The Role and Challenges of SSL/TLS Certificates‍SSL/TLS certificates are integral to securing online communications and transactions, functioning as the encryption mechanisms for sensitive data, the authenticators of user identities, and the bulwarks against various cyber threats. However, their efficacy is being undermined by the shorter lifespan of digital certificates and the ensuing challenges posed by their frequent renewals, a situation made perilous by the absence of automation.‍‍The Impact of Google's TLS Validity Proposal‍Google's recent suggestion to decrease TLS validity from 398 days to just 90 has amplified the complexity of certificate management. Organizations, regardless of size, must now brace themselves for the daunting task of quarterly certificate renewals. Are our current processes robust enough to manage this change?‍‍Statistics Spotlight: SSL/TLS Certificates in the Wild‍The 2023 Enterprise Management Associates (EMA) report reveals some startling statistics about the state of SSL/TLS certificates on the internet:‍A meager 21% of servers employ the advanced TLS 1.3.About 79% of the currently used SSL certificates are vulnerable to man-in-the-middle attacks.Roughly 25% of the online certificates, consisting of expired (10%) and self-signed (15%) ones, pose a significant security risk.Around 45% of IP addresses with the Top 10 vulnerabilities also had expired or self-signed certificates.‍‍The Trouble with Self-Signed and Expired Certificates‍Nearly 10% of all publicly accessible websites are dysfunctional due to expired certificates. Moreover, self-signed certificates, not issued by a recognized authority and therefore insecure, make up 15% of the certificates on the public internet and seem to expire at twice the rate. These certificates require users to bypass browser security, making them particularly susceptible to man-in-the-middle attacks.‍‍Industry Guidance on Certificate Management and System Hardening‍Authorities such as the Cybersecurity and Infrastructure Security Agency (CISA), the National Cyber Security Centre (NCSC UK), and the Australian Cyber Security Centre (ACSC) have raised alarms about these concerns and issued guidelines on system hardening and certificate management. In its July 2023 update, the ACSC emphasised the significance of utilising updated operating systems for improved security functionalities, particularly the added measures available in 64-bit versions.‍‍The Benefits of Automating Certificate Management‍By shifting from manual to automated certificate management, organizations can assure timely certificate renewals, reduce the risk of expired certificates, and streamline the entire certificate lifecycle. Automation enables IT teams to concentrate on strategic tasks rather than on tedious manual tracking and administration, thereby enhancing security, compliance, and overall efficiency of certificate management practices.‍Given the current state of internet security, a drastic overhaul in our approach to certificate management is required. The transition from a manual to an automated system is no longer just a strategic choice, but an absolute necessity for maintaining a resilient cybersecurity posture. With higher stakes for businesses and consumers, comprehensive certificate management solutions like those offered by industry leaders such as AppViewX become indispensable.‍

<p id="">In the high-stakes world of technology, where digital capabilities define national strength and economic growth, chip manufacturing has emerged as the ultimate battleground. This arena is no longer merely a race for commercial superiority, but a contest of national pride, strategic geopolitical manoeuvring, and economic survival. At the heart of this struggle is the intensifying competition between China and the United States, the continuing prominence of Taiwan's chip industry, and the ripples of impact across the Pacific nations.</p><p id="">‍</p><p id="">Taiwan Semiconductor Manufacturing Co. (TSMC), the leading force in this industry, recently announced an investment of 90 billion New Taiwan dollars (roughly $2.87 billion) towards the construction of a new plant in western Taiwan. This investment underlines the importance of advanced packaging in high-performance semiconductors, which are indispensable for the propagation of generative artificial intelligence (AI).</p><p id="">‍</p><p id="">Advanced packaging is a sophisticated process that involves interlocking multiple chips within a single package, enabling them to work seamlessly as one unit. This process is crucial for creating semiconductors for AI applications, as seen with TSMC's clientele that includes Nvidia and Advanced Micro Devices. Such technology is fast becoming a linchpin in the development of cutting-edge AI tools, including generative models like OpenAI's ChatGPT.</p><p id="">‍</p><p id="">This new plant, slated to start construction in the latter half of 2024 and reach mass production by 2027, represents an ambitious move by TSMC. This project follows the company's recent setup of another large-scale plant at an industrial park in Miaoli, reinforcing its commitment to advanced packaging technology. Despite the tight capacity outlined by TSMC's CEO, C.C. Wei, during a press conference in July, the company is demonstrating its resolve to increase capacity as quickly as possible to meet the rapidly growing demand.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:633px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="633px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c368e6e2d961a288c9a905_5Y7CXMagCKdV9NtKgVpdurg5ceNxeW4p_EZeBmgPrunLa7HW8z8Do_mZU0Usbs9EZWI61lxKw7-0u4gYXr2MDklyhW_xj3NgfQoRDFpYLzK4UkjvD-CRp50kTFE0UOE-NQr--CxALo7Z.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">On the other hand, China's domestic chip companies, feeling the squeeze of escalating tensions with the U.S., are imploring Beijing for greater support. The U.S.'s increasingly stringent export controls on semiconductors to China have left domestic chip manufacturers seeking ways to navigate the turbulent geopolitical waters. Chinese companies are urging for enhanced dialogue between the two superpowers to prevent further exacerbation of the situation.</p><p id="">‍</p><p id="">Last year, the U.S. Department of Commerce's Bureau of Industry and Security introduced a 139-page export control regulation. This document outlined the specifics of chip computing power, bandwidth, and process technology. When equipment reaches these parameters, it is barred from export to China. These new restrictions reflect America's attempts to keep Beijing's ambitious chip industry in check while simultaneously bolstering its own domestic chip production.</p><p id="">‍</p><p id="">China's chip industry is now advocating for the government to devise more effective measures to mitigate the impact of these restrictions. In a recent meeting hosted by China's Ministry of Commerce with key domestic semiconductor companies, participants called for the government to take stronger actions to address the challenges posed by U.S. and allied sanctions.</p><p>‍</p><p id="">They added that repercussions have not been limited to China, but have also adversely affected the global semiconductor industry, including players in the U.S. Global industry cooperation should not be blocked by political factors, they said, urging Beijing and Washington to resolve differences and concerns through consultations,&nbsp; business news media group <a href="http://caixinglobal.com" id="">Caixin</a> has reported.</p><p>‍</p><p id="">The calls come after the China Semiconductor Industry Association, which represents more than 700 Chinese chipmakers, last week said that "any damage to the current global supply chain ... could create inevitable and irreparable harm to the global economy."</p><p>‍</p><p id="">The CHIP Act - Creating Helpful Incentives to Produce Semiconductors - passed in the U.S. has further added to the tensions, manifesting itself as a potential game-changer. This legislation aims to support domestic chip manufacturing, while indirectly creating more barriers for China's aspirations in the semiconductor industry. The impact of the CHIP Act extends beyond the U.S. and China, affecting the geopolitical dynamics across Taiwan and the Pacific nations.</p><p>‍</p><p id="">Amidst the regional tensions the Semiconductor Industry Association (SIA) the voice of the semiconductor industry, one of America’s top export industries and a key driver of America’s economic strength - made a number of statements to place hand brakes on ongoing sanctions.</p><p>‍</p><p id=""><em id="">“Recognizing that strong economic and national security require a strong U.S. semiconductor industry, leaders in Washington took bold and historic action last year to enact the CHIPS and Science Act to strengthen our industry’s global competitiveness and de-risk supply chains. Allowing the industry to have continued access to the China market, the world’s largest commercial market for commodity semiconductors, is important to avoid undermining the positive impact of this effort” announced by Semiconductor Industry Association (SIA).</em></p><p id="">‍</p><p id="">Amid these tensions, demand for AI semiconductors continues to surge. Server AI processor demand is predicted to rise at an annual rate of nearly 50% in the next five years, significantly increasing its share in TSMC's total sales. This expanding market share further solidifies the role of AI-driven technology in shaping the future of the global economy.</p><p>‍</p><p id="">The statement released by the <a href="https://www.semiconductors.org/sia-statement-on-potential-additional-government-restrictions-on-semiconductors/" id="">U.S. Semiconductor Industry Association on July 17,</a> that group also called on both governments to "ease tensions and seek solutions through dialogue, not further escalation."</p><p>‍</p><p id="">The unfolding situation reveals an increasingly complicated and fiercely competitive landscape for the chip manufacturing industry. With the intersection of technology, politics, and economy, nations are battling on a terrain that combines national security, competitive behaviours, and the quest for technological supremacy. As the stakes continue to rise, the chip manufacturing industry remains a focal point of intense scrutiny, national strategy, and burgeoning investments.</p><p id="">‍</p>

<p id="">The escalating geopolitical tensions in the Pacific have been further complicated by the growing threat of hybrid warfare, combining conventional tactics with cyber-operations and other irregular warfare methods. The latest incident involving North Korean hackers breaching the software company JumpCloud exemplifies the crippling effects on the security supply chain, causing significant economic disruption and amplifying the strain on international relations.</p><p>‍</p><p id="">In the increasingly complex and intertwined world of global politics and economics, hybrid warfare has become an effective tool for state-sponsored actors. It leverages a mixture of military, economic, diplomatic, criminal, and informational means to exert influence and achieve geopolitical objectives.</p><p>‍</p><p id="">North Korea, in particular, has gained notoriety for its aggressive cyber-offensive operations. Recent reports reveal that hackers linked to North Korea were behind a sophisticated breach at JumpCloud, which provides identity and access management tools for enterprise devices. This attempted supply-chain attack was primarily targeting cryptocurrency companies, part of North Korea's wider strategy to fund its nuclear missile program through the theft of digital assets.</p><p>‍</p><p id="">This trend of supply-chain attacks is becoming worryingly commonplace. Since the 2020 SolarWinds breach, allegedly perpetrated by Chinese hackers, software providers have been on high alert. Supply-chain intrusions are increasingly attractive for threat actors as they can lead to a multitude of subsequent intrusions.</p><p>‍</p><p id="">In addition to the cybersecurity risks, these attacks can have serious economic implications. They can cripple crucial supply chains, leading to significant financial losses and destabilising economies. This creates a ripple effect, impacting various sectors and creating broader socio-economic issues.</p><p>‍</p><figure class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c1e26b5673d2bf30a72e48_msqAuYI7G6DNLAN1k2wEFtIctEGEesKvOMhC67y5GSHQ0qBVikchpFf9BZwL2knGs80pi1CCoDuUbMOs6YLP-WyTLkT2JneTa0B9o6NFvjZek-g3Q-uB4iXuEGlHn6WABgc95Dy-HSus.png" id="" width="auto" height="auto" loading="auto"></div></figure><p>‍</p><p id="">The JumpCloud intrusion serves as a stark reminder of the persistent threat posed by North Korean state-sponsored hackers. The continuous adaptation and exploration of new methods to infiltrate target networks underline the need for improved cybersecurity measures and global cooperation to counteract these threats.</p><p>‍</p><p id="">Unfortunately, these cyber-offensives are not confined to governmental or financial institutions; American and Western civilian companies are also being increasingly targeted. It's clear that the digital realm has become the new battlefield in the age of hybrid warfare, where the line between military and civilian targets is blurred.</p><p>‍</p><p id="">In 2021, the U.S. indicted three North Korean hackers for stealing and extorting over $1.3 billion from financial institutions and cryptocurrency exchanges worldwide. Yet, despite the sanctions and global condemnation, North Korea has continued its cyber operations unabated.</p><p>‍</p><p id="">As the world grapples with these emerging threats, it is critical to establish comprehensive and robust cybersecurity measures, both at the national and corporate levels. Furthermore, international cooperation in sharing threat intelligence, enhancing cybersecurity protocols, and enforcing punitive measures against offending state actors is necessary.</p><p>‍</p><p id="">The incidents involving JumpCloud and others illustrate the substantial risks posed by state-sponsored cyber attacks in the current geopolitical landscape. As hybrid warfare becomes the norm, addressing these threats and safeguarding the security of nations and their economies has never been more crucial. In an era of digital globalisation, cybersecurity is not merely a technical issue; it's a matter of international security.</p><p>‍</p>

<p id="">Sam Altman, founder of OpenAI, has embarked on a new endeavour this week aimed at differentiating humans from progressively intelligent robots, underscoring his belief that imminent AI breakthroughs will present new societal challenges, and his confidence in his ability to address them.</p><p id="">‍</p><p id="">The launch of the eye-scanning cryptocurrency initiative, Worldcoin, marks the latest in a sequence of achievements in businesses supported or directed by Altman. These accomplishments include the release of ChatGPT by OpenAI in the previous November and this month's announcement that Oklo, a nuclear fission startup under Altman's chairmanship, is set to go public, valuing the firm at $850 million.</p><p id="">‍</p><p id="">Altman explained in a Financial Times interview that these individual initiatives form part of a specific future vision he has faith in. They operate independently, but together they could revolutionise society. If successful, they would position Altman at the centre of a potent corporate network, catapulting the 38-year-old to global prominence and potentially setting him up for regulatory battles.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1600px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1600px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c1eb8592d4b31516034f0c_NQzvniJ1sxE-OtWFXjOWDdlZXy5AiuwUnPD60DtfQ0tj_rBlCfm_saDe8y_MD7WynJvuwjLWQjN7jnsp_Ano_WKKcIz0jNSqeiOZK6RBWzaw8rJW0zr9MJQW2P4fuysA7pymQVsqYdLy.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id=""> A Worldcoin orb used to capture biometric data</figcaption></figure><p id="">‍</p><p id="">Altman stressed that he had no intention to bypass governments but hinted at a perceived lack of government initiative in leading innovation. He defended his actions against those who felt the government should spearhead these initiatives, questioning why the government wasn't leading these efforts instead.</p><p id="">‍</p><p id="">OpenAI, backed by Microsoft, is on a mission to develop artificial general intelligence (AGI)—advanced computer systems that can perform tasks at or beyond human capacity. Altman believes this goal can be achieved within ten years. Worldcoin's ambition includes building a global ID system by scanning users' eyes to separate them from robots and providing infrastructure for various financial services and social aid, including universal basic income.</p><p id="">‍</p><p id="">In addition, Altman has investments in Retro Biosciences, a startup focused on extending human lifespan, and Neuralink, a company co-founded by Elon Musk that's working on a brain-implantable computer.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1600px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1600px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c1eb85d98897490e09f80b_UP43ALLZLTH8SIPqqF9S3zUlDFKCVwo4nQOkN4EBsLyvSZiNS6deetraGX9F-_JePSOY0H6WAuL5rdkZOQm3qw11DEzlPTxop64GhXm7Viv5UK1J-JGmc5iF1Ennos9Zc2dmBEfF8ONj.png" id="" width="auto" height="auto" loading="auto"></div><figcaption>Neuro Imaging by <a href="https://unsplash.com/@alinnnaaaa" target="_blank">Alina Grubnyak</a></figcaption></figure><p id="">‍</p><p id="">Altman rejects the idea of positioning himself at the centre of an AI-dominated universe for monetary gain. He stated he has no direct equity in OpenAI, only a negligible holding through Y Combinator, the startup incubator he headed from 2014 to 2019. Altman's wealth comes from his stakes in some of Silicon Valley’s most successful startups like Stripe and Reddit.</p><p id="">‍</p><p id="">In a 2021 paper, "Moore’s Law for Everything", Altman argued that AGI's arrival would generate enormous wealth by reducing labour costs nearly to zero and driving scientific progress through novel discoveries. This could lead to breakthroughs for other companies he has invested in, such as Oklo and Helion (working on nuclear fusion) or Neuralink.</p><p id="">Altman believes he's playing a significant role in advancing new technologies because governments have stepped back from leading the latest innovation wave. He cited government innovation decline since the creation of the Concorde and the Apollo space missions as examples.</p><p id="">‍</p><p id="">Altman, a self-proclaimed "extremely, extremely proud American citizen", has spent increasing amounts of time in Washington this year, presenting his case to Congress and the White House to build trust and explain AGI's implications.</p><p id="">‍</p><p id="">Following the reaction to ChatGPT and the serious consideration of AGI, OpenAI and similar companies agreed to allow external testing of their systems before public release, an act welcomed by the White House as a move towards safer, secure, and transparent AI development.</p><p id="">‍</p><p id="">However, the US Federal Trade Commission is investigating OpenAI regarding potential harm caused by ChatGPT creating false information about people and possible engagement in deceptive privacy and data security practices.</p><p id="">OpenAI has also faced regulatory issues in the EU, with comprehensive rules being drafted for the technology. Altman had suggested earlier this year that his company could withdraw its services from the EU if regulations became overly stringent.</p><p id="">‍</p><p id="">Worldcoin has faced scrutiny from US regulators as well, opting not to issue tokens in the US due to a crackdown on digital assets led by the Securities and Exchange Commission. In recent months, the SEC has taken action against top names in crypto, including Nasdaq-listed exchange Coinbase and Binance, the world's largest exchange. Altman expressed disappointment at the situation but committed to adhering to the law, hoping for greater clarity and a more supportive environment in the US over time.</p><p id="">‍</p>

