Malta called for urgent international action against the misuse of cyberspace and its significant impact on societies, governments, critical infrastructure, and global peace and security. Malta’s pivotal role as the President of the Organisation for Security and Cooperation in Europe (OSCE) is highlighted, with a strong focus on enhancing cybersecurity during its term.
Minister for Foreign and European Affairs and Trade Ian Borg has called for increased cyber resilience among OSCE member countries, emphasising the need for cooperation between governments and stakeholders to tackle cyber threats effectively.
The advancements in AI present both opportunities and challenges for cybersecurity. While AI can enhance security measures, it also introduces new vulnerabilities like sophisticated cyber-attacks, deepfakes, and disseminating fake news. Minister Borg stressed the importance of effectively harnessing AI technology to combat cyber threats while preventing misuse.
Minister Borg also criticised the Russian Federation for its malicious cyber activities, particularly in the context of its invasion of Ukraine, highlighting the risks posed to critical infrastructure and essential services. He called for Russia to cease its aggression, underscoring the broader implications for global security and stability. He concluded by emphasising the necessity for enhanced cybersecurity measures and international cooperation to address the evolving nature of cyber threats in today’s interconnected world.
Leaders of Fortune 500 companies developing AI applications face a potential nightmare: hackers tricking AI into revealing sensitive data. Zurich-based startup Lakera has raised $20 million to address this issue. The funding round, led by Atomico with participation from Citi Ventures and Dropbox Ventures, brings Lakera’s total funding to $30 million. Lakera’s platform, used by companies like Dropbox and Citi, allows businesses to set guardrails for generative AI, protecting against prompt injection attacks.
Lakera CEO David Haber highlighted the importance of safety and security as companies integrate generative AI into critical functions. Existing security teams encounter new challenges in securing these applications. Lakera’s platform, built on internal AI models, ensures that generative AI applications do not take unintended actions. Customers can specify the context and policies for AI responses, preventing the disclosure of sensitive information.
A unique advantage for Lakera is Gandalf, an online AI security game used by millions, including Microsoft. The game generates a real-time database of AI threats, keeping Lakera’s software updated with thousands of new attacks daily. That helps in maintaining robust security measures for their clients.
Lakera competes in the generative AI security landscape with startups like HackerOne and BugCrowd. Matt Carbonara of Citi Ventures praised Lakera’s focus on prompt injection attacks and its team’s capability to build the necessary countermeasures for new attack surfaces.
A global system failure on 19 July 2024, caused by a CrowdStrike Windows update, left gate screens blue and blank at airports worldwide. The update resulted in failures with Windows servers, virtual machines, and end point systems, affecting 8.5 million devices. Experts believe the update may have skipped quality checks, leading to widespread ‘blue screens of death’ and inoperable systems.
Organisations have struggled to restore operations, with Gartner releasing guidelines for immediate and long-term measures. Security teams are advised to be vigilant for opportunistic attacks, such as phishing and ransomware, as hackers exploit the chaos. The incident underscores the importance of resilience in the face of interconnected system vulnerabilities.
Chris Morales of Netenrich warned of potential phishing attacks, credential stuffing, and brute-force breaches during the outage. Gartner also highlighted the need to manage employee burnout as help desk staff face increased workloads. Ensuring temporary measures are properly decommissioned will be crucial to avoid further issues.
Long-term recommendations include focusing on resilience through redundant systems, continuous data backup, and comprehensive supply chain oversight. Jenna Wells of Supply Wisdom emphasised the importance of proactive business continuity plans to mitigate future incidents, stating that it’s not a matter of if but when an event will occur.
Cybersecurity startup Wiz has declined a $23 billion acquisition offer from Google’s parent company, Alphabet, opting to pursue its initial plan of an initial public offering (IPO). CEO Assaf Rappaport confirmed the decision in a memo, highlighting the company’s goals of reaching $1 billion in annual recurring revenue and proceeding with the IPO.
CrowdStrike Holdings Inc. CEO George Kurtz announced that the company has identified and fixed the update that caused Windows systems to crash globally. Kurtz emphasised that the incident was not a security breach or cyberattack. The issue stemmed from CrowdStrike’s Falcon Sensor threat-monitoring product, which coincided with disruptions in Microsoft’s Azure cloud services, leading to widespread IT outages.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
The outages affected several major companies, including McDonald’s, United Airlines, and the LSE Group, which reported communication issues. KLM had to suspend most flights due to the global computer outage. Despite the swift deployment of a fix, CrowdStrike’s shares fell 16% in premarket trading.
The following incident highlights the interconnected nature of modern IT infrastructure and the far-reaching impact of technical issues. CrowdStrike’s quick response helped mitigate further disruptions, but the event underscores the importance of robust and resilient IT systems.
A major tech outage on Friday disrupted operations across various industries worldwide. Airlines such as American, Delta, and United grounded flights due to communication issues, while airports in Tokyo, Amsterdam, and Berlin reported delays. The disruption extended to financial services, with banks and stock exchanges experiencing significant interruptions. Microsoft’s cloud services and Amazon’s AWS were also impacted, further complicating matters.
The root cause of the outage was traced to a software update by cybersecurity firm CrowdStrike. Their Falcon Sensor software caused Microsoft Windows systems to crash, displaying the notorious ‘Blue Screen of Death.’ CrowdStrike has begun rolling back the problematic update, offering a manual workaround to mitigate the issue. Despite the widespread impact, there was no indication that the outage was due to a cyberattack.
