Snapchat is positioning itself as a healthier social media alternative for teens, with CEO Evan Spiegel emphasising the platform’s different approach at the company’s annual conference. Recent research from the University of Amsterdam supports this view, showing that while platforms like TikTok and Instagram negatively affect youth mental health, Snapchat use appears to have positive effects on friendships and well-being.
However, critics argue that Snapchat’s disappearing messages feature can facilitate illegal activities. Matthew Bergman, an advocate for social media victims, claimed the platform has been used by drug dealers, citing instances of children dying from fentanyl poisoning after buying drugs via the app. Despite these concerns, Snapchat remains popular, particularly with younger users.
Industry analysts recognise the platform’s efforts but highlight its ongoing challenges. As Snapchat continues to grow its user base, balancing privacy and safety with revenue generation remains a key issue, especially as it struggles to compete with bigger players like TikTok, Meta, and Google for advertising.
Snapchat’s appeal lies in its low-pressure environment, with features like disappearing stories and augmented reality filters. Young users, like 14-year-old Lily, appreciate the casual nature of communication on the platform, while content creators praise its ability to offer more freedom and reduce social pressure compared to other social media platforms.
Canada’s central bank has halted its plans to develop a Central Bank Digital Currency (CBDC), focusing instead on research as other nations like China and Nigeria press ahead. The Bank of Canada initially launched the project in 2017 to explore the potential of a digital Canadian dollar. However, after years of investigation and public consultations, the bank has decided to rethink its approach due to low public interest and security concerns.
A recent survey revealed that 87% of Canadians said they would never use a digital currency, with 92% expressing a preference for traditional payment methods. Major concerns included cybersecurity threats and the privacy of digital transactions. Despite this, the central bank had maintained that the digital dollar would not replace paper currency but serve as a simplified way to make online payments.
While Canada shifts away from its CBDC project, other countries are making progress. China’s digital yuan pilot, for example, has already facilitated nearly $986 billion in transactions, making it the largest initiative worldwide. Global efforts to introduce CBDCs continue to grow, driven in part by geopolitical events and changing payment technologies.
The International Telecommunication Union (ITU) recently hosted the Digital Skills Forum in Manama, Bahrain, addressing the pressing need for digital skills in today’s technology-driven society. With nearly 700 participants from 44 countries, the forum emphasised urgent calls to action aimed at bridging the digital skills gap that affects billions around the globe.
‘Digital skills have the power to change lives,’ asserted Doreen Bogdan-Martin, ITU Secretary-General, highlighting the union’s dedication to fostering an inclusive digital society. In response to this challenge, ITU introduced the ‘Digital Skills Toolkit 2024,’ a comprehensive resource to support policymakers and stakeholders in crafting effective national strategies to close digital skills gaps.
That toolkit seeks to empower diverse sectors, including private enterprises and academic institutions, by providing essential insights and resources within an ever-evolving technological landscape. Furthermore, the forum underscored the importance of lifelong learning and continuous upskilling, particularly in advanced fields such as AI and cybersecurity. ‘Addressing the digital skills gap requires strong partnerships and a commitment to investing in digital education,’ emphasised Cosmas Luckyson Zavazava, Director of ITU’s Telecommunication Development Bureau.
Bahrain’s leadership in promoting digital skills was prominently featured, reflecting its dedication to international cooperation and innovation. Young entrepreneurs showcased their innovative approaches to digital education, demonstrating the transformative potential of technology in shaping the future.
The NCSC has collaborated with cybersecurity agencies from the United States, Australia, Canada, and New Zealand to effectively address the global botnet threat. That joint effort underscores the importance of international cooperation in tackling cyber threats that span multiple countries.
By combining their expertise and resources, these agencies have been able to produce a comprehensive advisory that provides detailed information on the botnet’s operation, its impact, and the types of devices it targets. Consequently, this collaboration ensures a robust and unified response to the threat, reflecting the global commitment to enhancing cybersecurity.
Moreover, the advisory issued by these agencies details how the botnet, managed by Integrity Technology Group and used by the cyber actor Flax Typhoon, exploits vulnerabilities in internet-connected devices. It includes technical information on the botnet’s activities, such as malware distribution and Distributed Denial of Service (DDoS) attacks, and offers practical mitigation strategies.
Therefore, it underscores the need for updating and securing devices to prevent them from becoming part of the botnet, providing crucial guidance to individuals and organisations seeking to protect their digital infrastructure. In addition, this international collaboration serves to promote proactive security measures and raise awareness about cybersecurity best practices. The joint advisory encourages users to safeguard their devices and avoid contributing to malicious activities immediately.
China’s National Information Security Standardization Technical Committee (TC260) introduced new guidelines titled ‘Cybersecurity Standard Practice Guidelines – Sensitive Personal Information Identification.’ These guidelines establish clear criteria for what constitutes sensitive personal information. Specifically, personal data is deemed sensitive if its unauthorised disclosure or misuse could harm an individual’s dignity, jeopardise their safety, or threaten their property.
In addition, the guidelines outline several key categories of sensitive personal information, such as biometric data, religious beliefs, specific identity details, medical and health information, financial account details, movement tracking data, and personal information of minors. Each category is illustrated with examples to assist organisations in effectively identifying and managing sensitive data.
Furthermore, the TC260 emphasises the necessity of evaluating individual data points and their combined effects when determining the sensitivity of personal information. That comprehensive approach ensures a nuanced understanding of the potential impacts of data breaches or misuse. By considering both isolated pieces of information and their possible cumulative effects, the guidelines provide a robust framework for assessing the risk levels associated with different data types.
Moreover, the TC260 underscores existing laws and regulations in China that may also define sensitive personal information. This reinforces the importance of organisations remaining informed about legal requirements and adhering to all relevant standards for safeguarding sensitive data.