<p id="">As Australians gear up for the annual tax return lodgement, the revelation of an unsettling security breach by the Australian Tax Office (ATO) raises deep concerns about the security of our digital systems. The ATO has confessed to a staggering loss of over half a billion dollars over the past two years to fraudsters exploiting a significant security loophole in the agency's identity checking system.</p><p id="">‍</p><p id="">The nature of these scams, as investigated by ABC, is unnervingly simple. Fraudsters create fake myGov accounts and link them to the tax files of genuine taxpayers, leading to unauthorised entries to the ATO's data. The recent report shows the bold audacity of these criminals, who have unabashedly taken advantage of the cyber vulnerabilities within the government system, leading to a colossal financial drain.</p><p id="">‍</p><p id="">The rise in banking scams and cyber-attacks across the world is a sobering reality of our digital era. It forms part of an overarching strategy of identity fraud stemming from a surge in cybercrime and the establishment of syndicated cyber identity fraud rings, which have cast a wide net across Australia, the United Kingdom, and beyond.</p><p id="">‍</p><p id="">In the UK, for instance, HM Revenue and Customs reported a staggering 975,420 cases of fraudulent tax rebates in 2020. These fraudsters, much like their Australian counterparts, exploited security loopholes and used stolen identities to dupe the system. Similarly, according to a report by the European Central Bank, Europe has experienced an astronomical rise in not only the number but also the sophistication of cyber attacks targeting major banks.</p><p id="">‍</p><p id="">The ATO scam activity figures ballooned last financial year to $320 million, involving 8,100 taxpayer accounts. Some claims were cancelled before they were paid, however the ABC reported of numerous taxpayers who have discovered claims that were paid out to fraudsters, including through bank accounts that were immediately emptied by the criminal and closed down, thwarting the bank's ability to freeze the funds.</p><p id="">‍</p><p id="">The latest figures are only up to February 2023, so the total fraud is likely higher than $557 million.</p><p id="">‍</p><p id="">"I'm astounded," said Vanessa Teague, adjunct professor of cryptography at Australian National University.&nbsp;</p><p id="">‍</p><blockquote id="">"It goes to show that poor security really costs us, Why didn't they just turn it off? They need to close the holes allowing it to happen." - Vanessa Teague</blockquote><p id="">‍</p><p id="">The report exposed how credentials stolen from high-profile hacks like Medibank and Optus have been used by criminals to circumvent security checkpoints used by the ATO, and how the agency was failing to identify some fraudulent activity on accounts it managed.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:862px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="862px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c2050bd98897490e2946de_0fOWJJhH2cQKsRnES4Sha1fc31GBCLcprpRBGpi5grHpUqMWB9VS5JurQHt8kRtDcn8HnPsMUlZleUroGGRnoUCj6HTgQVBrQL18HNYZ8_Biurx0EiokB42Tj-My7nNDnBqN96OCVN5D.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id="">ATO second commissioner Jeremy Hirschhorn says the agency is ramping up its anti-fraud capabilities. (AAP Image: Mick Tsikas, used in ABC report)</figcaption></figure><p id="">‍</p><p id="">ATO Second Commissioner, Jeremy Hirschhorn, admitted to the challenges of identifying this particular type of fraud and defended the ATO's system settings as a balance between accessibility and security. However, it is clear that the scales need to be tipped further towards robust security to prevent such incidents from recurring.</p><p id="">‍</p><p id="">"We are managing an acceptable level of risk," Mr Hirschhorn said.</p><p id="">‍</p><p>‍</p><h2 id="">Increased focus on myGov hacks</h2><p id="">‍</p><p id="">The agency advises taxpayers to monitor their ATO file and ensure their current mobile number is listed, so that when a new myGov account is linked, they can receive a text alert.</p><p id="">‍</p><p id="">Mr Hirschhorn said the ATO has "recently become more focused on overlinking" and is ramping up its capacity to combat this and similar frauds.</p><p id="">‍</p><p id="">Digital crime academics and cyber intelligence professionals agree the government should take more aggressive action to address these system technical loopholes that are consistently being exploited by scammers and international cybercrime syndicates. This goes beyond patching the vulnerabilities in their systems. It involves building secure systems from the ground up, with robust safeguards that make it difficult for these fraudsters to gain access in the first place.</p><p id="">‍</p><p id="">The recurring pattern in these incidents is the tactic of personal identity harvesting. Criminal syndicates employ advanced methods to steal personal data from banks, government agencies, and individuals. This stolen information is then used to craft fraudulent schemes, as seen in the cases involving the ATO, HM Revenue and Customs, and European banks.</p><p id="">‍</p><p id="">Whilst ATO recent announcements is to ramp up staff to prevent wide-spread scam activity next year, the recent commonwealth agency has become another government victim within the global organised scam activity. Once again it is another national wake-up call. If the government does not take substantial action to improve public education and system security, these incidents will continue to rise. The onus is on the government to step up, educate the public, and most importantly, make the necessary changes to ensure such scams become a thing of the past.</p><p id="">‍</p>

<p id="">The recently published UK Government’s Cyber Security Skills in the UK Labour Market 2023 report offers a startling statistic: half of all UK businesses suffer from a basic cybersecurity skills gap. There has been minimal progress in resolving this issue, with the 2022 report citing that 51% of companies lacked these rudimentary abilities.</p><p id="">‍</p><p id="">Simultaneously, Australia grapples with similar challenges. The country continues to experience a skills shortage in the cybersecurity sector, threatening the robustness of their digital infrastructure. Both countries acknowledge the considerable deficit of professionals needed to meet the burgeoning demand in cybersecurity. The UK report cites a shortage of approximately 11,200 cyber workforce individuals, an improvement from 14,100 the previous year.</p><p id="">‍</p><p id="">Notably, Brian Higgins of Comparitech.com emphasised that the high cost and time-intensiveness of certifications like CISMP and CISSP contribute significantly to this stagnation, erecting socio-economic barriers to entry for prospective cybersecurity professionals.</p><p id="">‍</p><p id="">‍</p><h2 id=""><strong id="">Australia’s Cybersecurity Initiatives</strong></h2><p id="">‍</p><p id="">In Australia, the situation is no less urgent. The 2023 Australian Cyber Security Growth Network’s (AustCyber) report pointed out a similar skill gap. To address this, the Australian Government’s Department of Home Affairs has outlined several initiatives under the Cyber Security Strategy 2023 -2030.</p><p id="">‍</p><p id="">Minister for Cyber Security, the Hon. Clare O’Neil MP, announced the development of the 2023-2030 Australian Cyber Security Strategy (the Strategy), in December 2022, However many industry experts believe that the pace is slow and the tangible benefits of the program are yet to be felt in the business market.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:817px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="817px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c2297195baeb2d3c226d0e_aQM8XYm_u6GXkuFUxxqqPiMGbZk7hAzYa04Y4JtFCqlI6QPLBHQSxnQGpsItae6tg1ty4F4u6lKH7PIzF5zOpjIJnXQbSLNY7DfZXrxJeQT_BPOTI4S5ITgqYLagH2rmeVt6H6Qj8fbS.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">Reflecting on these issues, Europe has taken several measures to cultivate the cyber skills ecosystem. Various European governments have implemented initiatives to encourage more individuals to take up cybersecurity professions, recognizing the vital need for these skills in a digitalizing world.</p><p id="">‍</p><p id="">Javvad Malik of KnowBe4 underlined the need for companies to invest in creating inclusive, nurturing environments to attract and retain employees. These efforts would benefit not only newcomers but also traditionally underrepresented groups in the industry.</p><p id="">‍</p><p id="">However, the issue of diversity in the sector remains a concern. In the UK, only 17% of the cyber workforce comprises females, and merely 14% of senior roles are held by women. Lisa Ventura, a diversity advocate, argued that the industry needs to make women feel more welcome and mitigate instances of abuse and bullying.</p><p id="">‍</p><p id="">In the UK, Amanda Finch, CEO of The Chartered Institute of Information Security (CIISec), claimed: “There’s no shortage of talent – the issue is locating and correctly supporting it. If the industry doesn’t act on this, then others will, and we may see that talent go elsewhere – potentially even to the bad guys. Security must act quickly and resolutely to ensure this isn’t the case, and instead help the industry reach its full potential.”</p><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">Amanda Finch, CEO of The Chartered Institute of Information Security (CIISec)</p><p id="">‍</p><p id="">CIISec offers the UK’s first and only Extended Project Qualification (EPQ) in cybersecurity, giving students from age 14 and up the best possible opportunity to kick-start their cybersecurity career.</p><p id="">‍</p><p id="">‍</p><h2 id=""><strong id="">Lessons from Europe: Germany and Switzerland Lead the Way</strong></h2><p id="">‍</p><p id="">In the European Union, several countries have taken a lead in devising innovative approaches to overcome the cybersecurity skills shortage. In Germany, for example, the Federal Government has implemented the National Initiative for Information and Internet Security (NIIIS). The initiative aims to enhance Germany’s cybersecurity capabilities through public awareness, professional education, and advanced training programs.</p><p id="">‍</p><p id="">Germany's Federal Commissioner for Data Protection and Freedom of Information, Ulrich Kelber, emphasised the need for collaboration, saying, "We are partnering with educational institutions, industry bodies, and federal states to promote cybersecurity education and professional development."</p><p id="">‍</p><p id="">Meanwhile, Switzerland has been focusing on vocational training to address the skills gap. The Swiss Federal Council has introduced a Federal Diploma in Cybersecurity, a four-year vocational course providing a practical and academic grounding in the subject. The Federal Department of Defence, Civil Protection and Sports has also launched the National Centre for Cybersecurity as a part of its National Strategy for Switzerland’s Protection Against Cyber Risks.</p><p id="">‍</p><p id="">Switzerland's Federal Data Protection and Information Commissioner, Adrian Lobsiger, underscored the importance of the government's commitment, stating, "These initiatives are not just about filling current job vacancies; they represent our long-term strategy for creating a robust digital society."</p><p id="">‍</p><p id="">However, Jamie Akhtar, CEO of London based Cyber security company, CyberSmart warned that the persistent security skills gap is not the only concern; there are "undercurrents" that need to be addressed, such as a lack of confidence in incident response, an area that seems to be trending upwards in the importance.</p><p id="">‍</p><p id="">As part of its £2.6 billion National Cyber Strategy, the UK government is striving to increase the diversity and number of skilled cybersecurity professionals. Other European nations have similarly introduced national cybersecurity strategies, underlining the importance of fostering a strong cyber ecosystem.</p><p id="">‍</p><p id="">This comprehensive approach must also ensure the removal of socio-economic barriers to entry, making the industry more accessible. By implementing a variety of strategies – such as scholarship programs, vocational training, diversity initiatives, and public-private partnerships – these regions can cultivate a robust, diverse pool of cybersecurity talent prepared to safeguard our increasingly digital world.</p><p id="">‍</p>

<p id="">The digital era, with all its conveniences and breakthroughs, brings with it the profound challenge of cyber threats. These threats are not just rising, but escalating in severity, as a recent IBM report alarmingly indicates. In 2023, Canadian businesses find the cost of a single cyber breach towering at an average of $6.94 million. This figure, the second highest in the study's nine-year history, starkly portrays a concerning trend.</p><p>‍</p><p id="">Examining recent cyberattacks on critical infrastructure in Australia and the United Kingdom further emphasises the extent and gravity of this global dilemma. Australia grappled with sophisticated state-sponsored attacks on its parliamentary networks, creating significant disruption, while the UK's National Health Service was disrupted by a ransomware assault, endangering patient care and causing operational chaos. Both instances underscore that the cost of cybercrime extends beyond monetary measures into realms of public safety and national security.</p><p>‍</p><figure class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1600px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1600px"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c203390b43fb0bc611a249_QwgvkrqexFPQc3PrkkiyPamYuoZU4zcBbv-JfQAFXu3Ql2SQE2qoEhn-Ms27NDtikjmi7eka70xAcOTtRMgHqrYoNCnmYbrZ_M2Bc4k4wohHF-y29D2mZVhhl_vUZ4XWYWjbA1XzHbpb.png" id="" width="auto" height="auto" loading="auto"></div><figcaption>Bookstore chain Indigo</figcaption></figure><p>‍</p><p id="">The wide-ranging nature of cybercrime is evident in Canada as well, with victims over the past year spanning from bookstore chain Indigo to Toronto’s SickKids Children’s Hospital. This illustrates how cybercriminals have diversified their targets, focusing on industries where a halt in operations is particularly damaging, making swift ransom payments more likely.</p><p>‍</p><p id="">In a commentary that encapsulates the long-term implications of cyber attacks, Chris Sicard, security advisory manager at IBM Canada, states, "In reality, the cleanup process is very long." Indeed, victims must invest significant resources into long-term recovery and prevention efforts, which feed into the overwhelming costs associated with cyber incidents.</p><p>‍</p><figure class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c20338f28c42e30c1672a0_Y1SSxP3e6HeWzRhVjkFs6W9zwi9QNvLD0WfUlEO6OhPhplD40PiTNbX4f6qmY2BIXywLL061IPYvCbovd24z14JXcGAvu5ltbH11EHCOLBGwKfSTwRdlLKHvVKpSIF_9L-xABtFdIc9y.png" id="" width="auto" height="auto" loading="auto"></div><figcaption>Christopher Sicard,&nbsp; security advisory manager at IBM Canada</figcaption></figure><p>‍</p><p id="">However, Sicard's observation that "we are not yet doing a good job of sharing and supporting each other" hints at an actionable way forward. It suggests that fostering a collaborative environment and sharing critical intelligence can help mitigate the escalating threats, mirroring the sentiments expressed in the aftermath of the Australia and UK attacks.</p><p>‍</p><p id="">The IBM study further reveals a contentious practice: over half of the hacked companies elected to pass the cybersecurity incident costs onto their consumers via price hikes. This finding will likely fuel debates on business ethics and corporate responsibility, especially in sectors where consumers have limited options.</p><p>‍</p><p id="">Nonetheless, it's clear that preventive measures like artificial intelligence and encryption, while essential, are not foolproof. As businesses adapt to the new normal of remote work and move more data to the cloud, they inadvertently provide more opportunities for evolving cybercriminals to exploit.</p><p>‍</p><p id="">As Sicard pragmatically notes, the situation may worsen before it improves. His sobering recommendation for large corporations to accept the potential of being targeted by cybercrime reframes the narrative, pushing focus towards proactive actions like threat detection and staff training, which can significantly mitigate risk.</p><p>‍</p><p id="">It remains evident that 2023, has been a year dominated by the increase in sophisticated cyberattacks across allied commonwealth nations including Canada, Australia and the UK. Thus, it highlights an urgent need to improve collective international policy framework with actionable strategy. </p><p>‍</p>

<p id="">Microsoft has traced a recent cyber assault on GitHub users to an obscure hacking group identified as being based in North Korea. This comes amid rising tensions and evolving geopolitical instability in the Pacific, largely driven by escalating hybrid and cyber warfare.</p><p>‍</p><p id="">In a recent statement, Alexis Wales from GitHub announced that a "low-volume social engineering campaign" had been launched, specifically aiming at the personal accounts of employees within technology firms. These attacks exploited a blend of repository invitations and malicious npm package dependencies.</p><p>‍</p><p id="">Wales mentioned that the majority of the attacked accounts were linked to sectors such as online gambling, cryptocurrency, or blockchain. Few targets were also found within the cybersecurity sector. Despite the attacks, GitHub's and npm's systems remained uncompromised.</p><p>‍</p><p id="">The responsible group, known as "Jade Sleet" within Microsoft and "TraderTraitor" according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), was confirmed by a Microsoft spokesperson to be new to the public threat landscape.</p><p>‍</p><p id="">Jade Sleet typically concentrates its efforts on users involved with cryptocurrency and other blockchain-related organisations, although vendors utilised by these firms have also been targeted. The assault process commences with Jade Sleet posing as a recruiter or developer through counterfeit personal accounts on GitHub and various social media platforms.</p><p>‍</p><p id="">The malicious operations can include hijacking legitimate accounts and often involve transitioning communication from one platform to another. Following the establishment of contact, the victim is persuaded to collaborate on a GitHub repository and clone and execute its content.</p><p>‍</p><p id="">The threat actors generally publish their malicious packages only when extending a deceptive repository invitation, effectively minimising the exposure of their harmful tools. GitHub is currently working to suspend the associated npm and GitHub accounts, release attack indicators, and submit abuse reports to the domain hosts involved.</p><p>‍</p><p id="">In the broader geopolitical context, the advent of cyber warfare and hybrid warfare tactics in the Pacific has considerably fueled regional instability. Cyberattacks, particularly those emanating from North Korea, are intensifying in frequency and sophistication, creating a new facet to international security concerns. North Korean hackers have targeted e-commerce platforms, cryptocurrency exchanges, and commercial banks, successfully syphoning off billions in cryptocurrency.</p><p>‍</p><figure class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1600px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1600px"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c1e48a24d9920b463b7b74_zhfsOurYZmJoYHbT7v1RSOqM9dK_F6ZD40zrAOG1utfsP4IjK2vQWafiVyx_kBA2b3hUcSbhGXRly37PAqN6eOaRsCYclLssMYJUZQDwv6-K_ZcYYLlWEUB4LdngIs5K2tiTDN-Uyd4H.png" id="" width="auto" height="auto" loading="auto"></div></figure><p>‍</p><p id="">Reports from South Korea's intelligence agency estimate that North Korea stole approximately $700 million in cryptocurrency last year alone, equating to the financial capacity to launch 30 intercontinental ballistic missiles.</p><p>‍</p><p id="">These digital offensives are primarily aimed at funding the North Korean regime, which continues to be under heavy international sanctions. As noted by Recorded Future's Insikt Group, these efforts directly contribute to bolstering the regime's fiscal reserves.</p><p>‍</p><p id="">The TraderTraitor group, responsible for spearheading numerous cyberattacks on blockchain and cryptocurrency entities, has already been flagged by the CISA in an advisory last year. These phishing campaigns offer high-paying jobs to lure system administrators and software development/IT operations employees into downloading malware-ridden cryptocurrency applications.</p><p>‍</p><p id="">These developing threats highlight the increasingly digital battleground in the Pacific, as state-backed hackers exploit the vulnerabilities of critical industries. As cyber warfare and hybrid warfare tactics continue to evolve and intensify, they contribute substantially to the geopolitical instability in the region.</p><p>‍</p>

