A recent survey conducted by Nikkei Research for Reuters shows a significant divide among Japanese companies regarding AI adoption. Of the 250 firms that responded, 24% have integrated AI into their operations, while 35% plan to do so. However, 41% have no plans to implement the technology, highlighting varying levels of enthusiasm for AI across corporate Japan. Key motivations for adopting AI include addressing workforce shortages, reducing labour costs, and accelerating research and development.
Despite Japan’s initially laid back approach to AI regulation, several obstacles hinder AI adoption, including employee anxiety over potential job losses, lack of technological expertise, high capital expenditure, and concerns about AI’s reliability. Cybersecurity also emerged as a critical issue, with 15% of respondents experiencing cyberattacks in the past year and 9% reporting attacks on their business partners. To enhance cybersecurity, 47% of firms outsource their defence, while 38% rely on in-house specialists.
The survey also touched on the controversial topic of Japan’s surname law, which mandates that spouses use the same surname. Half of the respondents support changing the law, a move prompted by the Keidanren business lobby’s recent appeal to the government. Supporters argue that the current system undermines individual dignity and freedom, particularly for women, while opponents believe separate surnames could weaken family bonds. Only 14% of firms believe the change would boost employee morale, and 10% think it would aid hiring efforts, with the majority expecting no significant impact on business.
The UK government plans to introduce a Cyber Security and Resilience Bill to enhance national cyber-resilience, as announced in the King’s Speech on 17 July 2024. The bill aims to strengthen defences and protect essential digital services, focusing on critical infrastructure providers and expanding the scope of current regulations.Plans Cyber Security and Resilience Bill to Protect Critical Infrastructure
The new legislation will introduce mandatory ransomware reporting, helping authorities better understand the scale of the threat and alert them to potential attacks. It also grants new powers to regulators and extends the scope of existing regulations to include more digital services and supply chains. This initiative responds to heightened cyber threats, such as recent high-profile cyber-attacks on the NHS and the Ministry of Defence.
According to Stuart Davey of Pinsent Masons, the bill builds on previous efforts to reform the UK’s NIS regime. Dominic Trott of Orange Cyberdefense emphasised the importance of updating the regulatory framework to protect supply chains, a significant threat vector for attackers. Martin Greenfield of Quod Orbis added that the bill would help the Labour government deliver on its promise to boost economic growth.
A separate Digital Information and Smart Data Bill will be introduced, incorporating many measures from the Data Protection and Digital Information Bill, which failed to pass in the last parliament. This move aims to create a more secure and prosperous digital economy.
The US Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch a critical vulnerability in the GeoTools plugin of GeoServer by 5 August 2024. This open-source server, written in Java, is used for sharing, processing, and editing geospatial data.
The remote code execution (RCE) flaw, identified as CVE-2024-36401, is actively exploited in the wild. It allows unauthenticated attackers to execute code remotely via specially crafted input.
CISA added GeoServer CVE-2024-36401 to its Known Exploited Vulnerability Catalog https://t.co/0jvga7TBFr
We first observed CVE-2024-36401 "POST /geoserver/wfs" exploitation July 9th in our sensors. Check for signs of compromise & patch https://t.co/CTcIZzwtsI
— The Shadowserver Foundation (@Shadowserver) July 16, 2024
GeoServer maintainers have addressed the issue in versions 2.23.6, 2.24.4, and 2.25.2, urging users to upgrade immediately.
Why does it matter?
Despite the unclear origin of the exploitation, a proof-of-concept code for this vulnerability surfaced recently online. The Shadowserver Foundation detected exploitation signs on July 9, advising users to check for compromises and apply patches. While the CISA directive targets federal agencies, it is also recommended for private enterprises to follow suit for enhanced security.
Romania is experiencing a surge in DDoS attacks from various hacktivist groups, according to recent research by ASERT. The attacks, which began intensifying on 2 June 2024, coincide with Romania’s potential transfer of Patriot missiles to Ukraine. On that day, Romanian websites suffered 352 direct-path attacks, peaking at 1016 on 5 June.
Several hacktivist groups, including CyberDragon and the Cyber Army of Russia, have claimed responsibility for the attacks. The primary targets are government entities, with the banking sector being the second most affected. The escalation is also linked to Romania’s discussions with South Korea about expanding defence cooperation and its involvement in arms exports to Europe.
ASERT warns that the intensity of these attacks is likely to continue, particularly following Romania’s agreement to send a Patriot missile system to Ukraine on 20 June 2024. The increasing threat highlights the need for robust DDoS protection solutions to ensure the availability of crucial websites and services.
NullBulge, which promotes artists’ rights and opposes AI-generated artwork, disseminates the stolen data via its blog using torrent file-sharing systems. The group’s origins and connections are disputed, with SecureWorks noting a lack of evidence for their claim of being Russian and highlighting the English language used in their communications. There are also rumored links to the LockBit ransomware gang.
Cybersecurity experts warn of the lasting impact of such breaches. Jake Moore from ESET emphasised the devastating effects of compromised email accounts, while Adam Pilton from CyberSmart cautioned against the dangerous precedent set by vigilante actions against large corporations. The incident underscores the vulnerability of even the biggest companies to cyberattacks and the persistent challenge of securing sensitive information.
