cybersecurity

Visa and ADGM Academy partner to drive UAE financial innovation

Visa and ADGM Academy collaborate to advance innovation and talent development within the UAE’s financial sector. The partnership will focus on joint research and development in key areas such as cybersecurity, AI, and fintech, fostering innovation within the UAE’s financial community.

Also, Visa will offer certification programs through Visa University at ADGM Academy to upskill professionals, support Emiratization efforts, and prepare the workforce for the challenges of a digital economy. That collaboration aligns with national strategies like ‘We the UAE 2031’ and the UAE Central Bank’s Financial Infrastructure Transformation Program, contributing to the country’s economic diversification and digital transformation goals.

The partnership also exemplifies a successful public-private collaboration to strengthen Abu Dhabi’s position as a leading financial hub. By combining Visa’s expertise in digital payments and fintech with ADGM Academy’s world-class training and research capabilities, both entities seek to drive sustainable growth and innovation in the UAE’s financial sector.

That alliance is vital in developing a future-ready workforce and supporting the UAE’s broader vision of a knowledge-based, digitally empowered economy.

Court ruling threatens TikTok ban in US

A US federal appeals court has upheld a law requiring TikTok’s Chinese parent company, ByteDance, to sell its US operations by 19 January or face a nationwide ban. The ruling marks a significant win for the Justice Department, citing national security concerns over ByteDance’s access to Americans’ data and its potential to influence public discourse. TikTok plans to appeal to the Supreme Court, hoping to block the divestment order.

The decision reflects bipartisan efforts to counter perceived threats from China, with Attorney General Merrick Garland calling it a vital step in preventing the Chinese government from exploiting TikTok. Critics, including the ACLU, argue that banning the app infringes on First Amendment rights, as 170 million Americans rely on TikTok for creative and social expression. The Chinese Embassy denounced the ruling, warning it could damage US-China relations.

Unless overturned or extended by President Biden, the law could also set a precedent for restricting other foreign-owned apps. Meanwhile, TikTok’s rivals, such as Meta and Google, have seen gains in the wake of the decision, as advertisers prepare for potential shifts in the social media landscape.

FCC targets cybersecurity in the telecom sector

FCC Chairwoman Jessica Rosenworcel has proposed requiring US communications providers to certify annually that they have plans to defend against cyberattacks. The move comes amid growing concerns over espionage by ‘Salt Typhoon,’ a hacking group allegedly linked to Beijing that has infiltrated several American telecom companies to steal call data.

Rosenworcel highlighted the need for a modern framework to secure networks as US intelligence agencies assess the impact of Salt Typhoon’s widespread attack. A senior US official confirmed the hackers had stolen metadata from numerous Americans, breaching at least eight telecom firms.

The FCC proposal, which Rosenworcel has circulated to other commissioners, would take effect immediately if approved. The announcement follows a classified Senate briefing on the breach, but industry giants like Verizon, AT&T, and T-Mobile have yet to comment.

Axiado aims to block cyberattacks with hardware innovation

With organisations facing an average of 1,300 cyberattacks per week, Axiado is stepping up with a novel defence: a specialised security chip designed to protect digital infrastructure. Founded in 2017, the Silicon Valley-based startup recently secured $60M in Series C funding led by Maverick Silicon, with participation from Samsung Catalyst Fund and other investors. This brings Axiado’s total funding to $140M.

Axiado’s chip defends against boot-level and runtime security threats, ensuring the integrity of devices from data centres to 5G base stations. It uses root-of-trust technology to prevent hardware tampering and leverages AI-powered analytics to detect malicious data patterns. The company’s chip is positioned as a complement to existing software-based cybersecurity measures, acting as a last line of defence against sophisticated attacks.

The new funds will support Axiado’s go-to-market efforts and help transition its products into mass production by 2025. CEO Gopi Sirineni highlights the growing need for hardware-based security solutions, particularly as the stakes rise in the fight against cybercrime. With partnerships like the one with Jabil to develop server cybersecurity solutions, Axiado is set to expand its reach while competing with industry heavyweights and open-source projects such as Google’s OpenTitan.

US official advises encryption amid alleged Chinese hacking efforts

A senior United States cybersecurity official has urged Americans to embrace encryption to safeguard their communications, citing ongoing efforts to expel alleged Chinese hackers from US telecom networks. Jeff Greene, Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), emphasised the importance of avoiding plaintext communications and recommending encrypted apps like Signal and WhatsApp.

US authorities have accused hackers from China of infiltrating telecommunications companies, such as T-Mobile, to access sensitive data, including call records and intercepted audio, predominantly from Washington, DC. Beijing has denied the allegations, calling them disinformation. Greene acknowledged that removing the hackers entirely from the networks could take an unpredictable amount of time, further underscoring the need for encryption to ensure secure communications.

The advice marks a notable shift from previous US government positions that questioned strong encryption’s impact on public safety. As concerns over foreign cyber intrusions grow, Greene’s remarks highlight encryption as a critical tool for Americans facing prolonged cybersecurity threats.

UK cyber security under growing threat

Hostile cyber activity targeting the UK has surged, with incidents increasing by 16% in 2024 compared to the previous year. The National Cyber Security Centre (NCSC) reported handling 430 incidents, up from 371 in 2023. Of these, 347 involved data exfiltration, while 20 were linked to ransomware, underscoring the growing risks.

Richard Horne from the NCSC revealed that adversaries are exploiting society’s reliance on technology to maximise disruption. The centre issued 542 notifications to affected organisations, more than doubling the number of alerts from the previous year. Critical infrastructure sectors such as energy, transport, and health remain particularly vulnerable to ransomware attacks.