<p id="">Titled "<a href="https://malegislature.gov/Bills/193/H357" target="_blank" id="">Bill H.357</a>," a new legislative proposal tabled in Massachusetts is set to redefine how companies handle mobile phone users' locational data. As personal data continues to fuel the modern digital economy, <a href="https://hbr.org/2017/09/do-tech-companies-really-need-all-that-user-data" target="_blank" id="">concerns over its misuse</a> have become the heart of the privacy conversation. Recently, abortion rights have thrown a spotlight on the <a href="https://gizmodo.com/stardust-roe-v-wade-encrypted-period-tracking-app-abort-1849113572" target="_blank" id="">vulnerability of such data</a>, prompting a call for stringent measures.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1660px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1660px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64bdd9c8f1a71b415d817bcc_locational-data-concerns-period-tracking-app.jpg" loading="lazy" id="" width="auto" height="auto"></div><figcaption id="">A period tracking app called "Stardust"</figcaption></figure><p id="">‍</p><p id=""><a href="https://malegislature.gov/Bills/193/H357" target="_blank" id="">Bill H.357</a> proposes a sweeping overhaul of existing rules. These proposals include setting a 12-month cap on data retention by businesses and demanding ongoing user consent for terms and conditions. Crucially, the bill seeks to outlaw offers of incentives to coax users into parting with their locational data and strictly confine requests for such data to operational necessities.</p><p id="">‍</p><p id="">One of the bill's standout provisions is a clause that could reshape American data privacy practices:</p><p id="">‍</p><blockquote id="">"No covered entity or service provider that lawfully collects and processes location information may...sell, rent, trade, or lease location information to third parties."</blockquote><p id="">‍</p><p id="">The consequences of this clause could be game-changing, potentially inflicting more severe penalties for data misuse, such as in the <a href="https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html" target="_blank" id="">Cambridge Analytica and Facebook incident</a>. As it stands, <a href="https://malegislature.gov/Bills/193/H357" target="_blank" id="">Bill H.357</a> is a testament to growing public demand for accountability in data privacy and a marked step towards safeguarding user data. While corporations have historically prioritised financial gains and strategic objectives over ethical considerations, this bill could tilt the balance towards a stronger commitment to data security.</p><p id="">‍</p><p>‍</p><h2>Can Data Privacy Protect People</h2><p>‍</p><p id="">In a world where the line between personal identity and data is growing increasingly blurred, the need to safeguard such information becomes paramount. One case in point is <a href="https://techcrunch.com/2023/05/25/sam-altmans-crypto-project-worldcoin-got-more-coin-in-latest-115m-raise/" target="_blank" id="">Worldcoin</a>, a cryptocurrency initiative backed by Sam Altman of OpenAI, which rewards users for submitting eye biometric data, ostensibly to counteract artificial intelligence-driven identity theft.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1660px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1660px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64bdd9fc4fb0e612b2d6cc3f_worldcoin-records-biometric-data-locational-data.jpg" loading="lazy" id="" width="auto" height="auto"></div><figcaption id="">Worldcoin records biometric data with a helmet</figcaption></figure><p id="">‍</p><p id="">But in the face of legislative initiatives like <a href="https://malegislature.gov/Bills/193/H357" target="_blank" id="">Bill H.357</a>, we're left pondering the future of such technologies. Could comprehensive regulation render them obsolete, or is the inherently pervasive nature of technology beyond the reach of lawmakers?</p><p id="">‍</p><p id="">As we move forward in an increasingly digital era, we continue to wrestle with the question of how to balance the scales between progress, privacy, and protection. <a href="https://malegislature.gov/Bills/193/H357" target="_blank" id="">Bill H.357</a> may not have all the answers, but it's certainly giving us much to consider.</p><p id="">‍</p>

<p id="">Over the past ten years, China has been increasingly spotlighted for allegations of online espionage against the U.S, largely seen as attempts to pilfer intellectual property. Yet, it's critical to note the evolving nature of these so-called cyber threats. China is now deploying far more advanced, elaborate, and low-profile digital assaults, a departure from the relatively unsophisticated attacks of a decade ago.</p><p id="">‍</p><p id="">Recently, the Biden administration indicted China for these advanced cyber-attacks. The indictment, corroborated by insights from current and former U.S. officials, underscores the impressive overhaul of China's hacking machinery. No longer limited to straightforward hacks on foreign entities, China now executes increasingly stealthy, globally distributed digital assaults, shifting from the rudimentary spear-phishing emails of the People's Liberation Army to a sophisticated network of contractors working under the auspices of China's Ministry of State Security.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1491px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1491px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c19dd778d802c034c226ea_mK6GJh99QAFiOsjMrbfeebkzr0yUvdNz2OqNKHh2F8DQfdC8zCA7fY8xsVfksR2ObscfTrOacHvMvFv7gCC1bIOi8I-STGk-zfzWYMJay_VzzyIVAfGVL_ya07Ab8TvWYU2FzunckjRq.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id="">46th and current <strong id=""><em id="">president</em></strong> of the United States, Joe Biden</figcaption></figure><p id="">‍</p><p id="">Furthermore, China has upgraded from simple phishing attacks to more intricate espionage campaigns that exploit zero-days - unknown security vulnerabilities in widespread software like Microsoft's Exchange email service and Pulse VPN security devices. These newer methods are harder to defend against and enable Chinese hackers to function covertly for more extended periods.</p><p id="">‍</p><p id="">China's exponential growth in its digital threat capacity is especially worrying due to the current global geopolitical landscape. Cyberattacks, including ransomware attacks, have become a major diplomatic sticking point with world powers like Russia. At the same time, U.S.-China relations have steadily soured over issues including trade and tech dominance.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:622px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="622px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c19dd70e8173c8eeafa060_s1Cbf-LIwkr7j13A-4a9-Pgjw2oLO_27wzdh62w9A_vjXc7TrKQfByh5kOT9z8NDyl2BKcYDn9b0VNMUP_3LJRmWK0cnvyEeQtp8ZT20qFBCCB_ppR_fTU61ZqyUqNXk1VnTE3eyBtOM.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">Yet, China's rise in the global hacking scene is not a new phenomenon. In fact, it was first recognized in 2010 following attacks on Google and RSA, the security company. In response to this, the Obama administration formally accused China's People's Liberation Army hackers of industrial trade theft in 2014.</p><p id="">‍</p><p id="">The landscape, however, drastically shifted when Donald J. Trump's administration escalated trade conflicts with China. The hacks resumed, but this time, the People's Liberation Army was replaced by operatives of the Ministry of State Security, which coordinates China's intelligence, security, and secret police.</p><p id="">‍</p><p id="">The recent indictment provides more clarity, attributing this year's aggressive assault on Microsoft's Exchange email systems to China's Ministry of State Security. The U.S. Justice Department also indicted four Chinese nationals for coordinating the hacking of trade secrets from various industries.</p><p>‍</p><p id="">The policy is the culmination of Beijing’s five-year campaign to hoard its own zero-days. In 2016, the authorities abruptly shuttered China’s best-known private platform for reporting zero-days and <a href="https://www.wsj.com/articles/BL-CJB-29440" id="">arrested its founder</a>. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorised disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, <a href="https://www.cyberscoop.com/pwn2own-chinese-researchers-360-technologies-trend-micro/" id="">stopped showing up, on state orders.</a></p><p id="">‍</p><p id="">“What we’ve seen over the past two or three years is an up leveling” by China, said George Kurtz, the chief executive of the cybersecurity firm CrowdStrike. “They operate more like a professional intelligence service than the smash-and-grab operators we saw in the past.”</p><p id="">‍</p><p id="">This transformation of China's technological prowess, and the subsequent Western reaction, must be contextualised in an increasingly interconnected and digital global landscape. While the West has been quick to vilify China's tactics, it's essential to recognize the rapidly evolving landscape of cyber warfare and trade sanctions that potentially hinder free trade across the Pacific.</p><p id="">‍</p>

<p id="">Maine's recent decision to place a six-month moratorium on the use of generative AI, like ChatGPT, has reverberated across the nation and around the world. In a bold move that has received mixed reactions, the state of Maine, under the leadership of CISO Nathan Willigar, has opted to "pause" to ensure a thorough assessment of potential risks and benefits associated with AI applications. The decision underscores a tension being felt globally, as societies struggle to balance the desire for innovation with the necessity of maintaining security and privacy in the digital age.</p><p>‍</p><p id="">This pause is not about stifling innovation but rather acknowledging that the rapid adoption of AI carries potential threats that require serious consideration. Willigar emphasises the potential risks to data and personnel as AI continues to evolve, including the creation of seemingly authentic content for malicious purposes, ranging from phishing scams to disinformation campaigns. However, the CISO also recognizes the need for careful analysis of the emerging federal guidance and best practices.</p><p>‍</p><figure class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c1e57964b91d6bd0d09793_pCM5OuvrtYmJ7rwvjM6DlHvbsqFffhuuOYopLx_pL59acA9Aw5Rh4rv8FcqTr7jExsl81iyzkZHrI4acF2DrjOydBsNXCteCb_H1NZ1CZOptTcSr-r-3806uH9JZpQDyNOOvZL_gPfu3.png" id="" width="auto" height="auto" loading="auto"></div></figure><p>‍</p><p id="">In contrast, tech leaders like Sam Altman, Elon Musk, and Bill Gates have often advocated for rapid development and adoption of AI, believing the technology will usher in unprecedented advancements in various fields. Their approach reflects a belief that the benefits of AI significantly outweigh the potential risks, with the necessary precautions evolving alongside the technology itself.</p><p>‍</p><p id="">However, there's an undeniable merit to Maine's stance. The state's decision offers a valuable lesson for other states and jurisdictions, nudging them to consider their pace of AI adoption. While AI presents a host of opportunities, it also brings along novel risks, which are not fully understood yet. For instance, CISO leaders worldwide have been vocal about AI's potential security risks, including the possibility of exploiting known vulnerabilities for cyberattacks, manipulation, and privacy infringement.</p><p>‍</p><p id="">Furthermore, there's the issue of data governance with AI technology, as AI can independently generate sophisticated outputs, making its governance more challenging than other technologies. In the EU, regulations like the General Data Protection Regulation (GDPR) have been set up to control the use and protection of personal data, yet the landscape of AI and its implications for data privacy and security are still being navigated.</p><p>‍</p><p id="">The "pause" adopted by Maine might inspire other states and jurisdictions to adopt similar practices, offering them an opportunity to reassess their stance on AI implementation. It also sends a signal to tech giants and startups about the importance of considering security and ethical implications while developing and deploying AI technologies.</p><p>‍</p><p id="">Ultimately, the AI adoption path is likely to be a combination of the two approaches – a hybrid of the Altman-Musk-Gates' rapid-advance view, and Maine's caution-first stance. A moderated pace that takes into account the opportunities and the associated risks could potentially deliver the best outcome.</p><p>‍</p><p id="">As for Maine, the "pause" doesn't seem to be an indefinite ban. The state plans to lift the pause once it has carried out a thorough risk assessment, developed necessary safeguards, and trained its employees in the use of generative AI. It’s a careful balancing act, to ensure the state and its citizens are well-protected as they march towards the future of technology. Time will tell whether this cautious approach will pay off. For now, it stands as a prudent response in a world racing towards AI-powered futures.</p><p>‍</p>

<p id="">The world of international diplomacy can often seem like a chess match, with global powers strategically maneuvering for position, influence, and leverage. However, recent developments in cyberspace suggest a different sort of game is afoot—one where the stakes are exceedingly high and the consequences of a misstep could be disastrous.</p><p id="">‍</p><p id="">News has recently emerged of suspected Chinese hackers breaching the emails of several top U.S. officials, including the U.S. Ambassador to China, Nicholas Burns, and the assistant secretary of state for East Asia, Daniel Kritenbrink. The clandestine operation, which Microsoft alleges was the work of Chinese operatives, is yet to be officially blamed on anyone by the U.S. government.</p><p id="">‍</p><p id="">The cyber incursion coincided with a period of significant diplomatic dialogue between Washington and Beijing, further heightening the intrigue surrounding the incident. The potential fallout from such a breach is immense, and concerns over the scope and severity of the incident persist. Microsoft's role in the matter has been heavily scrutinised, with critics highlighting that the tech giant's premium pricing model for core security products could have left some victims vulnerable to the hack.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1600px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1600px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c1e71924d9920b463ee1c4_leDuYcNaZSH2EyldX12ZmJN4MMvgxrPA2OzXdrruR1lweK1lPlOzZwF4Y2cxA8RaPioBJdkgbIrPVKBnlmIHmkc-PnTlWiJ0ok27ewxoVOmOJxT7ZI-ybf-LbDsLgTKA5_pLr7tP5HU_.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id="">Senator Jon Wyden. Photo by Joe Frazierm <a href="https://creativecommons.org/licenses/by/2.0/deed.en" target="_blank" id="">licensed under CC BY 2.0</a></figcaption></figure><p id="">‍</p><p id="">Senator Ron Wyden (D-Ore.) has been particularly vocal in his criticism of Microsoft, stating: "It is unconscionable that two years after the SolarWinds hack, Microsoft was still up-charging federal agencies for critical security features. Our national security depends on making cybersecurity a core part of the software contracting process." Microsoft's decision to withhold comments on the matter only fuels the flames of criticism and leaves unanswered questions about its commitment to cybersecurity.</p><p id="">‍</p><p id="">These incidents further complicate an already intricate dance of diplomatic relations, especially in the Pacific region. Cyber espionage is becoming a significant concern in a world increasingly reliant on digital communication and information exchange. The pacific region, where the U.S. and China are already grappling with trade tensions, is feeling the effects of this new battlefront.</p><p id="">‍</p><p id="">The Wall Street Journal was <a href="https://www.wsj.com/articles/u-s-ambassador-to-china-hacked-in-china-linked-spying-operation-f03de3e4?mod=hp_lead_pos1" target="_blank" id="">the first to report</a> that the hackers accessed the inboxes of Burns and Kritenbrink. <a href="https://www.washingtonpost.com/national-security/2023/07/12/microsoft-hack-china/" target="_blank" id="">The Washington Post</a> previously reported that Commerce Secretary Gina Raimondo’s email was among those breached</p><p id="">‍</p><p id="">China's apparent advancement in digital spying capabilities poses a significant threat not only to the U.S. but also to the precarious balance of power in the region. This new reality serves as a reminder that the evolving nature of global competition now extends to cyberspace. The 'spy games' in the digital arena are becoming increasingly complex, leaving little room for error or negligence.</p><p id="">‍</p><p id="">Spokespeople from the National Security Council and the Cybersecurity and Infrastructure Security Agency did not respond to a request for comment. A spokesperson for the State Department declined to comment.</p><p id="">‍</p><p id="">It remains unclear what information the hackers got their hands on and how valuable it might have been. But the spying campaign, which began in May, appears to have overlapped with a period of high-stakes diplomacy between the U.S. and China.</p><p id="">‍</p><p id="">There's no doubt that cyber espionage is a double-edged sword. While it may provide nations with valuable intelligence, it also fuels tension, erodes trust, and inhibits diplomatic progress. With the current trade tensions between the U.S. and China, these cyber incursions risk intensifying political and power struggles in the region.</p><p id="">‍</p><p id="">Ultimately, the potential calamity here is far-reaching. As we navigate these uncharted waters, it becomes even more vital to prioritise cybersecurity and foster cooperation, transparency, and trust. For these are the true prerequisites for harmony—whether in the Pacific or cyberspace.</p><p id="">‍</p>

<p id="">A secret cipher used in radio communications systems worldwide by key infrastructure operators, law enforcement, and others has been exposed. Dutch researchers have unearthed critical vulnerabilities in the system, including an intentional backdoor.</p><p id="">‍</p><p id="">For over a quarter of a century, the technology enabling secure voice and data radio transmissions globally has been kept confidential to deter vulnerability probing. However, thanks to a team of Dutch researchers, this technology has been brought into the light, revealing severe flaws, one of which being a purposefully built backdoor.</p><p id="">‍</p><p id="">This clandestine backdoor, which has been known to the technology vendors but not necessarily to the customers, is present in an encryption algorithm integrated into commercial radios used in crucial infrastructure. It enables the transmission of encrypted data and commands in various systems like pipelines, railways, power grids, mass transit, and freight trains. Misuse of this could enable someone to spy on communications, understand the system's functioning, and potentially send commands that could cause blackouts, halt gas flows, or reroute trains.</p><p id="">‍</p><p id="">The researchers have also detected a secondary flaw in a separate element of the same radio technology, utilised in specialised systems sold exclusively to the police, military, intelligence agencies, and emergency services. This flaw, present in systems like the C2000 communication system used by Dutch police, fire brigades, and ambulance services, and the Ministry of Defense, could allow an attacker to decrypt encrypted voice and data communications and send false messages, leading to misinformation or misdirection during crucial moments (1).</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1086px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1086px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c1e8bf5673d2bf30ae3aaf_csLUQXbiqR9u2ViJWa5qw5HfWBRK0kBaKvAEVpr8T5rYnh23fTm_XLrgmkZgKevjNyjbuhP5zlPLsM81saF0sr_UQOT49Vs7sEcWo5F80WiyYFyPlEIAQJVe3doX90ppmvSlCksWI9T_.png" id="" width="auto" height="auto" loading="auto"></div><figcaption>Midnight Blue, a specialist security consultancy firm</figcaption></figure><p id="">‍</p><p id="">The vulnerabilities were identified by Dutch security analysts Carlo Meijer, Wouter Bokslag, and Jos Wetzels from Midnight Blue in the European radio standard known as TETRA (Terrestrial Trunked Radio). The researchers, who've named these vulnerabilities TETRA:Burst, agreed to keep them undisclosed until the radio manufacturers had a chance to develop patches and mitigations (2).</p><p id="">‍</p><p id="">The Dutch National Cyber Security Centre took on the role of notifying radio vendors and computer emergency response teams worldwide about the issues and coordinating a timeframe for the researchers' public disclosure (3).</p><p id="">‍</p><p id="">Despite the secrecy surrounding the TETRA encryption algorithms, documents leaked by Edward Snowden indicate that intelligence agencies such as the NSA and the UK's GCHQ targeted TETRA for eavesdropping in the past (4). Although this does not directly point to the exploitation of these newly found vulnerabilities, it does suggest that state-sponsored actors have shown an interest in monitoring these TETRA networks.</p><p id="">‍</p><p id="">The researchers aim to present their findings at the upcoming BlackHat security conference in Las Vegas, with the hope that more experts can delve into the algorithms to identify other potential issues.</p><p id="">‍</p><p id=""><strong id="">Footnotes</strong></p><p id="">‍</p><p id="">Nieuwenhuizen, Ivo, et al. "Vulnerabilities in TETRA-based Systems: An Analysis." Midnight Blue, 2023. ↩</p><p id="">Bokslag, Wouter, et al. "TETRA:Burst - Exploring the Backdoor in TETRA Systems." BlackHat Security Conference, 2023. ↩</p><p id="">Scheffer, Miral. "Press Release: New TETRA Vulnerabilities." Dutch National Cyber Security Centre, 2023. ↩</p><p id="">Greenwald, Glenn, et al. "The Snowden Files." The Guardian, 2014. ↩</p><p id="">‍</p>