Rite Aid, one of the largest drugstore chains in the US, has reported a significant data breach affecting over two million customers. Attackers gained access by impersonating a Rite Aid employee, compromising the company’s systems in early June 2024. Despite detecting the breach within 12 hours, sensitive customer data was stolen, including names, addresses, dates of birth, and government IDs. The company confirmed no Social Security numbers or financial details were accessed.
In response, Rite Aid has contacted affected individuals and reported the incident to law enforcement and regulatory bodies. The breach notification letter emphasises that additional security measures are being implemented to prevent future incidents. The breach affected customers who purchased between 6 June 2017 and 30 July 2018.
The RansomHub ransomware group has claimed responsibility for the breach, stating they stole 10GB of sensitive data from Rite Aid’s networks. The group posted the stolen data on their dark web blog, showcasing their latest victims. Rite Aid acknowledged the breach as a “limited cybersecurity incident” and is finalising its investigation.
Rite Aid, headquartered in Philadelphia, operates over 2,300 locations across the US and serves 1.6 million customers daily. The company reported revenues exceeding $24 billion in 2023 and employs around 51,000 people. The breach has raised significant concerns about data security within the retail industry.
Wiz, founded in Israel and now headquartered in New York, is known for its cloud-based cybersecurity solutions powered by AI. With about $350 million in revenue in 2023 and serving 40% of Fortune 100 companies, Wiz has quickly become one of the fastest-growing software startups globally. Recently, Wiz raised $1 billion in a funding round, valuing the company at $12 billion.
The potential acquisition comes amid increased regulatory scrutiny of large tech companies under President Joe Biden‘s administration. Despite the investigation, the technology sector has seen a surge in mergers and acquisitions, with tech deals jumping over 42% year-on-year to $327.2 billion in the first half of the year. Alphabet’s interest in Wiz follows its decision not to pursue a takeover of online marketing software company HubSpot.
The stolen information includes telephone numbers of AT&T wireline customers and other carriers, numbers interacting with AT&T or MVNO wireless numbers, interaction counts, and aggregate call durations. Cell site identification numbers were also exposed to some records. While the records did not contain sensitive personal information like customer names or Social Security numbers, the communications metadata can potentially be used to derive identities.
After discovering the breach, AT&T collaborated with cybersecurity experts and law enforcement, including the FBI and the Department of Justice. Public notification was delayed twice due to potential national security risks. AT&T has since implemented additional cybersecurity measures and plans to notify affected customers. The company states that there is no evidence the accessed data has been made publicly available and that this incident is unrelated to the 2021 data breach impacting 51 million customers.
The breach adds AT&T to a growing list of high-profile victims, including T-Mobile, which suffered multiple data breaches. Snowflake, the cloud-based database provider used by AT&T, has introduced mandatory multi-factor authentication to prevent future breaches.
Australia has instructed all government entities to review their technology assets for risks of foreign control or influence. The directive aims to address increasing cyber threats from hostile states and financially motivated attacks. The Australian Signals Directorate (ASD) recently warned of state-sponsored Chinese hacking targeting Australian networks.
The Department of Home Affairs has issued three legally-binding instructions requiring over 1,300 government entities to identify Foreign Ownership, Control or Influence (FOCI) risks in their technology, including hardware, software, and information systems. The organisations in question must report their findings by June 2025.
Additionally, government entities are mandated to audit all internet-facing systems and services, developing specific security risk management plans. They must also engage with the ASD for threat intelligence sharing by the end of the month, ensuring better visibility and enhanced cybersecurity.
The new cybersecurity measures are part of the Protective Security Policy Framework, following Australia’s ban on TikTok from government devices in April 2023 due to security risks. The head of the Australian Security Intelligence Organisation (ASIO) has highlighted the growing espionage and cyber sabotage threats, emphasising the interconnected vulnerabilities in critical infrastructure.
The Nigerian Government has announced the development of a locally-made blockchain called ‘Nigerium’, designed to secure national data and enhance cybersecurity. The National Information Technology Development Agency (NITDA) is leading this initiative to address concerns about reliance on foreign blockchain technologies, such as Ethereum, which may not align with Nigeria’s interests.
NITDA Director General Kashifu Abdullahi introduced the ‘Nigerium’ project during a visit from the University of Hertfordshire Law School delegation in Abuja. He highlighted the need for a blockchain under Nigeria’s control to maintain data sovereignty and position the country as a leader in the competitive global tech landscape. The project, proposed by the University of Hertfordshire, aims to create a blockchain tailored to Nigeria’s unique requirements and regulatory framework.
The indigenous blockchain offers several advantages, including enhanced security, data control, and economic growth. By managing its own blockchain, Nigeria can safeguard sensitive information, improve cyber defence capabilities, and promote trusted transactions within its digital economy. The collaboration between the private and public sectors is crucial for the success of ‘Nigerium’, marking a significant step towards technological autonomy.
If successful, ‘Nigerium’ could place Nigeria at the forefront of blockchain technology in Africa, ensuring a secure and prosperous digital future. This initiative represents a strategic move towards maintaining data sovereignty and fostering innovation, positioning Nigeria to better control its technological destiny.
