds from being transferred.
Experts warn that BEC scams rely less on technical vulnerabilities and more on exploiting trust between businesses and their partners. Hackers often gain access through phishing attacks, installing malicious software, or guessing weak passwords. Once inside an email account, they may create hidden rules to intercept or forward messages, concealing their activities until it’s too late.
To counter these threats, cybersecurity professionals recommend measures such as enabling two-factor authentication, regularly updating passwords, and monitoring email account activity for unusual changes. Businesses are also advised to verify financial transactions using secondary methods, such as phone calls, to confirm the legitimacy of requests.
With global losses from BEC scams amounting to billions, the stakes are high. By taking proactive steps to enhance security, businesses can protect themselves from falling victim to these sophisticated schemes.
Dragos and Singapore’s Digital and Intelligence Service (DIS) are collaborating to enhance cybersecurity capabilities through a strategic partnership focusing on planning, training, and exchanging information about cyber threats. The agreement, announced during the Critical Infrastructure Defence Exercise (CIDeX) 2024, aims to fortify the defence of Singapore’s critical infrastructure and increase its resilience to cyber attacks.
The partnership builds on Dragos’s long-standing collaboration with Singapore, including a previous agreement in August 2023 with the Cyber Security Agency (CSA) to improve operational technology (OT) cybersecurity. DIS emphasised the importance of expanding cybersecurity partnerships across sectors, while Dragos commended Singapore’s proactive approach to cybersecurity as an example for other nations to follow.
That partnership underscores the shared commitment of both parties to secure critical infrastructure amid an evolving cyber threat landscape. By leveraging their expertise, Dragos and DIS aim to provide Singapore with the necessary tools and knowledge to navigate emerging challenges, ensuring the protection of its infrastructure and citizens.
Hong Kong is advancing its digital economy and smart city initiatives, striving to become a global leader in digital transformation. To support this vision, the Hong Kong Institute of Information Technology (HKIIT) and the Office of the Government Chief Information Officer (OGCIO) have partnered to enhance digital literacy, strengthen cybersecurity, and promote digital transformation in public and government sectors.
The collaboration focuses on specialised training programs covering emerging technologies, cybersecurity, and data analytics to equip public sector employees and industry professionals with critical skills. Practical exercises like real-world cybersecurity simulations aim to improve awareness and resilience against cyber threats. Additionally, data literacy training is prioritised to help public employees utilise data for decision-making and service improvement, aligning with Hong Kong’s goals of innovation and efficiency.
Beyond training, community events like competitions and seminars promote digital awareness, fostering a culture of innovation and collaboration. The initiative builds on prior efforts, such as the ‘Cyber Security Drill 2024’ and certification programs, while future plans aim to expand its reach across more government departments and organisations.
The Vocational Training Council (VTC), Hong Kong’s largest provider of vocational and professional education, plays a key role in these efforts by supporting the city’s innovation agenda and equipping individuals with the skills needed to succeed in a rapidly evolving digital landscape. Through partnerships like the one with OGCIO, VTC institutions such as HKIIT contribute to strengthening the city’s workforce and ensuring its readiness for the challenges of digital transformation.
The White House unveiled a new label, the Cyber Trust Mark, for internet-connected devices like smart thermostats, baby monitors, and app-controlled lights. This new shield logo aims to help consumers evaluate the cybersecurity of these products, similar to how Energy Star labels indicate energy efficiency in appliances. Devices that display the Cyber Trust Mark will have met cybersecurity standards set by the US National Institute of Standards and Technology (NIST).
As more household items, from fitness trackers to smart ovens, become internet-connected, they offer convenience but also present new digital security risks. Anne Neuberger, US Deputy National Security Advisor for Cyber, explained that each connected device could potentially be targeted by cyber attackers. While the label is voluntary, officials hope consumers will prioritise security and demand the Cyber Trust Mark when making purchases.
The initiative will begin with consumer devices like cameras, with plans to expand to routers and smart meters. Products bearing the Cyber Trust Mark are expected to appear on store shelves later this year. Additionally, the Biden administration plans to issue an executive order by the end of the president’s term, requiring the US government to only purchase products with the label starting in 2027. The program has garnered bipartisan support, officials said.
Israeli cybersecurity companies raised $4 billion in 2024, more than doubling the previous year’s total, according to venture capital firm YL Ventures. The sector, a key driver of Israel’s economy, saw strong investment growth despite geopolitical challenges. Cloud security and AI played a significant role in attracting funding, with early-stage startups securing $400 million across 50 seed rounds.
Investment in later-stage cybersecurity firms also surged, with growth-stage funding rounds raising $2.9 billion—an increase of 300% from 2023. The expansion reflects growing global confidence in Israel’s cybersecurity industry, which is increasingly recognised as a leader in the field. YL Ventures highlighted the role of Israeli military intelligence units in fostering a culture of innovation and entrepreneurship that strengthens the sector.
The ongoing war following Hamas’s October 2023 attack has added pressure on tech founders, many of whom have been called into military service. Industry leaders have had to navigate operational challenges while maintaining business continuity. Looking ahead to 2025, venture capital firms anticipate continued investment growth, particularly in early and mid-stage funding rounds, as cybersecurity remains a global priority.
Recent reports reveal that Chinese hackers have compromised a broader range of US telecommunications companies than previously known. In addition to earlier breaches involving AT&T and Verizon, the cyberattacks have now been found to affect Charter Communications, Consolidated Communications, Windstream, Lumen Technologies, and T-Mobile. The hacking group, identified as Salt Typhoon and linked to Chinese intelligence, exploited vulnerabilities in network devices from security vendors such as Fortinet and Cisco Systems.
The Wall Street Journal reports that US National Security Adviser Jake Sullivan informed telecommunications and technology executives in a confidential meeting in late 2023 that these hackers had developed the capability to disrupt critical US infrastructure, including ports and power grids. While companies like AT&T and Verizon have stated that their networks are now secure and that they are collaborating with law enforcement, concerns persist about the extent and impact of these breaches.
China has denied involvement in these cyber activities, accusing the United States of disseminating disinformation. Nonetheless, the revelations have intensified discussions about national security and the resilience of US critical infrastructure against sophisticated cyber threats. The situation underscores the ongoing challenges in safeguarding sensitive communications and infrastructure from state-sponsored cyber espionage.
Healthcare organizations in the US may face stricter cybersecurity rules to address the growing threat of data breaches. Proposals introduced by the Biden administration seek to prevent sensitive patient information from being leaked through hacking or ransomware attacks. Measures include mandatory encryption and compliance checks to enhance network security.
Data breaches have exposed the healthcare information of over 167 million people in 2023 alone, according to Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology. The updated standards, introduced by the Office for Civil Rights under the Health Insurance Portability and Accountability Act (HIPAA), are estimated to cost $9 billion in the first year and $6 billion annually in subsequent years.
Officials highlighted the rising danger of healthcare cyberattacks, with hacking and ransomware incidents increasing by 89% and 102% respectively since 2019. Hospitals often face operational disruption, while leaked data can lead to blackmail. A 60-day public comment period will allow stakeholders to provide input before finalising the rules.
The new standards are designed to safeguard healthcare networks and protect Americans’ private information, including mental health records. Strengthened cybersecurity is expected to reduce vulnerabilities and ensure the safety of critical healthcare systems.