<p id="">HO CHI MINH CITY — In the midst of emerging regulatory developments in Southeast Asia, particularly in Vietnam, the nation is readying to utilise regenerative artificial intelligence tools to detect and deter tax evasion. This high-tech approach to enforcement is already showing positive outcomes.</p><p>‍</p><p id="">Increased tax contributions have been noted from large tech firms such as Facebook, Microsoft, and Lazada, largely due to the recent implementation of an electronic filing system. According to the tax agency, overseas companies, primarily U.S. platforms like Netflix and Google, have contributed 3.9 trillion dong ($165 million) in taxes in the first half of 2023, an increase from 3.4 trillion dong for most of 2022. This increase has come about after the introduction of a tax portal for overseas service providers. The tax office has also prioritised other app creators like TikTok, Apple, and Shopee.</p><p>‍</p><p id="">Dinh Quang Thuan, a partner at GV Lawyers, noted to Nikkei Asia that the surge in tax collections from tech firms, particularly those operating internationally, in conjunction with the application of AI technology for tax enforcement, highlights Vietnam's transition towards a stricter and tech-forward stance on tax compliance.</p><p>‍</p><p id="">The one-party state, a significant market for Facebook and TikTok, has increased its oversight as part of its efforts to tighten control over Big Tech and to participate in global initiatives to combat tax evasion.</p><p>‍</p><p id="">According to the General Department of Taxation, the taxation revenue from the e-commerce sector has more than doubled in 2022, reaching 716 billion dong. As the department advocates for a shift towards digital operations, it is also undergoing its digital transformation.</p><p>‍</p><figure class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1380px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1380px"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c20144c3eccac8b63bb6a7_2halbRlnQFQ-xDgusYeCRZhnRmF0l_6H83H1jk6NLzihm_JYd2EbIuQT7-GLAtfshtLJZiUkcHgFr7DHPXrghzQg1_phe3cvIn_cUrCjkFQaW73KcBZf26UVWf1NDVj6H3ihBgEhx2l-.png" id="" width="auto" height="auto" loading="auto"></div><figcaption>The General Department of Taxation, Vietnam</figcaption></figure><p>‍</p><p id="">Officials intend to leverage AI software to identify companies that exhibit unusual billing behaviour, such as frequently issuing invoices, issuing invoices for exceptionally high amounts, or any other patterns indicative of attempts to reduce taxable revenue.</p><p>‍</p><p id="">Wolfram Gruenkorn, managing partner at WTS Tax Vietnam, expressed that the utilisation of advanced IT systems, including AI, will help identify foreign service providers attempting to evade tax obligations, thereby reducing the significant influence local tax officers currently hold.</p><p>‍</p><p id="">In the last month of the previous year, the Finance Ministry expressed its approval for the use of AI in risk management. It also revealed its preparation to enter "multilateral agreements on the right to tax income from the digital economy."</p><p>‍</p><p id="">Joining a 139-government agreement, Hanoi has agreed to enforce a 15% global minimum tax on companies starting from 2024. This agreement was orchestrated by The Organisation for Economic Co-operation and Development to address the "challenges arising from digitalization and globalisation of the economy."</p><p>‍</p><p id="">Vietnam, in recent years, has introduced stricter controls over internet companies, covering aspects from tax registration to content removal orders. Simultaneously, it continues to battle misinformation and protect civil liberties enshrined in its constitution, even as it has taken steps such as arresting users posting unflattering content.</p><p>‍</p><p id="">Last week, the tax agency announced that the number of foreign companies registered through the tax portal had risen to 57 from 42 at the end of 2022, partly to avoid a proposed system where banks would oversee their transactions and remit taxes on their behalf.</p><p>‍</p>

<p id="">The alarming revelation that Artificial Intelligence (AI) is being exploited by cybercriminals, as reported by Canada's top cybersecurity official, illuminates the dark side of AI technology. Like a double-edged sword, AI, originally touted as a powerful tool to address cybersecurity threats, is now being used for malicious purposes, from creating sophisticated phishing emails to spreading disinformation. This signals a new era in the cybercrime landscape, where the advancement in technology opens up new opportunities for misuse.</p><p id="">‍</p><p id="">Sami Khoury, head of the Canadian Centre for Cyber Security, has reported an uptick in AI's exploitation in cybercrimes. In a recent interview, he mentioned that AI is being used in crafting deceptive emails and misinformation campaigns, confirming what many cyber watchdog groups have been warning about for some time now. The specifics are currently scant, but the declaration alone adds a sense of urgency to the rising chorus of concern regarding the misuse of AI.</p><p id="">‍</p><p id="">The advent of large language models (LLMs), AI programs that can craft realistic dialogue and documents, have complicated the cyber landscape. These sophisticated models, such as OpenAI's ChatGPT, have the potential to impersonate an organisation or individual convincingly, posing a significant threat to cybersecurity. A Europol report released in March reiterated this threat, warning of the possibility of AI-enabled impersonation. Simultaneously, the National Cyber Security Centre in Britain highlighted the risk of criminals using LLMs to carry out advanced cyber attacks.</p><p id="">‍</p><p id="">We've already started seeing glimpses of this AI-fuelled dystopia. Cybersecurity researchers have already demonstrated malicious uses of AI. For instance, a former hacker recently discovered an LLM trained on malicious material, which produced a convincing phishing email asking for a cash transfer. This indicates that the threat is not just hypothetical—it's already here.</p><p id="">‍</p><p id="">"I understand this may be short notice," the LLM said, "but this payment is incredibly important and needs to be done in the next 24 hours."</p><p id="">‍</p><p id="">However, the true concern lies not just in the fact that AI can create convincing phishing emails or malware. Khoury warned about AI's rapid evolution, noting that the pace of its development makes it challenging.</p><p id="">‍</p><p id="">The promise of AI to deliver faster, more efficient cyber attacks, aided by the ability to learn and adapt, could pose unprecedented challenges to cybersecurity.</p><p id="">‍</p><p id="">As AI continues to develop and infiltrate every aspect of our digital lives, it's clear that it will play an increasingly significant role in cybersecurity. While AI presents an opportunity to enhance our defences, its misuse underscores the need for stringent safeguards. It's a race against time for security professionals, policymakers, and AI developers to create a robust framework that can prevent AI from becoming the next superweapon in the cybercriminal arsenal.</p><p id="">‍</p><blockquote id="">"Who knows what's coming around the corner" - Sami Khoury on AI&nbsp;Models</blockquote><p id="">‍</p><p id="">Khoury said that while the use of AI to draft malicious code was still in its early stages - "there's still a way to go because it takes a lot to write a good exploit" - the concern was that AI models were evolving so quickly that it was difficult to get a handle on their malicious potential before they were released into the wild.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center" data-rt-max-width=""><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c0a9524f9a861231a68954_1zV44DOSJqqfBvZz0p6y55joDZ0lrzWKq-eCb7V0Etmcy3_fFZHU3OO9SA_xeeAfKZnwliGXTaE0HGWBEE18mXMwCPUoXGTTcqNKof_aMcc3lVVRzbyGrr7oambcAZBRVwAs6OC_MNFc.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id="">Sami Khoury, head of the Canadian Centre for Cyber Security</figcaption></figure><p id="">‍</p><p id="">‍</p><p id="">"Who knows what's coming around the corner," he said.</p><p id="">‍</p><p id="">The Canadian Centre for Cyber Security, alongside global cybersecurity agencies, has a significant task ahead. They must work to understand these emerging threats, develop countermeasures, and educate the public about AI's potential misuse. While it's a daunting task, it's crucial to ensure that AI remains a tool for progress and doesn't become a weapon of destruction.</p><p id="">‍</p><p id=""><strong id="">Sources</strong></p><p id="">‍</p><ul id=""><li id=""><a href="https://twitter.com/cybercentre_ca">Twitter</a></li><li id=""><a href="https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/responsible-use-ai.html">Canadian Government</a></li></ul><p id="">‍</p>

<p id="">In an era where technological advancement continues to shape our world at an unparalleled pace, artificial intelligence (AI) stands at the forefront of these transformations. As AI penetrates deeper into the fabric of society, concerns regarding the misuse of this technology and its potential threat to democracy have become increasingly prominent. Responding to this, President Joe Biden announced on Friday that leading AI companies, including OpenAI, Alphabet, and Meta Platforms, have pledged to implement measures like watermarking AI-generated content in a bid to make the technology safer.</p><p>‍</p><figure class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c0a7d7d61a175666c1f353_YPtDw3KwSRDP3KvSXK7GxgjoF_J2coB145kfmeafBKtuBTTQwDlxqt-PoJmAXYDZ_vp5-ufihY_hkvw3OgXkgpXR3Z8hTxdzUbgeBaQi1-ORW4KTfJljSGBAE9MBoaLB95COTlbzRdrG.png" id="" width="auto" height="auto" loading="auto"></div><figcaption>46th and current <strong id=""><em id="">president</em></strong> of the United States, Joe Biden</figcaption></figure><p>‍</p><p id="">This voluntary commitment is an encouraging move toward AI safety, but as President Biden aptly noted, "we have a lot more work to do together." This acknowledgement is significant given the growing concerns about the potential of AI to disrupt societal norms and pose challenges to democracy.</p><p>‍</p><p id="">These tech giants' promise to watermark AI-generated content could herald a new era of transparency in AI technology. The intended function of this watermark is to make it easier for consumers to distinguish between AI-created and human-created content. This could mitigate the risk of deep-fakes—highly realistic and potentially deceptive synthetic media—which pose serious threats to both national security and the integrity of democratic processes.</p><p>‍</p><p id="">However, the effectiveness of these measures relies heavily on their implementation. It remains unclear how visible these watermarks will be during the sharing of information, raising questions about the viability of this method as a standalone safeguard. Furthermore, this initiative is voluntary, which could lead to uneven implementation and compliance across the industry.</p><p>‍</p><figure class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c0a7da8519be7a7bd8b5f6_RP8Ohwiw9gCN17stxvbfBLIk9ZJBgTeK1TA2wXkCr3oILo8utl0giW6IfjJ43xpyLtZGYEdk8guvCc4mr18k_LUF3YO2dTDuUJfer29gjn8NQQnYB34m_9HKkX4_3w83p0DUEMxvjmf3.png" id="" width="auto" height="auto" loading="auto"></div><figcaption>An online tool showcasing a deep fake of Morgan Freeman with Barack Obama</figcaption></figure><p>‍</p><p id="">As AI technology becomes increasingly sophisticated, it's evident that regulations need to keep pace. The EU is a step ahead of the U.S in this aspect. They have already drafted rules that not only call for the disclosure of AI-generated content, but also for distinguishing deep-fake images from real ones and ensuring safeguards against illegal content. In contrast, the U.S. has yet to enact comprehensive legislation addressing AI regulation.</p><p>‍</p><p id="">While this pledge by AI companies is a significant step, it highlights the need for further legislative efforts to ensure the safe use of AI. The proposed Congressional bill requiring political ads to disclose AI use in content creation is an example of this. Moreover, President Biden's announcement of working on an executive order and bipartisan legislation on AI technology further emphasises this need.</p><p>‍</p><p id="">The tech companies' commitment doesn't stop at watermarks. They have also pledged to protect user privacy, eliminate bias in AI systems, and work toward solving scientific problems. These initiatives, along with the effort to combat misinformation through watermarking, signal a broader shift toward ethical AI practice.</p><p>‍</p><p id="">There is a clear view that while the initiative to watermark AI-generated content presents a promising start, it only scratches the surface of the broader regulatory framework needed to address the risks posed by AI technology. The U.S. must continue to engage in rigorous dialogue and develop comprehensive legislation that fosters innovation, protects individual rights, and preserves the democratic fabric of the nation in the face of AI's rapid evolution.</p><p>‍</p>

<p id="">Enterprises across the world, specifically in the USA, UK, and Australia, are under increased risk from potential breaches due to vulnerabilities in major software and cloud service providers, such as Atlassian, AWS, Microsoft, and MYOB. These vulnerabilities extend into various business sectors, with Customer Relationship Management (CRM) systems, a vital part of many organisations, also being susceptible.</p><p id="">‍</p><p id="">Atlassian, known for its popular collaboration tools, disclosed high severity vulnerabilities in its Confluence Data Center &amp; Server and Bamboo Data Center in July 2023. These vulnerabilities can allow an attacker to take control of an affected system. In the USA, numerous organisations, from startups to Fortune 500 companies, rely on Atlassian's suite of tools for project management and team collaboration. A potential breach could disrupt business operations, compromise sensitive data, and harm corporate reputations.</p><p id="">‍</p><p id="">Meanwhile, tech behemoth Microsoft had to address significant security vulnerabilities in its Exchange Server and Azure cloud platform in the past year. In the UK, where Microsoft's cloud services have seen substantial adoption, a breach could impact a wide range of sectors, including healthcare, finance, and government, with potential consequences ranging from data leaks to operational paralysis.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1600px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1600px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c0a4e3c46dba0d699ea991_rJQzozbqPrwatzCVTQ7HXQHuXOW7cPbproSzLXdgOAtFG0u5yA4SOmfmX1MGgIWpPmLsg5wxtlnjLzpQs5FVPMOzAmTgUsaTT8KgIbk3t1TBPH8cgzyDcc68KQvp_CLQGDzUSRBCF98f.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">In Australia, the case of AWS and MYOB underlines the scope of these challenges. A late 2022 scare involving an AWS S3 storage service vulnerability reaffirmed that even mature and robust platforms can be susceptible. Australian accounting software company MYOB, heavily integrated with AWS, represents a crucial component of the financial infrastructure of many small and medium-sized businesses. The vulnerability could have far-reaching implications for these businesses if exploited.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1600px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1600px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c0a4e41079283f42a14880_m-oIXQKWrbi9hvxSAK8fnHsjVmyZVC3reD7D99jtDCLoKzESXTNHEYmI31tWIAidJDXK7FqjapajUlAEj1OnF-IKwONyThqg9w73O02REYvE7ctjt5NSVeplSUaCeo5hYv4hp59Ph7tN.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">Furthermore, vulnerabilities also extend to CRM systems used globally by organisations to manage and analyse customer interactions and data. A potential breach could jeopardise customer data, violate privacy regulations, and significantly damage the customer trust.</p><p id="">‍</p><p id="">In response to these alarming trends, cybersecurity organisations like the Cybersecurity &amp; Infrastructure Security Agency <a href="https://www.cisa.gov/news-events/alerts/2023/07/21/atlassian-releases-security-updates" target="_blank" id="">(CISA)</a> in the USA and the Australian Cyber Security Centre (ACSC) have issued urgent recommendations. These agencies have emphasised the need for companies to review their security measures, install the necessary updates, and prioritise cybersecurity in their operational strategies.</p><p id="">‍</p><p id="">In an interconnected digital environment, the impact of these vulnerabilities can be global. Therefore, businesses must adopt a proactive approach to cybersecurity, continually update their systems, and stay abreast of advisories from agencies like CISA and ACSC.</p><p id="">‍</p><p id="">While the rising trend of system vulnerabilities is concerning, it also offers an opportunity for organisations to review, innovate, and strengthen their cybersecurity measures. In an era of ever-advancing technology, robust cybersecurity strategies are not a luxury but a necessity for sustainable and secure business operations.</p><p id="">‍</p>