The annual review from the NCSC emphasised the evolving nature of threats, warning of the potential for AI to enhance cyberattack complexity. Officials also noted that the risks posed by state actors and cybercriminals remain underestimated. Horne urged against complacency, highlighting the severity of both immediate and long-term dangers.

Efforts to counter these threats are intensifying, but experts stress the importance of strengthening defences and maintaining vigilance as the cyber landscape becomes increasingly hostile.

Cybersecurity chief warns of rising cyber risks in the UK

The UK faces an escalating cyber threat from hostile states and criminal gangs, according to Richard Horne, head of the National Cyber Security Centre (NCSC). In his first major speech, Horne warned that the severity of these risks is being underestimated, citing a significant rise in cyber incidents, particularly from Russia and China. He described Russia’s cyber activity as ‘aggressive and reckless’ while noting that China’s operations are highly sophisticated with growing global ambitions.

Over the past year, the NCSC responded to 430 cyber incidents, a marked increase from the previous year. Among them, 12 were deemed especially severe, a threefold rise from 2023. The agency highlighted the growing threats to critical infrastructure and supply chains, urging both public and private sectors to strengthen their cyber defences. The UK also faces a growing number of ransomware attacks, often originating from Russia, which target key organisations like the British Library and healthcare services.

Horne emphasised the human costs of cyber-attacks, citing how these incidents disrupt vital services like healthcare and education. The rise in ransomware, often linked to Russian criminal gangs, is a major concern, and the NCSC is working to address these challenges. The agency’s review also pointed to increasing cyber activity from China, Iran, and North Korea, with these states targeting the UK’s infrastructure and private sector.

Experts like Professor Alan Woodward of Surrey University echoed Horne’s concerns, urging the UK to step up its cybersecurity efforts to keep pace with evolving threats. With adversaries growing more sophisticated, the government and businesses must act swiftly to protect the country’s digital infrastructure.

Meta tightens financial ad rules in Australia

Meta Platforms announced stricter regulations for advertisers promoting financial products and services in Australia, aiming to curb online scams. Following an October initiative where Meta removed 8,000 deceptive ‘celeb bait’ ads, the company now requires advertisers to verify beneficiary and payer details, including their Australian Financial Services License number, before running financial ads.

This move is part of Meta’s ongoing efforts to protect Australians from scams involving fake investment schemes using celebrity images. Verified advertisers must also display a “Paid for By” disclaimer, ensuring transparency in financial advertisements.

The updated policy follows a broader regulatory push in Australia, where the government recently abandoned plans to fine internet platforms for spreading misinformation. The crackdown on online platforms is part of a growing effort to assert Australian sovereignty over foreign tech companies, with a federal election looming.

India introduces new rules for critical telecom infrastructure

The government of India introduced the Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024, on 22 November, which require telecom entities designated as Critical Telecommunication Infrastructure (CTI) to grant government-authorised personnel access to inspect hardware, software, and data. These rules are part of the Telecommunications Act, 2023, empowering the government to designate telecom networks as CTI if their disruption could severely impact national security, the economy, public health, or safety.

The rules mandate that telecom entities appoint a Chief Telecom Security Officer (CTSO) to oversee cybersecurity efforts and report incidents within six hours, a revised deadline from the original two hours proposed in the draft rules. This brings the telecom sector in India in line with existing Telecom Cyber Security Rules and CERT-In directions, though experts argue that the six-hour window does not meet global standards and may contribute to over-regulation.

Telecom networks are already governed under the Information Technology Act, creating potential overlaps with other regulatory frameworks such as the National Critical Information Infrastructure Protection Centre (NCIIPC). The rules also raise concerns about inspection protocols and data access, as they lack clarity on when inspections can be triggered or what limitations should be placed on government personnel accessing sensitive information.

Experts have also questioned the accountability measures in case of abuse of power and the potential for government officials to access the personal data of telecom subscribers during these inspections. To implement these rules, telecom entities must provide detailed documentation to the government, including network architecture, access lists, cybersecurity plans, and security audit reports. They must also maintain logs and documentation for at least two years to assist in detecting anomalies.

Additionally, remote maintenance or repairs from outside India require government approval, and upgrades to hardware or software must be reviewed within 14 days. Immediate upgrades are allowed during cybersecurity incidents, with notification to the government within 24 hours. A digital portal will be established to manage these rules, but concerns about the lack of transparency in communications have been raised. Finally, all CTI hardware, software, and spares must meet Indian Telecommunication Security Assurance Requirements.

T-Mobile prevents cyberattack, safeguarding customer data

T-Mobile has reported recent attempts by cyber attackers to infiltrate its systems. The US telecom giant confirmed that its security measures successfully prevented access to sensitive customer data, including calls, voicemails, and texts. The intrusion originated from a compromised network connected to T-Mobile’s systems, prompting the company to sever the connection.

The attackers’ traits resembled those of Salt Typhoon, a Chinese-linked cyber espionage group, though T-Mobile has not confirmed their identity. The firm’s Chief Security Officer, Jeff Simon, stated that customer information remained secure, with no disruption to services. Findings were reported to the US government for further investigation.

Simon attended a White House meeting last week to discuss escalating cyber threats. The FBI and the Cybersecurity & Infrastructure Security Agency recently disclosed an ongoing investigation into a Chinese-linked espionage campaign targeting several US telecom providers.

The broader operation reportedly infiltrated multiple companies, stealing sensitive call data and accessing private communications. Such breaches compromised the devices of individuals in government and politics, including campaign staff during the 2020 US presidential election, raising concerns about national security.