The National Security Agency (NSA), in conjunction with the Federal Bureau of Investigation (FBI), United States Cyber Command’s Cyber National Mission Force (CNMF), and international allies, has issued a critical cybersecurity advisory. Titled ‘People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations,’ the advisory reveals the extensive activities of cyber actors affiliated with the People’s Republic of China (PRC).
These actors have breached internet-connected devices worldwide, establishing a massive botnet. To address this threat, the NSA has outlined several key mitigations aimed at helping device vendors, owners, and operators secure their devices and networks. These recommendations include regularly applying patches and updates, turning off unused services and ports, replacing default passwords with strong alternatives, and implementing network segmentation to reduce IoT device risks.
Furthermore, the advisory suggests monitoring network traffic for signs of DDoS attacks, planning device reboots to eliminate non-persistent malware, and upgrading outdated equipment with supported models. Moreover, NSA Cybersecurity Director Dave Luber has emphasised the importance of the advisory, noting that it provides crucial and timely insights into the botnet’s infrastructure, the geographical distribution of the compromised devices, and effective mitigation strategies.
According to the advisory, the botnet encompasses thousands of devices across various sectors, with over 260,000 devices compromised in North America, Europe, Africa, and Southeast Asia as of June 2024. Consequently, this extensive network of affected devices highlights the urgent need for enhanced security measures to protect against such pervasive cyber threats.
BlackDice and Bin Omran Trading and Telecommunication have launched a strategic partnership to enhance Qatar’s cybersecurity infrastructure significantly. Combining their expertise will deliver state-of-the-art cybersecurity solutions, with BlackDice leveraging its AI-powered security and data intelligence to safeguard critical infrastructure and sensitive information.
Additionally, their collaboration will focus on strengthening the cybersecurity capabilities of major telecom operators in the region, thereby boosting network resilience and protecting extensive personal and financial data. Consequently, this comprehensive approach supports DA2030’s goal of creating a secure and resilient digital environment essential for Qatar’s economic diversification and social development.
By addressing the evolving needs of the digital landscape in Qatar, BlackDice and Bin Omran Trading and Telecommunication contribute to the nation’s ambition of becoming a global leader in technology and connectivity and ensuring robust protection against emerging cyber threats.
The American Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a key initiative designed to enhance federal cybersecurity across over 100 FCEB agencies. That plan establishes a framework for coordinated support and services, aiming to reduce cyber risks through a unified defence strategy.
The FOCAL Plan prioritises five key areas to advance operational cybersecurity: Asset Management, which focuses on understanding and managing the cyber environment and interconnected assets; Vulnerability Management, aimed at proactively protecting against threats and assessing defensive capabilities; Defensible Architecture, which emphasises building resilient infrastructure; Cyber Supply Chain Risk Management (C-SCRM), to identify and mitigate risks from third parties; and Incident Detection and Response, designed to enhance Security Operations Centers (SOCs) in managing and limiting the impact of security incidents.
The US Cybersecurity and Infrastructure Security Agency (CISA) also notes that while the FOCAL Plan is tailored for federal agencies, it provides valuable insights for public and private sector organisations. It is a practical guide for developing effective cybersecurity strategies and improving coordination across enterprise security capabilities. Rather than offering an exhaustive checklist, the FOCAL Plan prioritises key actions that will drive significant advancements in cybersecurity and alignment goals within the federal sector.
The Cybersecurity and Infrastructure Security Agency (CISA) have urged federal agencies to either remove or upgrade an outdated Ivanti appliance that has been exploited in recent attacks.
Ivanti updated its advisory, warning that a ‘limited number of customers’ had been breached due to the vulnerability CVE-2024-8190, which was disclosed earlier in the week. The flaw affects Ivanti’s Cloud Service Appliance (CSA), a tool used for secure internet communication and managing devices connected to central consoles. Exploitation of this bug, which the CISA confirmed, allows hackers to gain access to the affected device.
CISA has mandated that all federal civilian agencies remove the appliance or upgrade to version 5.0 by October 4. Ivanti advised customers to check for any new or modified administrative users, which could indicate exploitation of the bug, and to monitor security alerts with specific tools.
This advisory came just one day after another Ivanti vulnerability raised concerns. The company, which faced significant scrutiny after a series of high-profile nation-state attacks exploited its products earlier this year, has committed to a security overhaul.
Microsoft is developing an alternative platform for cybersecurity companies that currently rely on deep access to its operating system’s kernel layer, following a global IT crisis caused by a faulty CrowdStrike update. In response to customer and partner demand, Microsoft announced plans to design a ‘new platform capability’ that would allow security vendors to operate without needing kernel-level access, which is the most critical layer of the OS.
This initiative aims to improve system reliability while maintaining strong security. The shift will require significant changes not only for Microsoft but also for external cybersecurity firms that use kernel access to detect threats. Microsoft explained that newer versions of Windows provide more ways for cybersecurity vendors to offer services outside of the kernel layer. However, some in the security industry believe kernel access is still essential for innovation and advanced threat detection.
Sophos’ Chief Research Officer, Simon Reed, emphasised that kernel access is vital for security products, describing it as fundamental to both Sophos’ offerings and Windows endpoint security in general. ESET echoed this sentiment, supporting changes to the Windows ecosystem as long as they do not weaken security or limit cybersecurity solution options. Both companies argue that restricting kernel access would hinder innovation and the detection of future threats.
The debate over kernel access is unlikely to result in major changes soon, as security companies fear it could give Microsoft’s own security products an unfair advantage. Given Microsoft’s antitrust history, this issue could end up in court, with government officials from the US and Europe closely monitoring developments.