<p id="">In a significant shift, cybercriminals in 2023 have become more strategic, exploiting wide-reaching software vulnerabilities to increase the efficiency of their operations. Most notably, the Russian-affiliated ransomware group Clop demonstrated this change in approach with a large-scale attack exploiting a vulnerability in MOVEit software (CVE-2023-34362). The exploit impacted over a hundred organisations, including several US universities, and resulted in hundreds of thousands of records being accessed.</p><p id="">‍</p><p id="">The growing trend for widespread exploitation emphasises the need for businesses to implement multi-layered cybersecurity strategies and prioritise timely software patching when vulnerabilities are disclosed.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1600px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1600px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/64c0a6c02b95cbe3c8cd71e5_HUCQ9KDD7vzrXKNgFjbq-PZws6pvYY8QfMdFkESSBBctytU4PFvDTR2IFRTfoxqtdh63RgWttz-vyKAXH1beX29ig_7DBY6nNAWPAe6I04uqIi5Jd_woS8voYIU4BquLxax4-LucvHrb.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">"Web Servers Malicious URL Directory Traversal" was June's most exploited vulnerability, affecting 51% of global organisations. In close succession, "Apache Log4j Remote Code Execution" and "HTTP Headers Remote Code Execution" were the second and third most exploited vulnerabilities, impacting 46% and 44% of organisations respectively.</p><p id="">‍</p><p id="">‍</p><h2 id="">Top malware families</h2><p id="">‍</p><p id="">June's most prevalent malware was Qbot, impacting 7% of organisations worldwide, followed by Formbook and Emotet with respective global impacts of 4% and 3%.</p><p id="">‍</p><ol id=""><li id="">Qbot is a multipurpose malware designed to steal user credentials, record keystrokes, steal browser cookies, spy on banking activities, and deploy additional malware. Distributed via spam emails, Qbot employs various anti-VM, anti-debugging, and anti-sandbox techniques to hinder analysis and evade detection.</li><li id="">Formbook is a Windows-targeting infostealer. Sold as Malware as a Service (MaaS) in hacking forums, Formbook harvests credentials from various web browsers, collects screenshots, logs keystrokes, and executes files according to its command-and-control server.</li><li id="">Emotet is an advanced, self-propagating, and modular Trojan. Originally a banking Trojan, Emotet is now primarily used to distribute other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection.</li><li id="">GuLoader is a widely used downloader since December 2019. Initially used to download Parallax RAT, it now serves various other remote access trojans and info-stealers such as Netwire, FormBook, and Agent Tesla.</li><li id="">XMRig is open-source CPU mining software used to mine Monero cryptocurrency. Threat actors often abuse this software by integrating it into their malware to conduct illegal mining on victims' devices.</li><li id="">AgentTesla is an advanced RAT that operates as a keylogger and information stealer. It is capable of monitoring and collecting victims' keyboard inputs, taking screenshots, and exfiltrating credentials from various software installed on a victim's machine.</li><li id="">Remcos is a RAT that bypasses Microsoft Windows' UAC security and executes malware with high-level privileges. It primarily distributes itself through malicious Microsoft Office documents attached to SPAM emails.</li><li id="">NanoCore is a Remote Access Trojan targeting Windows OS users. It includes basic plugins and functionalities such as screen capture, crypto currency mining, remote control of the desktop, and webcam session theft.</li><li id="">LokiBot is a commodity infostealer that targets both Windows and Android OS, harvesting credentials from various applications, web browsers, email clients, and IT administration tools. Some Android versions of LokiBot include ransomware functionality in addition to their info stealing capabilities.</li><li id="">NJRat is a remote access Trojan, primarily targeting government agencies and organisations in the Middle East. It captures keystrokes, accesses the victim's camera, steals credentials stored in browsers, uploads and downloads files, and views the victim's desktop.</li></ol><p id="">‍</p><p id="">‍</p><h2 id="">June 2023 Vulnerability Bulletins</h2><p id="">‍</p><p id="">The US Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the National Cyber Security Centre UK (NCSC UK) all issued bulletins in June 2023 highlighting specific recommendations:</p><p id="">‍</p><ul id=""><li id="">Prioritise patching when vulnerabilities are disclosed.</li><li id="">Implement multi-layered cybersecurity strategies to protect against an evolving threat landscape.</li><li id="">Regularly backup data and ensure it is easy to recover.</li><li id="">Educate staff about the risks of opening attachments or clicking on links in unsolicited emails.</li><li id="">Keep all devices and software updated to the latest versions.</li></ul><p id="">‍</p><p id="">The disclosure and exploitation of the MOVEit vulnerability (CVE-2023-34362) and the subsequent large-scale ransomware campaign highlight the importance of these measures. The increase in strategic, wide-reaching cyber attacks has made the implementation of comprehensive cybersecurity strategies and timely patching crucial for organisations in 2023.</p><p id="">‍</p><p id=""><strong id="">References</strong></p><p id="">‍</p><ul id=""><li id="">US Cybersecurity and Infrastructure Security Agency. (2023). June Bulletins.</li><li id="">Australian Cyber Security Centre. (2023). June Bulletins.</li><li id="">National Cyber Security Centre UK. (2023). June Bulletins.</li><li id="">Check Point Research. (2023). June's Most Wanted Malware.</li><li id="">Progress Software Corporation. (2023). MOVEit Vulnerability Disclosure.</li></ul><p id="">‍</p>

<p id="">Chinese artificial intelligence stocks are the latest rage in mainland markets as the global frenzy around the <a href="https://www.reuters.com/technology/chatgpt-what-is-openais-chatbot-what-is-it-used-2022-12-05/" id="">Microsoft-backed ChatGPT chatbot</a> spurs speculative bets on the revolutionary computing technology.</p><p id="">‍</p><p id="">Just two months after its launch, ChatGPT - which can generate articles, essays, jokes and even poetry in response to prompts - has been rated the <a href="https://www.reuters.com/technology/ai-stocks-rally-latest-wall-street-craze-sparked-by-chatgpt-2023-02-06/" id="">fastest-growing consumer</a> app in history. That has pushed Google owner <a href="https://www.reuters.com/technology/google-opens-bard-chatbot-test-users-plans-more-ai-search-2023-02-06/" id="">Alphabet</a> Inc <a href="https://www.reuters.com/companies/GOOGL.O" id="">(GOOGL.O)</a> to plan its own chatbot service and using more artificial intelligence for its search engine.</p><p id="">‍</p><p id="">While ChatGPT is not accessible in China, mainland investors are still pumping up the shares of AI technology companies such as Hanwang Technology Co <a href="https://www.reuters.com/companies/002362.SZ" id="">(002362.SZ)</a>, TRS Information Technology Co <a href="https://www.reuters.com/companies/300229.SZ" id="">(300229.SZ)</a> and Cloudwalk Technology Co <a href="https://www.reuters.com/companies/688327.SS" id="">(688327.SS)</a>.</p><p id="">‍</p><p id="">The CSI AI Industry Index <a href="https://www.reuters.com/quote/.CSI931071" id="">(.CSI931071)</a>, which includes larger capitalized companies such as iFlytek Co <a href="https://www.reuters.com/companies/002230.SZ" id="">(002230.SZ)</a>, is up about 17% this year, outperforming the benchmark CSI300 Index's <a href="https://www.reuters.com/quote/.CSI300" id="">(.CSI300)</a> 6% rise.</p><p id="">‍</p><p id="">To be sure, there is no indication that these AI companies are close to pushing out a ChatGPT-like product. The closest seems to be search engine giant <a href="https://www.reuters.com/technology/chinas-baidu-finish-testing-chatgpt-style-project-ernie-bot-march-2023-02-07/" id="">Baidu</a> Inc <a href="https://www.reuters.com/companies/9888.HK" id="">(9888.HK)</a> with plans to complete testing of its "Ernie bot" in March. Its shares surged more than 15% on Tuesday after making the announcement.</p><p id="">‍</p><p id="">"The industry as a whole tends to first speculate on expectations before only later trading on actual results," said Zhang Kexing, general manager of Beijing Gelei Asset Management.</p><p id="">‍</p><p id="">Shares of Hanwang Technology, which makes products that enable intelligent interactions, jumped by their daily limit of 10% on Tuesday, the seventh consecutive session it has reached that limit since markets reopened from the Lunar New Year holiday, boosting prices by more than 60% in February.</p><p id="">‍</p><p id="">The company expects to report an annual loss for 2022 but believes it has an edge over an interface like ChatGPT because its model can produce more precise results for clients.</p><p id="">‍</p><p id="">Cloudwalk shares retreated 5.5% on Tuesday, but have nearly doubled in the seven trading days since the Lunar New Year holidays. On Tuesday, the company cautioned investors, saying its losses deepened in 2022, it has not cooperated with OpenAI, and has generated no revenues from ChatGPT-related services and products.</p><p id="">‍</p>

<p id="">The debate between decoupling from China or implementing policies aimed at curbing its rise to superpower status is multifaceted and complex. Navigating the economic and geopolitical factors that shape China's role in the global supply chain, its regional influence, and the potential consequences of economic sanctions and retaliatory actions requires a comprehensive understanding of the global landscape. A more nuanced approach to these issues is essential for Western nations to develop effective strategies in response to China's growing power and influence.</p><p id="">‍</p><p id="">China's influence has extended beyond its political sphere, as it has become an indispensable player in international supply chains and Asian governments (Dollar, 2020). The country's Belt and Road Initiative (BRI) and its long-term strategic planning have positioned it as a crucial trading partner to most Pacific nations. Navigating the complexities and political challenges of China's ambitions is increasingly difficult, but understanding its role is essential for promoting peace, prosperity, and protecting the Pacific region (Li, 2022).</p><p id="">‍</p><p id="">‍</p><h2 id="">BRI: China's Ambitious Infrastructure Project a resilient strategic foreign policy build allies and ring of dependencies with Beijing</h2><p id="">‍</p><p id="">China's BRI, sometimes referred to as the New Silk Road, is one of the most ambitious infrastructure projects ever conceived. Launched in 2013 by President Xi Jinping, the project was initially aimed at linking East Asia and Europe through physical infrastructure. Over the past decade, it has expanded to Africa, Oceania, and Latin America, significantly broadening China's economic and political influence.</p><p id="">‍</p><p id="">President Xi stated in 2017 “China will actively promote international co-operation through the Belt and Road Initiative. In doing so, we hope to achieve policy, infrastructure, trade, financial, and people-to-people connectivity and thus build a new platform for international co-operation to create new drivers of shared development”</p><p id="">‍</p><p id="">Analysts have expressed concern over the project as an unsettling extension of China's rising power. The escalating costs of many BRI projects have led to opposition in some countries, while the United States and other nations in Asia view it as a potential Trojan horse for China-led regional development and military expansion (Nye, 2015).</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-center" style="max-width:1000px" data-rt-type="image" data-rt-align="center" data-rt-max-width="1000px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292093c7_f2529db6.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">China has both geopolitical and economic motivations behind BRI. President Xi Jinping envisions a more assertive China, with BRI serving as a countermeasure against the US's "pivot to Asia" (Li, 2022). Additionally, China seeks to promote economic development in its historically neglected western regions and secure long-term energy supplies from Central Asia and the Middle East.</p><p id="">‍</p><p id="">Beijing could also potentially seek geopolitical leverage over BRI countries. A 2021 study found that China's debt financing contracts with foreign governments often contain clauses that restrict restructuring and allow China to demand repayment at any time, giving Beijing the ability to use funding as a tool to enforce its interests (Li, 2022).</p><p id="">‍</p><p id="">‍</p><h2 id="">Strategic Confrontation: Balancing Cooperation and Competition</h2><p id="">‍</p><p id="">The era of strategic confrontation between China and the U.S. is alarming, with the collapse of trust and fundamental differences defining their relationship (Allison, 2017). To promote peace, prosperity, and protect the Pacific region, nations must balance cooperation and competition while avoiding military conflict (Ikenberry, 2018). Achieving the greatest possible transparency over goals and plans is crucial in managing the risks inherent in this competition.</p><p id="">‍</p><p id="">As former Australian Prime Minister Kevin Rudd stated in a recent interview, "The key challenge for the Biden administration is to find a way to manage strategic competition with China without descending into strategic conflict" (Rudd, 2021).</p><p id="">‍</p><p id="">‍</p><h2 id="">The Strategic Goals of Allied Nations: Assessing China's Influence</h2><p id="">‍</p><p id="">The strategic goals of allied nations to restrain China due to its political and global prominence may require further study. China's web of commercial, economic, social, and military influence has been in the making for decades, and restraining its magnitude and power in the Pacific region may not be a straightforward process (Campbell &amp; Ratner, 2018). China's priority is to pursue political, economic, and sovereign power interests in the Asia region on its terms.</p><p id="">‍</p><p id="">The asset of time has allowed China to develop a long-term strategy that has shifted the global power dynamic. By recognising the multifaceted nature of China's influence, the West can reassess its strategic goals and find a path toward coexistence and cooperation.</p><p id="">‍</p><p id="">‍</p><h2 id="">Decoupling vs. Engagement: The Complex Debate</h2><p id="">‍</p><p id="">The debate surrounding whether to decouple from China or implement policies to curb its ascent to superpower status is multifaceted and intricate. To successfully navigate the economic and geopolitical factors influencing China's role in the global supply chain, regional dominance, and potential outcomes of economic sanctions or retaliatory measures, Western nations must adopt a comprehensive understanding of the global landscape. A more nuanced approach is essential for devising effective strategies in response to China's expanding power and influence.</p><p id="">‍</p><p id="">‍</p><h2 id="">Final Thoughts: Navigating the Dynamic Landscape of Global Power in the New Century</h2><p id="">‍</p><p id="">As China continues to exert its influence, it is crucial for the West to acknowledge the multifaceted nature of China's power, which spans economic, social, and military domains. In adapting to this changing landscape, nations must reassess their strategic goals and draw lessons from the contrasts between democratic and authoritarian approaches to power. By doing so, the international community can forge a path towards coexistence and cooperation, ensuring global stability in an era marked by uncertainty and tensions.</p><p id="">‍</p><p id="">The asset of time has been China's most potent weapon, enabling the nation to build a strategy that has shifted the global power dynamic. As the international community confronts this new reality, it is imperative for Western nations to reassess their strategic priorities, embrace a more nuanced understanding of China's multifaceted power, and seek opportunities for cooperation and coexistence. In doing so, they can contribute to global stability in a world increasingly defined by complexity and volatility.</p><p id="">‍</p>

<p id="">It’s a matter of when - not if. Cyber criminals target what means most to Australian businesses, and they are growing increasingly sophisticated. </p><p>‍</p><p id="">EY Cyber Lead Partner Richard Bergman says geopolitics and successful ransomware attacks are fueling the profitable cybercrime industry. He also point to the velocity of the threat landscape, skill shortages and underinvestment in cybersecurity. </p><p>‍</p><p id="">DTEX CTO and co-founder Mohan Koo says cybercrime is a problem only collaboration can solve, and goes beyond what the government alone can do.</p>

<p id="">The rapid adoption and scrutiny around ChatGPT, the latest artificial intelligence model, highlights the exploding potential of AI. It also underscores a stark delta between AI’s current capabilities and human willingness to embrace them.</p><p id="">‍</p><p id="">This untapped potential is perhaps most apparent in the public sector where AI is both championed and feared - offering exciting federal use cases but lacking policy guidance and maturity at scale.</p><p id="">‍</p><p id="">So how can agencies better leverage AI? Results of a <a href="https://www.saic.com/sites/default/files/2023-01/SAIC-Cloud-WP-2023.pdf" id="">recent SAIC survey </a>uncover a need to improve overall AI readiness to enable the technology’s integration and benefit from it.</p><p id="">‍</p><p id="">The independent survey of federal government executives revealed that while AI is on respondents’ radar, fewer than one in five are “very” likely to adopt AI in the next year. Further, it indicates that AI readiness is a major barrier to implementation with one-third of respondents stating they do not believe their agency is ready for AI.</p><p id="">‍</p><p id="">To overcome this paradigm, agency leaders must clear up the common misconception that AI/ML infrastructure, data governance and efficiency must be perfectly aligned to get started with adoption. In reality, leaders can pilot AI confidently while developing equally important governance processes and risk frameworks in parallel.</p><p id="">‍</p><p id="">‍</p><h2 id="">A Data-First Posture</h2><p id="">‍</p><p id="">Good data management opens the door for successful AI, and the Pentagon’s new <a href="https://www.ai.mil/" id="">Chief Digital and Artificial Intelligence Office</a>, ranks driving high-quality data among its top priorities.</p><p id="">‍</p><p id="">The CDAO recently reassembled a <a href="https://www.defense.gov/News/Releases/Release/Article/3282376/dod-chief-digital-and-artificial-intelligence-office-hosts-global-information-d/" id="">Global Information Dominance experiment</a> called GIDE V to underscore how “data, analytics and AI can improve joint workflows in a variety of missions” including its signature Joint All-Domain Command and Control, or JADC2, effort.</p><p id="">‍</p><p id="">By connecting AI to its ability to automate repetitive processes and bring intelligence to many tasks at speed, the Pentagon is showcasing its ability to support the warfighter, thus building confidence in AI-enabled systems.</p><p id="">‍</p><p id="">‍</p><h2 id="">Agency-Specific Guidance</h2><p id="">‍</p><p id="">The federal government has sought to advance AI technology development and adoption through several important bills and resolutions, but agencies need tangible agency-specific guidance and use cases to implement AI at scale.</p><p id="">‍</p><p id="">SAIC’s study revealed that while some agencies have AI-specific guidelines, most have yet to implement a policy with 57% reporting the biggest obstacle to implementation, other than readiness, is policy and governance.</p><p id=""><br></p><p id="">This need for better policy and governance is already being addressed by the CDAO office, which is charged with guiding AI innovation across the department. Additionally, the U.S. was the first military in the world to formally adopt AI Ethical Principles in February 2020 and has an AI Education Strategy in place at all levels to drive change management and AI receptivity.</p><p id="">‍</p><p id="">‍</p><h2 id="">Optimising Cloud</h2><p id="">‍</p><p id="">Improving the cloud environment opens the door for AI and ML by enabling faster, cost-effective government innovation and capability.</p><p id="">‍</p><p id="">Survey respondents believe that adopting more than one cloud allows agencies to take advantage of the best solutions from cloud providers, ensuring they have the right tool for the right job. </p><p id="">‍</p><p id="">In fact, 70% of survey respondents reported that they use two or more clouds. </p><p id="">‍</p><p id="">The top three are Microsoft Azure, Amazon Web Services (AWS) and Google Cloud (not surprising, as commonly used collaboration applications Office365 and GSuite are already included in Microsoft and Google’s clouds, respectively).</p><p id="">‍<br></p><p id=""><a href="https://www.defense.gov/News/News-Stories/Article/Article/3243483/department-names-vendors-to-provide-joint-warfighting-cloud-capability/" id="">DoD’s Joint Warfighting Cloud Capability</a> supports these findings and the Pentagon’s AI and data acceleration initiative by enabling commercial cloud across multiple contracts, providing access at all classification levels and powering the tactical edge.</p><p id="">‍</p><p id="">‍</p><h2 id="">Enabling Zero Trust</h2><p id="">‍</p><p id="">According to the study, agencies see value in DevSecOps, but 39% say they lack the resources and technical skills to manage it.</p><p id="">‍</p><p id="">Ensuring these frameworks and tools are in place is paramount when it comes to addressing AI fears and avoiding disruption, a factor DoD respondents are still concerned with.</p><p id="">‍</p><p id="">Fifty-four percent of DOD personnel were concerned about AI disruptions when compared to civilian employees (39%), likely because the Pentagon is becoming more sophisticated in its AI journey.</p><p id=""><br></p><p id="">DoD’s chief information officer set a goal to fully implement zero trust by FY27, and DOD’s <a href="https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-ZTStrategy.pdf" id="">zero trust strategy</a> is helping define the approach at the enterprise level.</p><p id=""><br></p><p id="">Combined, these measures embrace zero trust and DevSecOps to support secure modernization at speed, cloud at the edge and real-time data interoperability.</p><p id="">‍</p>