The outage’s ripple effect was felt globally, hitting healthcare and media sectors. Sky News went off air in the UK, and doctors’ booking systems were down. In Australia, telecom companies and banks faced disruptions linked to CrowdStrike’s software issues. As companies work to restore their systems, the global scope of the outage underscores the interconnected nature of modern technology infrastructure.
A US judge has dismissed most of an SEC lawsuit against software company SolarWinds, which accused it of defrauding investors by concealing security weaknesses linked to a Russia-backed cyberattack. Judge Paul Engelmayer ruled that claims against SolarWinds and its chief information security officer, Timothy Brown, were based on ‘hindsight and speculation’ and lacked concrete evidence.
The judge dismissed most claims related to statements made before the cyberattack, except for one regarding a statement on SolarWinds’ website about its security controls. The SEC had alleged that SolarWinds hid its cybersecurity vulnerabilities before the attack and downplayed its severity afterwards. SolarWinds expressed satisfaction with the decision, calling the remaining claim factually inaccurate.
The cyberattack, known as Sunburst, targeted SolarWinds’ Orion software platform and compromised several US government networks, including the Departments of Commerce, Energy, Homeland Security, State, and Treasury. The US government has attributed the attack to Russia, which has denied involvement.
This case, filed last October, was notable for being one of the first where the SEC sued a company that was a victim of a cyberattack without announcing a settlement. It is also rare for the SEC to sue public company executives not closely involved in preparing financial statements.
A recent survey conducted by Nikkei Research for Reuters shows a significant divide among Japanese companies regarding AI adoption. Of the 250 firms that responded, 24% have integrated AI into their operations, while 35% plan to do so. However, 41% have no plans to implement the technology, highlighting varying levels of enthusiasm for AI across corporate Japan. Key motivations for adopting AI include addressing workforce shortages, reducing labour costs, and accelerating research and development.
Despite Japan’s initially laid back approach to AI regulation, several obstacles hinder AI adoption, including employee anxiety over potential job losses, lack of technological expertise, high capital expenditure, and concerns about AI’s reliability. Cybersecurity also emerged as a critical issue, with 15% of respondents experiencing cyberattacks in the past year and 9% reporting attacks on their business partners. To enhance cybersecurity, 47% of firms outsource their defence, while 38% rely on in-house specialists.
The survey also touched on the controversial topic of Japan’s surname law, which mandates that spouses use the same surname. Half of the respondents support changing the law, a move prompted by the Keidanren business lobby’s recent appeal to the government. Supporters argue that the current system undermines individual dignity and freedom, particularly for women, while opponents believe separate surnames could weaken family bonds. Only 14% of firms believe the change would boost employee morale, and 10% think it would aid hiring efforts, with the majority expecting no significant impact on business.
The UK government plans to introduce a Cyber Security and Resilience Bill to enhance national cyber-resilience, as announced in the King’s Speech on 17 July 2024. The bill aims to strengthen defences and protect essential digital services, focusing on critical infrastructure providers and expanding the scope of current regulations.Plans Cyber Security and Resilience Bill to Protect Critical Infrastructure
The new legislation will introduce mandatory ransomware reporting, helping authorities better understand the scale of the threat and alert them to potential attacks. It also grants new powers to regulators and extends the scope of existing regulations to include more digital services and supply chains. This initiative responds to heightened cyber threats, such as recent high-profile cyber-attacks on the NHS and the Ministry of Defence.
According to Stuart Davey of Pinsent Masons, the bill builds on previous efforts to reform the UK’s NIS regime. Dominic Trott of Orange Cyberdefense emphasised the importance of updating the regulatory framework to protect supply chains, a significant threat vector for attackers. Martin Greenfield of Quod Orbis added that the bill would help the Labour government deliver on its promise to boost economic growth.
A separate Digital Information and Smart Data Bill will be introduced, incorporating many measures from the Data Protection and Digital Information Bill, which failed to pass in the last parliament. This move aims to create a more secure and prosperous digital economy.
The US Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch a critical vulnerability in the GeoTools plugin of GeoServer by 5 August 2024. This open-source server, written in Java, is used for sharing, processing, and editing geospatial data.
The remote code execution (RCE) flaw, identified as CVE-2024-36401, is actively exploited in the wild. It allows unauthenticated attackers to execute code remotely via specially crafted input.
CISA added GeoServer CVE-2024-36401 to its Known Exploited Vulnerability Catalog https://t.co/0jvga7TBFr
We first observed CVE-2024-36401 "POST /geoserver/wfs" exploitation July 9th in our sensors. Check for signs of compromise & patch https://t.co/CTcIZzwtsI
— The Shadowserver Foundation (@Shadowserver) July 16, 2024
GeoServer maintainers have addressed the issue in versions 2.23.6, 2.24.4, and 2.25.2, urging users to upgrade immediately.
Why does it matter?
Despite the unclear origin of the exploitation, a proof-of-concept code for this vulnerability surfaced recently online. The Shadowserver Foundation detected exploitation signs on July 9, advising users to check for compromises and apply patches. While the CISA directive targets federal agencies, it is also recommended for private enterprises to follow suit for enhanced security.