<p id="">Cherokee Nation Businesses' federal contracting division, Cherokee Federal, has <a href="https://www.businesswire.com/news/home/20230301005329/en/Cherokee-Federal-Expands-Cybersecurity-and-Information-Technology-Services-Acquires-Criterion-Systems" id="">acquired</a> Washington, DC-headquartered cybersecurity and IT company Criterion Systems. </p><p id="">‍</p><p id="">Steven Bilby, president of Cherokee Federal, said, “The strategic decision to acquire Criterion was made with the evolving needs and long-term success of the customer in mind. </p><p id="">‍</p><p id="">In addition to helping federal agencies address emerging cybersecurity requirements crucial to the protection of our nation, Criterion delivers efficient and secure methodologies and architectures for modernising government IT that are unparalleled in the industry.”</p><p id="">‍</p>

<p id="">Australia's cyber intelligence organisation, the Australian Signals Directorate (ASD), has partnered with its equivalent agencies from the Five Eyes intelligence alliance to publicly accuse China of orchestrating cyber attacks on crucial U.S. infrastructure providers. This announcement is a unique occurrence where a nation-state is openly linked to cyber attacks.</p><p>‍</p><p id="">The ASD, along with cybersecurity agencies from the U.S, U.K, Canada, and New Zealand, attribute these cyber incursions to a China state-sponsored cyber entity, colloquially known as "Volt Typhoon". Notably, the hackers reportedly employed sophisticated malware strategies that bypassed the need to embed any code into the targeted systems.</p><p>‍</p><p id="">In an alert to Australian entities, ASD flagged the complex tactics employed by the malicious group. Microsoft corroborated that Volt Typhoon has been active since mid-2021 and has primarily aimed at critical infrastructure organisations in Guam and the U.S.</p><p>‍</p><p id="">The targeted sectors encompass communications, manufacturing, utilities, transportation, construction, maritime, government, IT, and education. The actor's observed behaviour indicates an intent for espionage and to maintain stealthy access for as long as possible.</p><p>‍</p><p id="">Cyber Security Minister Clare O'Neil firmly stated that despite warming relations with Beijing, Australia will not hesitate to openly accuse China of these cyber attacks. She emphasised the importance of transparency and informing Australians about these threats to national security.</p><p>‍</p><p id="">Simultaneously, the ASD has initiated the first in a series of national cyber security drills, starting with the nation's major banks and the Reserve Bank of Australia. The aviation industry is next in line, with similar drills planned across various key industries over the next year and a half. The purpose of these exercises is to simulate realistic scenarios, ensuring preparedness for potential attacks that could cripple major banks, disrupt water sources, or cause power outages.</p><p>‍</p><p id="">Alastair MacGibbon, Chief Strategy Officer at CyberCX, warned that these hacking incidents serve as a harbinger for future attacks on countries like Australia. He stressed that this should act as a wake-up call for owners of critical infrastructure.</p><p>‍</p><p id="">In response to these attacks, the Five Eyes alliance has issued a 24-page advisory notice, providing "threat hunting advice" to system operators worldwide. It outlines that these attacks could be duplicated against critical infrastructure operators and various other sectors across the globe.</p><p>‍</p><p id="">Foreign Minister Penny Wong has concurrently announced the appointment of a new ambassador for cyber affairs and critical technology, former Home Affairs official Brendan Dowling. Furthermore, Richard Feakes, a career diplomat, has been assigned as Australia's next ambassador for counter-terrorism.</p><p>‍</p><p id=""><strong>CNC EDITORS INSIGHTS:</strong></p><p>‍</p><p id="">The escalating cyber tensions between China and the Five Eyes alliance, which includes Australia, is a critical aspect of the evolving geopolitical landscape. This is an indicator of the continuing power struggle in cyberspace between major world players.</p><p>‍</p><p id="">These incidents highlight the importance of strengthening cyber resilience across all sectors. As countries increasingly rely on digitised systems, the potential impact of cyber attacks on national security and economies is growing. Therefore, ongoing collaboration among international cybersecurity agencies is paramount.</p><p>‍</p><p id="">The Australian government's transparency and proactive stance in dealing with these threats are commendable. The coordinated drills across key industries not only aim to ensure preparedness but also signal a strong message to potential threat actors. It signifies the country's commitment to defending its digital space and ensuring the security of its national infrastructure.</p><p>‍</p><p id="">Lastly, the appointments of ambassadors for cyber affairs and counter-terrorism underline the government's prioritisation of these critical issues. This is a positive step towards bolstering Australia's international engagement and contribution to global cybersecurity and counter-terrorism efforts.</p><p>‍</p>

<p id="">The year 2022 was marked by a sharp increase in the number of high-profile data breaches and cyberattacks, making the issue of cybercrime and privacy a matter of great concern for individuals and organisations alike. In this article, we will examine the current state of cyber defence in Australia and the measures that need to be taken to protect our sensitive information.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Need for Proactive Measures</h2><p id="">‍</p><p id="">One of the key points discussed in the recent interview with Nadine Belany, Maila Saunders, Partner at Thompson Geer, and Dave Mansell, CEO of Haven Tech, was the need for organisations to be proactive in protecting their data. Dave Mansell highlighted that regulation alone is not going to be sufficient to address cybercrime, and that organisations need to take measures to protect their information. He also pointed out that the recent $40 million investment in cybersecurity is not enough, and called for initiatives like decentralised digital identity to receive a portion of that funding.</p><p id="">‍</p><blockquote id=""><em id="">“Unfortunately, cybercrime has been happening for quite some time. As technology has advanced, so have the breaches of our personal data. The key takeaway is that the technology organisations are relying on to protect data is not working, and there are more important datasets hitting our digital lives that we need to protect. Decentralisation is one of the key means to solving this problem.” - </em><strong id=""><em id="">Dave Mansell</em></strong></blockquote><p id="">‍</p><p id="">‍</p><h2 id="">The Battle Against Cybercrime</h2><p id="">‍</p><p id="">Malia Saunders praised the recent multi-agency response to the Medibank breach, which saw the creation of a permanent task force to fight cybercrime. Dave Mansell expressed frustration at the recurring issue of data breaches, and emphasised the need to be in control of protecting our sensitive information. He believes that decentralisation is one of the key solutions to this problem, as it eliminates the risk of storing sensitive information in a centralised location that is vulnerable to attack.</p><p id="">‍</p><figure class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1660px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1660px"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647d44d5b0b8c32ec5419d06_an-analysis-of-the-current-state-of-cyber-defense-in-australia-thumb.jpg" loading="lazy"></div></figure><p>‍</p><h2 id="">The Role of Privacy Champions</h2><p id="">‍</p><p id="">The role of privacy champions in corporate organisations was also discussed in the interview, with Malia Saunders explaining that privacy champions play an important role in educating staff about online privacy and security. She also highlighted the legal responsibilities of organisations and government agencies to comply with Australian privacy principles and keep personal information secure. Dave Mansell added that privacy officers in large organisations have a challenging job, but the increased penalties for victims of data breaches will raise the priority of investment in areas that help safeguard information.</p><p id="">‍</p><p id="">In addition to this internal push for greater data security, there is a growing emphasis on the legal responsibilities of corporations, government agencies, and privacy officers. Australian privacy principles, for example, require these entities to keep personal information secure and protect it from unauthorised disclosure or use. To ensure compliance with these principles, privacy officers in large organisations must navigate a complex web of processes, procedures, and technology.</p><p id="">‍</p><blockquote id=""><em id="">“Organisations and government agencies need to comply with Australian privacy principles, which are high-level and general in nature. They have an obligation to keep people's personal information secure and protect it from unauthorised disclosure and use.” - </em><strong id="">Malia Saunders</strong></blockquote><p id="">‍</p><p id="">The government's recent move to increase penalties for data breaches, as mentioned by Malia Saunders, is a step in the right direction. By incentivizing businesses to prioritise privacy and granting additional powers to the Office of the Australian Information Commissioner, this legislative change highlights the importance of data security in today's world.</p><p id="">‍</p><p id="">‍</p><h2 id="">Frauds and Scams</h2><p id="">‍</p><p id="">Finally, the topic of frauds and scams was brought up, and Dave Mansell stressed the importance of individuals being vigilant and playing their part in protecting their sensitive information. Brands are starting to create scam pages on their websites, but it's important for individuals to report any unsolicited scams to organizations like Scam Watch. Dave also pointed out that the root of the problem is the data breaches and hacks that provide scammers with the information they need to execute their scams.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1200px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1200px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647d22c45e0046ec9be113fb_dave-maunsell-interview-pic.jpg" loading="lazy" id="" width="auto" height="auto"></div></figure><p id="">‍</p><p id="">‍</p><blockquote id=""><em id="">“We all have on average 100 usernames and passwords for various digital brands, which means that the edge of many organisations' networks is you and me, and we often become the weak spot” - </em><strong id=""><em id="">Dave Mansell</em></strong></blockquote><p id="">‍</p><p id="">As the world becomes increasingly digitised, the threat of cybercrime continues to grow. A recent report by the Australian Cyber Security Centre (ACSC) found that there was a 47% increase in cybercrime reports in 2022, with nearly two-thirds of all reports being related to scams and fraud. The report also found that small businesses were particularly vulnerable, with 55% of all reported cybercrime incidents affecting these organisations.</p><p id="">‍</p><p id="">The year 2022 has brought the issue of cybercrime and privacy to the forefront, and it's clear that there's much work to be done to protect our sensitive information. The experts emphasised the need for organisations to take proactive measures to protect their data, and for individuals to be vigilant and educate themselves about online privacy and security. With the right investments and mindset, Australia will continue to see throughout 2023 an increase in programs addressing the concentrated phenomenon of cybercrime and protecting our sensitive information.</p>

<p id="">The technology sector in Australia is thriving, and it's an exciting time to see the growth and potential of the industry. With the increasing demand for cybersecurity and the shortage of cyber defenders, the sector is expanding rapidly, attracting new players and investments. However, this is just the start of the growth potential for the Australian tech industry.</p><p id="">‍</p><p id="">In a recent interview with Wyatt Roy, executive director of the Technology Council, and Lawrence Patrick from Zirilio, the future of the Australian tech sector was discussed in depth. It was an opportunity to analyse emerging trends and developments in the tech sector and the role of government in supporting and fostering this growth.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:61%" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="61%"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/6487d17b2569738adc117706_lawrence-interview-1.jpg" loading="lazy" id="" width="auto" height="auto"></div><figcaption id="">Lawrence Patrick</figcaption></figure><p id="">‍</p><blockquote id=""><em id="">“How can we increase the speed of capital deployment in early stage companies? In comparison to Silicon Valley, Australian investors tend to wait for more traction and proof in the market before investing”. -</em><strong id=""><em id=""> Lawrence Patrick</em></strong></blockquote><p id="">‍</p><p id="">According to Wyatt, one of the sectors where Australia is doing exceptionally well is B2B software, particularly large scale enterprise software. This sector is expected to continue growing, and the fintech space has also seen great success in the country. In addition, Australia leads the way in mining tech startups, and the climate tech and energy tech spaces also hold great potential for growth.</p><p id="">‍</p><blockquote id=""><em id="">“When compared to Silicon Valley, which has an enormous amount of capital and deal flow, we need to focus on a per capita comparison. Israel, for example, has the highest amount of VC per capita and the highest number of startups per capita. When compared on a per capita basis, Australia is already punching above its weight in terms of global GDP share and venture capital investment.” - </em><strong id=""><em id="">Roy Wyatt</em></strong></blockquote><p id="">‍</p><p id="">When it comes to deep tech industries, Australia ranks high in terms of research but low in terms of commercialisation. This presents a great opportunity for growth in these areas with the right support from the ecosystem. For instance, last year, $50 billion in sales for solar products used Australian IP, but very little of it was captured in the country. With proper support, these industries can grow and capture valuable resources, making the most of everything that the country has to offer.</p><p id="">‍</p><p id="">Wyatt emphasised the important role of government in supporting the growth of the tech sector. He noted that a stable macro environment, the right tax policy, innovation policy, and immigration policy are critical in attracting people to come and work in the country and create these companies. Government investment in deep tech and early-stage companies is also vital, and the regulatory environment should be favourable to allow these companies to thrive while protecting consumers. Finally, the government can play a role in education and skills, ensuring a pipeline of skills, particularly in STEM areas, to continue to grow these companies.</p><p id="">‍</p><p id="">Regarding the possibility of having a Tesla Gigafactory in Australia, Wyatt spoke about the opportunities that the country has, considering its abundant natural resources and minerals required for manufacturing. With the cost of solar panels increasing by 50% in the last year due to COVID and shipping costs from other countries, there is a great opportunity for manufacturing to take place in Australia, where resources and talent are available. Additionally, labour costs are becoming higher in China, making Australia a more attractive option for advanced manufacturing industries. Automation is also improving productivity outcomes in the country, making it a prime location for such industries.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:955px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="955px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/6487d1a2049d8f8a142c8980_roy-wyatt-interview1.jpg" loading="lazy" id="" width="auto" height="auto"></div><figcaption id="">Roy Wyatt</figcaption></figure><p id="">‍</p><blockquote id=""><em id="">“In the US you will often see highly specialised VC around particular verticals because of scale. We're beginning to see parts of that in Australia as these funds are getting bigger and bigger, new funds are raised. Rather than just being a generalist, you're seeing more specialisation in the investing environment and I think that will deploy more capital in certain areas quicker and faster.” - </em><strong id=""><em id="">Roy Wyatt&nbsp;</em></strong></blockquote><p id="">‍</p><p id="">The future of the tech sector in Australia is bright and full of potential. With the right support from the government and the ecosystem, the country can seize the opportunities available and continue to grow and thrive in the tech industry. With the potential for growth, it's exciting to see what the future holds for the tech sector in Australia.</p><p id="">‍</p><h2 id="">Investment Outlook in 2023</h2><p id="">‍</p><p id="">In terms of investment outlook for 2023, the cybersecurity sector is expected to continue to grow, driven by the increasing demand for cyber defenders and the shortage of skilled professionals in the field. In addition, the B2B software, fintech, and mining tech sectors are also expected to grow, as well as the climate tech and energy tech spaces.</p><p id="">‍</p><p id="">Artificial Intelligence (AI) is also expected to continue to grow, with increased investment in deep tech industries and the development of new technologies and applications. The government is expected to play a crucial role in supporting the growth of these industries, through investment, favourable regulation, and education and skills development.</p><p id="">‍</p><p id="">Furthermore, pivotal technologies including advanced manufacturing and automation are predicted to expand in Australia. Given the country's extensive natural resources and mineral wealth, combined with a developing automation sector and escalating labour costs globally, there exists considerable potential for sophisticated manufacturing to emerge within Australia. For instance, the rising costs of solar panels and escalating labour expenses in China present new opportunities for home-grown Australian manufacturing to address sustainable energy needs.</p><p id="">‍</p><blockquote id=""><em id="">“automation is helping to deliver. Better productivity outcomes here. So I'm quietly very optimistic that there's an amazing opportunity for us as a country to seize these more high impact advanced manufacturing industries, drawing on all everything that we've already got. I think it's really up for us to seize that opportunity.” - </em><strong id=""><em id="">Roy Wyatt</em></strong></blockquote><p id="">‍</p><p id="">Overall, the future of the tech sector in Australia is bright and full of potential, and it will be exciting to see how the industry continues to evolve and grow in the coming years.</p><p id="">‍</p><p id="">As the technology and innovation landscape continues to change and develop, it is important for the government, private sector, and ecosystem to work together to support and promote the growth of the tech sector in Australia.</p><p id="">‍</p><p id="">In conclusion, the tech sector in Australia is poised for growth and success, and it is important for the government, private sector, and ecosystem to work together to support and promote this growth. The future of the tech sector in Australia is full of potential and exciting possibilities, and it will be fascinating to see how it continues to evolve and develop in the coming years.</p>

<p id="">China's reach extends far beyond its military capabilities, with its information network, cyber influence, and technological advancements playing a pivotal role in the global landscape. The country's extensive treaties and investments across all five continents, particularly in ASEAN nations, have created interdependencies that promote prosperity and opportunity in Asia and serve Western consumerism. As political philosophies clash, navigating the complexities and political minefields of China's ambitions becomes increasingly challenging. The regional geopolitical security issues, driven by trade sanctions and military tensions in the region bet.</p><p id="">‍</p><p id="">China's rise to prominence on the global stage is the result of a long-term strategy, spanning decades of planning and execution. The nation's ability to invest time in developing its economic, social, and military influence has positioned it as a crucial player in the shifting global landscape. </p><p id=""><em id="">‍</em></p><p id="">The success of opening markets from the 1990s to the 2000s has enabled Asia to capture a more significant share of global flows, with the region becoming deeply interconnected through trade, services, capital, people, and data (Dent, 2016). The implementation of the ASEAN Economic Community integration plan has the potential to create a single market of 600 million consumers, capitalising on the region's urbanisation and disruptive technologies (ASEAN Secretariat, 2015).</p><p id="">‍</p><p id="">‍</p><h2 id="">The Rapid Rise of Asia: A Once-in-a-Century Phenomenon</h2><p id="">‍</p><p id="">Asian nations have sought economic and political resilience by investing in open trade commerce, industrialisation, and advanced technology from the West (Baldwin, 2016). By 2015, the rapid rise of China and ASEAN countries had enabled them to skip multiple stages of the industrial cycle, accomplishing in less than two and a half decades what took America 80 years (Lee, 2019).</p><p id="">‍</p><p id="">Increased intra-ASEAN trade and investments have been driven primarily by market forces rather than regional agreements, prompting individual ASEAN states to unilaterally improve their business climates and liberalise trade and investment policies (Hill &amp; Menon, 2012). This historical context suggests that decoupling the world economic trading system, which operates with existing investment treaties that support bilateral operations, would be difficult.</p><p id=""><em id="">‍</em></p><p id="">The old saying that "time is money" rings true for Asia, which has not wasted time in its growth. Money never sleeps, and China's ambitions know no boundaries in developing business and trade relationships within and outside Asia (Economy, 2018). These drivers have established Asia as an essential goods and services economy for the rest of the world and are unlikely to be stopped by government efforts to use regional security as a political tool to control outcomes of isolation.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-center" style="max-width:1000px" data-rt-type="image" data-rt-align="center" data-rt-max-width="1000px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c29209373_346dea73.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><h2 id="">Decoupling of Western Political Influence:&nbsp;Analysing the Economic and Geopolitical Factors Shaping China's Superpower Status</h2><p id=""><em id="">‍</em></p><p id="">As China's economic influence and technological prowess continue to grow, Western nations grapple with the question of whether to decouple from China or to implement policies aimed at curbing its rise to superpower status. This publication explores the complexities of the global supply chain, the role of China's Belt and Road Initiative, and the potential consequences of economic sanctions and retaliatory actions in response to tensions between China and Taiwan.</p><p id=""><em id="">‍</em></p><p id="">The Chips and Science Act, signed into law by US President Joe Biden in August 2022, allocates $53 billion to fund domestic semiconductor production and research. Beijing views this act as part of a plot by Washington to hinder China's technological progress. Recent export control measures and agreements between the US, the Netherlands, and Japan have further exacerbated tensions between China and Western nations, disrupting the global semiconductor supply chain and prompting accusations of "Cold War mentality and hegemonic behaviours."</p><p id=""><em id="">‍</em></p><p id="">‍</p><h2 id="">The underestimated role of China:</h2><p id="">‍</p><p id="">China's role in international supply chains, regional geopolitical security, and Asian governments has become increasingly complex and influential in recent years. Military tensions between China and Taiwan have led to ripple effects on the US and its allied nations, highlighting the need to understand the intricacies of China's economic influence and soft power. Decoupling from China is not a simple solution for Western nations, as unpredictable consequences and potential retaliatory actions could further disrupt global supply chains and economic stability.</p><p id=""><em id="">‍</em></p><p id="">‍</p><h2 id="">China's Belt and Road Initiative (BRI) and its Economic consequences:</h2><p id="">‍</p><p id="">China's BRI has been a critical factor in expanding its economic influence across continents, fostering closer ties with countries in Asia, South America, Eastern Europe, and Africa. While the initiative has faced scrutiny and opposition from the United States and other Western nations, it has also proven to be a successful foreign policy tool for Beijing, creating strong alliances and resilient political economies across the globe.</p><p>‍</p><p id="">The economic effects of the West taking economic sanctions and retaliatory actions in response to tensions between Taiwan and China may have far-reaching consequences beyond the immediate goal of decoupling or impacting China's technological advancements. The interconnected nature of global economies means that these actions could inadvertently harm the economies of the very nations implementing such measures, further complicating the geopolitical landscape.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-center" style="max-width:1000px" data-rt-type="image" data-rt-align="center" data-rt-max-width="1000px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c2920938f_a910899d.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">The 2023 Milken Institute Global Conference, a prestigious banking conference held in Los Angeles, hosted a panel with prominent experts in the global finance and investment sectors. Among them was Fred Hu, founder and chairman of Chinese private-equity firm Primavera Capital Group. Hu provided a Chinese perspective on the current state of global investment, China's role in the world economy, and the implications of the ongoing trend of decoupling between China and the West.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Case for China's Economic Resilience:The Semiconductor Conundrum</h2><p id="">‍</p><p id="">Despite the challenges posed by a gloomy global economy, exacerbated by the strained relations between China and the United States, investors and economists are increasingly looking at China as an opportunity that should not be overlooked. Fred Hu asserted that the disappointing economic performance of China over the past three years is a temporary aberration, and the country is now returning to a more normal, long-term pattern of pro-growth, pro-private sector, and pro-technology policies.</p><p id="">‍</p><p id="">Yichen Zhang, chairman and CEO of CITIC Capital, added to the discussion, arguing that the prevailing negative sentiment regarding China's tightening control over foreign businesses' data is overblown. The panelists agreed that while diversifying the global supply chain is essential, the concept of decoupling is driven more by politics than by sound business logic.</p><p id=""><em id="">‍</em></p><p id="">Semiconductors have emerged as the epicentre of the decoupling debate. While the U.S. is expanding its domestic manufacturing capabilities and restricting exports of related technologies to China, Hu argued that cutting China out of the chip supply chain is both "problematic" and "wrong-headed." He further explained that should China become self-sufficient in the semiconductor sector, leading global tech companies like Intel, AMD, Samsung, Nvidia, and TSMC could lose access to their biggest market, which would adversely impact their profitability and R&amp;D capabilities.</p><p id=""><em id="">‍</em></p><p id="">"In the short term, China might struggle. But in the medium to long term, China will be self-sufficient," Hu said.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292093ab_dab890bf.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id=""><em id="">Photo courtesy of Milken Institute Global Conference</em></figcaption></figure><p id="">‍</p><h2 id="">The Long Game: China's Strategy and the Call for Cooperation</h2><p id="">‍</p><p id="">In the face of growing international tensions and economic uncertainties, some investors have found China's long-term strategy to be even more attractive. The country's focus on innovation, infrastructure development, and expanding its global influence has allowed it to weather short-term challenges and maintain its position as a crucial player in the world economy.</p><p id=""><em id="">‍</em></p><p id="">A complete decoupling might not be the direction China and the rest of the world seek.</p><p id="">‍</p><p id="">"What I took out of this was that China does not want to self-isolate. They actually see the need to sit at the same table with the U.S., with everybody in the [Group of Seven]," Kristalina Georgieva, managing director of the International Monetary Fund, said at the conference.</p><p id="">‍</p><p id="">Kevin Klowden, chief global strategist at the Milken Institute, spoke at a panel on Monday 01 May 2023 on the topic of modernising global supply chains.</p><p id="">‍</p><p id="">"It's worth remembering that it's not to the world's benefit to completely decouple," he said. "It's not to China's, it's not to America, it's not to Europe, it's not to anybody's."</p><p id=""><em id="">‍</em></p><p id="">The intricacies of the worldwide semiconductor sector, with its far-reaching implications on international supply networks, geopolitical affairs, and fiscal policies, highlight the obstacles confronted by Western countries in their efforts to counterbalance China's expanding clout. While disengaging from China might appear attractive, the unforeseeable outcomes and intertwined nature of global commerce render it a perilous pursuit. A more refined comprehension of China's economic sway, subtle influence, and the ensuing repercussions of these policies is vital to maneuver through the evolving global power dynamics.</p><p id=""><em id="">‍</em></p><p id="">In spite of the difficulties and uncertainties linked to China's presence in the international arena, it is imperative for nations to adjust and draw lessons from the divergent democratic and authoritarian methods of power. As the world steers through this unprecedented reality, identifying ways to harmonise collaboration and rivalry while averting armed conflict will be instrumental in fostering peace, affluence, and safeguarding the Pacific area.</p><p id="">‍</p>

<p id="">The global AI race has been gaining momentum, captivating the attention of the tech industry, policymakers, and the general public alike. Recent developments in AI technology have raised concerns about the safety and ethical use of these systems, <a href="https://www.whitehouse.gov/briefing-room/statements-releases/2023/05/04/statement-from-vice-president-harris-after-meeting-with-ceos-on-advancing-responsible-artificial-intelligence-innovation/" target="_blank" id="">prompting a high-profile meeting at the White House</a>.</p><p id="">‍</p><p id="">This article examines the outcomes and implications of this meeting, attended by top executives of leading AI companies and senior US officials, and the responsibilities of these tech giants in ensuring the safety of their AI systems.</p><p id="">‍</p><p id="">On Thursday, top executives from AI industry leaders, including OpenAI, Google, and Microsoft, met at the White House for a "frank discussion" about their responsibilities in ensuring the safety of their AI systems (1). The meeting was attended by vice-president Kamala Harris and other senior officials from the Biden administration This comes as the administration seeks to develop a more coordinated response to the rapid advancements in AI technology, and follows a recent warning from AI pioneer Geoffrey Hinton about the long-term dangers of developing machines that surpass human intelligence&nbsp;</p><p id="">‍</p><p id="">The meeting aimed to address the risks posed by "current and near-term" AI developments, as well as the "fundamental responsibility" of these companies to ensure the safety and trustworthiness of their systems (1).Harris emphasised the ethical, moral, and legal responsibility of the private sector in ensuring the safety and security of their products (1).</p><p id="">‍</p><blockquote id=""><em id="">Harris said in a statement “As I shared today with CEOs of companies at the forefront of American AI innovation, the private sector has an ethical, moral, and legal responsibility to ensure the safety and security of their products. And every company must comply with existing laws to protect the American people.”</em></blockquote><p id="">‍</p><p id="">The White House reported that seven of the largest AI companies have agreed to subject their models to a degree of public scrutiny at the annual Def Con hacker convention in August (1). However, the extent of this openness remains uncertain, as it will be "consistent with responsible disclosure principles" (1). OpenAI, for instance, has not released basic technical information about its latest large language model, GPT-4 (1). The Office of Management and Budget is set to release draft guidelines for public comment this summer, governing the federal government's use of AI (1).</p><p id="">‍</p><p id="">The tech leaders present at the meeting included OpenAI CEO Sam Altman, Microsoft CEO Satya Nadella, and Sundar Pichai, CEO of Google and Alphabet, along with Dario Amodei, CEO of AI start-up Anthropic (1). Administration officials in attendance were Jake Sullivan, Lael Brainard, Gina Raimondo, and Jeff Zients (1).</p><p id="">‍</p><p id="">The Biden administration has introduced several AI-related initiatives in recent months, such as releasing a draft AI bill of rights and initiating a review of the new technical standards required to ensure that AI systems function as intended, without exposing people to unforeseen risks (1). Lina Khan, chair of the Federal Trade Commission, has recently expressed her concern about whether existing laws can be used to address issues such as online scams and privacy violations caused by AI (1).</p><p id="">‍</p><p id="">The White House meeting is a significant step toward recognizing and addressing the responsibilities of AI companies in ensuring the safety of their technologies. As AI continues to advance rapidly, the tech industry and governments must work together to develop robust frameworks for regulating these technologies. This collaboration is essential to strike a balance between fostering innovation and ensuring the ethical use of AI.</p><p id="">‍</p><p id="">The willingness of large AI companies to subject their models to public scrutiny is a positive development. However, the level of openness must be more clearly defined to ensure that companies are held accountable for the safety and ethical implications of their AI systems. Encouraging transparency and collaboration can help build trust between the public, the tech industry, and governments, which is crucial in addressing the risks and challenges posed by AI technologies.</p><p id="">‍</p><p id="">‍</p><h2 id="">Sources</h2><p id="">‍</p><div id=""></div>

<p id="">As the dialogue between Australia and China increases, people should not think Beijing will automatically change its cyber behaviour, former US National Security Agency Chief Admiral Michael Rogers warns.</p><p id="">‍</p><p id="">Admiral Rogers ensured that Australia and China communicating with each other is a “positive thing”.</p><p id="">‍</p><p id="">“A strong China is not necessarily a bad thing,” he told Sky News Australia.</p><p id="">‍</p><p id="">“The challenge is how a strong China integrates itself into the broader global community in which it respects the rule of law as well as the norms of behaviour that we have developed over the last 70 years.”</p><p id="">‍</p><p id="">It is suggested by the US defence experts that China Is using Australia's new changing government to improve the perception of Beijing and is also continuing a&nbsp; steady cyber interference behind the scenes.&nbsp;</p><p id="">‍</p><p id="">The conversation amongst the defence analyst and threat intelligence community reflects the Federal government's ongoing concern on security matters. Mike Burgess, ASIO spy boss, said only a couple of weeks ago that “foreign interference is a bigger problem than he's ever faced”&nbsp;</p><p id="">‍</p><p id="">The challenges, how does a strong China try to integrate itself into the broader global community in which in perspects the rule of law, as well as the norms of behaviour that we developed over the last 70 years?</p><p id="">‍</p><p id="">Admiral Michael Rogers outlined “They have improved relations and you know, Essentially between Australia and China. We all know Australia's reliance on China diversification is something that's talked about often, but I think that's very hard to do. It takes quite some time.&nbsp;</p><p id="">‍</p><p id="">As China and Australia engage in dialogue on cybersecurity issues, it has become clear that China is not willing to change its cyber behaviour "automatically." Chinese officials have stated that any changes in behaviour will need to be based on mutual respect and understanding, rather than pressure or coercion from outside forces.</p><p id="">‍</p><p id="">This stance reflects China's broader approach to cybersecurity issues, which is based on the principle of "cyber sovereignty." Cyber sovereignty refers to the idea that each country should have the right to regulate and control the flow of information and data within its own borders, without interference from other countries or international organisations.</p><p id="">‍</p><p id="">At the same time, China has been accused of engaging in cyber espionage and other malicious cyber activities, particularly against Western countries and their allies. These activities have included the theft of intellectual property, the disruption of critical infrastructure, and the targeting of government agencies and other sensitive targets.</p><p id="">‍</p><p id="">Despite these accusations, China has maintained that its cyber activities are defensive in nature and necessary to protect its national security interests. China has also expressed frustration with what it perceives as Western bias in the global cybersecurity debate and has called for greater representation and participation from developing countries in cybersecurity discussions.</p><p id="">‍</p><p id="">In this context, the question of what strategy China will pursue in 2023 on cybersecurity issues is complex and multifaceted. There are a number of factors that will shape China's approach, including geopolitical, economic, and technological developments,and proactive engagements to cement bilateral treaties as well as changes in the international cybersecurity landscape.</p><p id="">‍</p>

<h2 id="">Introduction</h2><p id="">‍</p><p id="">As Artificial Intelligence (AI) continues to evolve and plays an increasingly significant role in various industries, questions about the ownership of intellectual property (IP) rights for AI-generated material have emerged. With AI systems becoming more autonomous and creative, the traditional IP framework is being challenged, and new legal and ethical questions are arising. This article will explore the importance of establishing clear ownership guidelines for AI-generated material, the implications of liability for negative consequences from AI creations, and the ongoing work of Professor Ryan Abbott in testing patent law in relation to AI inventions, with a focus on the AI system DABUS.</p><p id="">‍</p><p>‍</p><h2 id="">Ownership of IP Rights for AI-Generated Material</h2><p id="">‍</p><p id="">In the current IP legal framework, human authorship or inventorship is central to obtaining copyrights or patents. However, with AI systems increasingly generating content, inventions, and designs, determining ownership becomes a complex issue. Establishing clear ownership guidelines is crucial for several reasons:</p><p id="">‍</p><p id="">Encouraging innovation: If the creators of AI systems are unable to protect and profit from the output of their technologies, they may be less incentivized to invest in AI research and development.</p><p id="">‍</p><p id="">Fair distribution of benefits: By determining ownership of AI-generated material, the benefits derived from AI can be fairly distributed among stakeholders, including developers, users, and society at large.</p><p id="">‍</p><p id="">Preventing misuse: Clearly defined ownership can help prevent the unauthorised use or exploitation of AI-generated material, ensuring that the creators of AI systems have control over their technology's applications.</p><p id="">‍</p><p>‍</p><h2 id="">Liability for Negative Consequences of AI Creations</h2><p id="">‍</p><p id="">Alongside questions of ownership, determining liability for any negative consequences arising from AI-generated material is essential. If an AI system creates content that violates copyright, infringes on patents, or causes harm, it is vital to establish who should be held accountable. Resolving this issue can help prevent potential legal disputes and encourage the responsible use of AI technologies.</p><p id="">‍</p><p>‍</p><h2 id="">Professor Ryan Abbott's Work on AI and Patent Law</h2><p id="">‍</p><p id="">Professor Ryan Abbott has been exploring the boundaries of patent law concerning AI-generated inventions by examining the AI system DABUS (Device for the Autonomous Bootstrapping of Unified Sentience), developed by US-based physicist Stephen Thaler. By testing patent law in various jurisdictions worldwide, Professor Abbott seeks to determine if an AI program's inventive output could be protected in the absence of a human inventor.</p><p id="">‍</p><p id="">The DABUS case has sparked intense debate over AI inventorship, with some jurisdictions, such as South Africa and Australia, granting patents for AI-generated inventions, while others, like the United States and the European Patent Office, have rejected such applications. This ongoing legal battle highlights the need for a more consistent and harmonised approach to AI-generated material's IP rights.</p><p id="">‍</p><p id="">As AI technologies continue to advance, the questions surrounding IP rights and liability for AI-generated material become increasingly critical. The work of Professor Ryan Abbott and the DABUS case represents a significant step towards redefining IP frameworks in the age of AI, paving the way for a more comprehensive and consistent approach to AI-generated material's ownership and liability.</p><p id="">‍</p>

<p id="">Though the technology has only been widely available for a couple of months, everyone is talking about ChatGPT.</p><p id="">‍</p><p id="">If you are one of the few people unfamiliar with <a href="https://chatgpt.pro/" id="">ChatGPT</a>, it is an OpenAI language model with the “ability to generate human-like text responses to prompts.” It could be a game-changer wherever AI meshes with human interaction, like chatbots. Some are even using it to build editorial content.</p><p id="">‍</p><p id="">But, as with any popular technology, what makes it great can also make it a threat. Security experts warn that while companies use ChatGPT for chatbot responses, threat actors are using AI to write malware.</p><p id="">‍</p><p id="">Jerrod Piker, a competitive intelligence analyst with Deep Instinct, compared the technology to a Swiss Army knife for techies everywhere. The good guys are already using it to develop useful applications.</p><p id="">‍</p><p id="">Unfortunately, it’s not all positive news. “Because of ChatGPT’s ability to create code on the fly, attackers can automate part of the process of launching a cyberattack by having the chatbot create their initial infection code for them,” Piker said in an email interview. “This could also aid potential attackers with very little coding knowledge to create their own malware.”</p><p id="">‍</p><p id="">Earlier in January 2023, the Cyber News Centre (CNC), research team tested and discovered that ChatGPT would provide step-by-step instructions on various ways to successfully hack a website upon their request. The ethically run experiment was performed on the virtual training platform, &nbsp;it took the team only 45 minutes to accomplish the hack.</p><p id="">‍</p><p id="">The AI engine CHATGPT has received greater scrutiny over it's capabilities to provide Information for malicious use in particular to aid hackers in the components of access in various tools the company behind the AI platform has created multiple restrictions for ethical and legal reasons.</p><p id="">‍</p><p id="">Between the 1st and 3rd of March, CNC Centre team continued to test the AI engine and notice modifications in its behaviour, it was noticed that standard narratives being generated by the AI response dialogue, &nbsp;guided a far more ethical answer to the tester. These were responses in relation to the question such as “cyber crime activity ” or “hacking tools for illegal hacking”.</p><p id="">‍</p><p id="">ChatGPT, surprised the CNC tester with a human-like tone to a question regarding a series of questions on joining hacker gangs and cyber warfare activities. &nbsp;In most of the cases the responses were surprisingly uniformed and delivered as a career counsellor with suggestions such as<em id=""> “It is essential to use your cybersecurity skills ethically and responsibly, and engaging in cyber warfare against any country including </em><strong id=""><em id="">country name</em></strong><em id=""> is illegal..”</em></p><p id="">‍</p><p id="">ChatGPT, or Generative Pre-trained Transformer, was launched November 2022 by artificial intelligence research and deployment company Open AI. Its release was followed by a frenzy of social media coverage and followers. Over one million users have signed up to try out the AI chatbot to date.</p><p id="">‍</p><p id="">According to the developer's website, the ChatGPT model is trained to reject inappropriate requests. Yet both the Cyber News Centre and CheckPoint research teams had no problems obtaining the potent information.</p>

<p id="">The artificial intelligence (AI) sector is experiencing a remarkable surge in investments and innovations, driven by Elon Musk's recent announcements and the rapid progress of Chinese tech giants like Alibaba and Baidu. As Wall Street embraces the investment craze, the global spotlight is now on AI-driven businesses and technologies.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Clash of AI Titans</h2><p id="">‍</p><p id="">In a recent interview with Fox News host Tucker Carlson, visionary entrepreneur Elon Musk announced the formation of a new AI company, X.AI Corp, with a focus on creating a "universal app." Musk plans to develop TruthGPT, a truth-maximising AI, as a competitor to the widely-used AI language model, ChatGPT. Criticising OpenAI's closed-source nature and Microsoft's alleged control over it, Musk argues that his alternative can provide a more open and truthful AI platform.</p><p id="">‍</p><p id="">Musk shared his concerns with Carlson, stating, "What's happening is they are training the AI to lie…not just say what the data demands that it say." Carlson joined in, suggesting that information was being withheld. However, it's important to note that Musk sold his OpenAI shares in 2018 to a "maximum-profit company," specifically Microsoft, which makes him partly accountable for the issue he's highlighting.</p><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">Musk also backtracked on his commitment to provide $1 billion in funding to OpenAI after his departure, contributing a mere $100 million instead. This could have forced OpenAI to seek alternative funding sources for ChatGPT. According to Fortune, OpenAI will regain full ownership of their business once $92 billion is paid to Microsoft (who currently owns 49%) and venture capitalists receive a collective $150 billion (they also own a collective 49%).</p><p id="">‍</p><p id="">Microsoft's investment in OpenAI seems to be even larger than initially believed. Documents indicate that, prior to the current deal, Microsoft had already invested $3 billion into the company—$2 billion more than publicly reported. If the ongoing deal is finalised with the discussed figures, Microsoft's total capital contribution to OpenAI would amount to $13 billion, emphasising the importance of technologies like ChatGPT and DALL-E 2 for Microsoft's future.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1254px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1254px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092c6_9tsmj1v2-3D0iOK0HAMcLHz7J6RGihz9I9pOIjbnEQ5nbBp-hJXkaqVy2YBj_UydPbTmZ0CoZJ2HsKnYTOtCQJMGv1RexTr8uyiUCxNId7RVsnx4DHwnwR3brHATIa8wdWMj8Nv2MY8hSzoQYwyw2GM.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><h2 id="">Microsoft Copilot Demo</h2><p id="">‍</p><p id="">The unique deal structure appears to favour Microsoft. However, OpenAI's hybrid setup—with a nonprofit lab and a capped-profit business arm—alongside its extensive commercial partnerships with Microsoft, creates numerous variables that could influence the final outcome and payouts. Here are some key insights based on our analysis of the documents.</p><p id="">‍</p><p id="">Venture capitalists are investing in OpenAI through a parallel tender offer of employee shares, alongside Microsoft's potential investment, as previously reported. All investors—including Microsoft—have caps on their potential returns. This doesn't mean the potential returns are insignificant: documents reveal that if OpenAI's technology becomes extraordinarily successful and profitable, Microsoft could make up to $92 billion from its collective investment, and venture capitalists participating in the tender offer could earn up to $150 billion. (An OpenAI spokeswoman declined to comment for this story, and a Microsoft spokesman didn't respond to a request for comment.)</p><p id="">‍</p><p id="">As investors try to identify early winners in the AI race, Exchange Traded Funds (ETFs) linked with AI tech have been on the rise. Betashares Global Robotics fund, for instance, has seen a 24% increase in the past three months. Additionally, companies like Nvidia, the leading semiconductor manufacturer, are considered <a href="https://www.bloomberg.com/news/articles/2023-04-18/nvidia-nvda-loses-its-only-sell-rating-as-hsbc-flags-ai-potential" id="">crucial players in the AI industry</a>.</p><p id="">‍</p><p id="">Meanwhile, Chinese tech giants Alibaba and Baidu have been making strides in AI regenerative technologies, raising concerns among governments worldwide. Italy has recently <a href="https://www.theguardian.com/technology/2023/mar/31/italy-privacy-watchdog-bans-chatgpt-over-data-breach-concerns" id="">banned ChatGPT</a>, and several tech leaders, including Elon Musk, have called for a global halt on training some AI systems due to the potential risks they pose to society and humanity.</p><p id="">‍</p><p id="">As the AI race intensifies, it is crucial for governments and organisations to address concerns regarding privacy, copyright infringement, and potential misuse. In response to Alibaba's recent announcement, China's top cyberspace watchdog has proposed a rule to regulate generative AI, inviting public consultation until May 10.</p><p id="">‍</p><p id="">The AI race is a double-edged sword that has the potential to revolutionise industries while posing significant risks if left unregulated. While the competition between AI giants like ChatGPT, Truth GPT, and Chinese tech companies may lead to rapid advancements in technology, it is essential to consider the ethical implications of these developments.</p><p id="">‍</p><p id="">‍</p><h2 id="">Natural Progression, Risks, And Considerations</h2><p id="">‍</p><p id="">Some sectors will be impacted by AI at different times, according to how the technology develops. If AI is already bringing in innovative ways to revolutionise current practices, then the potential for stock price returns in tech, transport, and online marketing might already be priced in. An alternative approach is to stay ahead of the curve and identify the sector where AI technology will next make a huge impact.</p><p id="">‍</p><p id="">Microsoft’s market cap of $2.06trn makes it the third largest company in the world. The revenue streams from its software and Azure server operations provide the firm with not only relative stability, but cash flow to invest in new AI technology. As well as carrying out its own in-house research, the tech giant has also aggressively bought up smaller companies who are developing innovative projects. In the last five years, it has snapped up 39 firms – most notably Nuance Communications, which is a specialist in the AI healthcare sector.</p><p id="">‍</p><p id="">The OpenAI ChatGPT product already mentioned is also connected to Microsoft. Commercial agreements relating to server hosting are matched by Microsoft providing OpeAI with $1bn in funding. Smaller investors who don’t grasp the granular details of how AI work might consider the approach of Bill Gates’ firm to be a template for investing in the sector.&nbsp;</p><p id="">‍</p><p id="">Rival tycoon Elon Musk took to Twitter in March 2023 to disparage Gates’ understanding of the area: “I remember the early meetings with Gates. His understanding of AI was limited. Still is.”. Building a diversified portfolio could result in Gates and Microsoft being big AI winners.</p><p id="">‍</p><p id="">California based C3.ai was founded in 2009 and represents a purer play on the AI sector than diversified tech giants NVIDIA and Microsoft. C3.ai is far smaller in size, with a market capitalisation of $2.9bn. The returns to investors have been even more impressive, especially as the AI sector takes off.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:619px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="619px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092e4_TT_xO5R25Rqul1k5DhoKWYEyo9C7NeXawC_5MzWGCXzmw7Y74NsUBVeWZjg9GmyiDQUrdnvMtArmQTEYhQvVkZp74t0z6nD55KWsWHQhgsS7Fwb70Bn_S1ATUNQYU1TAeGLFclDkbU9BH0xbNxaFhtY.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">The forecast rate of adoption of AI technologies doesn’t equate to all the stocks in the sector performing equally well; there will be winners and losers. At a higher level, high-growth and technology sub-sectors are exposed to specific kinds or risks, meaning that there are also potential headwinds facing the AI industry as a whole.</p><p id="">‍</p><p id="">‍</p><h2 id="">Balancing Regulation, Sovereign Risk, and Billionaires' Battle for Truth in AI</h2><p id="">‍</p><p id="">The paradox surrounding AI sector investments lies in the fact that the potential upheavals the technology promises, which could be highly profitable for investors, might face significant resistance due to their transformative nature. The case of social media platform TikTok, though not an AI stock, highlights the growing concerns around tech adoption. TikTok's management has been called before the US Senate Intelligence Committee, demonstrating the increasing scrutiny of tech companies.</p><p id="">‍</p><p id="">Influential political commentator Tucker Carlson commented on the prospect of autonomous vehicles displacing millions of US delivery drivers, stating:</p><p id="">‍</p><p id="">"Driving for a living is the single most common job for high-school educated men in this country [US]… the social cost of eliminating their jobs in a 10-year span, 5-year span, 30-year span, is so high that it's not sustainable" (Source: YouTube).</p><p id="">‍</p><p id="">There is a risk that AI firms might easily become entangled in the crossfire of what increasingly resembles a global tech 'turf war'. The sector's dynamic nature is causing numerous contradictions to surface, emphasizing the need for regulation to reduce sovereign risk and manage the ongoing battle for truth among billionaires in the AI industry.</p><p id="">‍</p><p id="">As we observe, Chinese tech giants Alibaba and Baidu are advancing in AI regenerative technologies, raising concerns among governments worldwide. Italy has recently banned ChatGPT, and several tech leaders, including Elon Musk, have called for a global halt on training certain AI systems due to the potential risks they pose. Almost simultaneously, Musk announces a new version of TruthGPT to counterbalance Microsoft's perceived dominance, creating a potentially perilous environment for legislators and capital markets alike.</p><p id="">‍</p><p id="">Investors must exercise caution when investing in AI-driven businesses and technologies, as the long-term impact of these investments on society remains uncertain. As AI continues to evolve, it is crucial for governments, tech leaders, and investors to collaborate in establishing a framework that ensures the responsible development and deployment of AI technologies.</p><p id="">‍</p><p id="">The AI race is undeniably an exciting and transformative period in human history. Rapid advancements in AI technologies have the potential to revolutionise various industries, leading to significant gains for investors who can identify early winners. However, as the competition between AI giants like ChatGPT, TruthGPT, and their Chinese counterparts intensifies, addressing ethical considerations and regulatory challenges will be paramount to ensuring that AI development remains beneficial to society as a whole.</p><p id="">‍</p>

<p id="">A joint Cybersecurity Advisory (CSA) has been issued by several international cybersecurity authorities, including the U.S. National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), and agencies from Australia, Canada, New Zealand, and the UK. The advisory warns of a recent surge in cyber activities traced back to a People's Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. This actor has been found to infiltrate networks across U.S. critical infrastructure sectors, a tactic that could potentially be used against other sectors worldwide.</p><p id="">‍</p><p id="">The advisory provides an overview of hunting guidance and best practices to detect these activities. Volt Typhoon utilises a tactic known as "living off the land," which involves using built-in network administration tools to blend in with typical system activities, thereby evading detection. Notably, the tools exploited by this actor include wmic, ntdsutil, netsh, and PowerShell.</p><p id="">‍</p><p id="">Furthermore, the advisory sheds light on technical details, background information, and potential indicators associated with these techniques. Network and host artefacts, from compromised small office/home office (SOHO) network devices to the usage of Windows management instrumentation (WMI/WMIC), PowerShell, Netsh, and Ntdsutil, provide concrete examples of the strategies employed by Volt Typhoon.</p><p id="">‍</p><p id="">In response to these cyber threats, the advisory recommends employing best practice network security and endpoint detection and response (EDR) products, a robust patch management program, a least privilege access model, and regular data backups protected from unauthorised access. It also encourages the use of strong, unique passwords and enabling multi-factor authentication wherever possible.</p><p id="">‍</p><p id="">This advisory represents a critical step in ensuring international cooperation in cybersecurity and offering guidance to network defenders to detect and mitigate potential threats linked to state-sponsored cyber activities.</p><p>‍</p><h2>Sources:</h2><div></div><p id="">‍</p>

<p id="">In what ranks as one of the most significant cybersecurity breaches of 2023, Latitude Financial, a major player in the global financial services industry, fell victim to a sophisticated cyber attack. In the wake of this breach, a vast quantity of sensitive customer data was exposed, and the company was handed a ransom demand which it declined. According to the Cyber Company Recap March 23 report, the impact of this incident has been far-reaching and continues to be the focus of considerable scrutiny and analysis.</p><p>‍</p><p>‍</p><h2 id="">The Attack and Immediate Response</h2><p>‍</p><p id="">Unusual activity within Latitude's IT systems signaled a threat actor had accessed its network using privileged credentials via a third-party vendor. The scope of the data exfiltration was staggering, with approximately 7.9 million customer records compromised, which included personal details and financial data used for loan applications.</p><p>‍</p><p id="">In response, Latitude sprang into action, immediately taking steps to contain the attack and mitigating potential damage. IT platforms were taken offline, password resets were performed enterprise-wide, and external cybersecurity experts were engaged to support their internal teams. Moreover, relevant authorities were notified, and cyber-insurers alerted.</p><p>‍</p><p>‍</p><h2 id="">The Post-Breach Rehabilitation</h2><p>‍</p><p id="">In the face of such an event, Latitude prioritised remediation and support for its affected customers. A comprehensive Customer Care Program was initiated to offer dedicated support, and communication channels were opened to keep affected individuals informed. The company has also completed extensive platform assurance reviews and has gradually restored business operations over a period of 5-6 weeks.</p><p id="">Future Outlook</p><p>‍</p><p id="">As of the end of May 2023, commercial operations have been fully restored with no further suspicious activity detected. Latitude's incident response plan is still underway and includes a rebound strategy aimed at surpassing its previous business momentum. Remediation efforts are ongoing, and plans to rebuild trust are in place, which is the cornerstone of its new strategic plan to reach full potential.</p><p>‍</p><p id="">Yet, the total cost of the incident is still being assessed, not least due to the support and remediation offered to customers. This cyber attack also serves as a grim reminder to other financial services firms of the relentless threat posed by cybercriminals.</p><p>‍</p><p>‍</p><h2 id="">Implications for Latitude Financial and Other Financial Services</h2><p>‍</p><p id="">This incident could have significant impacts on Latitude Financial's reputation and consumer trust. It may take time for the company to rebuild its brand image and regain customer confidence. The cost of recovery, both financially and operationally, is another critical factor that could affect the company's performance in the second half of 2023.</p><p id="">For other financial services companies, this incident should serve as a wake-up call to review and strengthen their own cybersecurity defenses, particularly around third-party vendor security. As financial institutions become more interconnected, the risk of a cyber attack grows. Therefore, investing in cutting-edge cybersecurity technology and personnel, and implementing robust vendor security protocols is now more crucial than ever.</p><p>‍</p><p id="">As we move into the second half of 2023, the Latitude Financial cyber attack underscores the growing sophistication of cybercriminals and the very real threats to data security. It provides a stark warning of the potential dangers of not adequately investing in and prioritising cybersecurity. The lessons learned from this incident should drive increased vigilance across the entire financial services industry to protect against such incidents in the</p><p>‍</p>

<p id="">In today's fast-paced digital world, data breaches have become a sobering reality. Recently, a massive cybersecurity leak has engulfed one of the world's leading electric vehicle manufacturers, Tesla. The German newspaper Handelsblatt revealed a significant data leak from the automobile giant, an event that should prompt multinational corporations, especially those operating in Australia and America, to assess their cybersecurity measures.</p><p>‍</p><p>‍</p><h2 id="">The Tesla Data Breach</h2><p id="">‍</p><p id="">According to the report, Handelsblatt received 100GB of data from informants at Tesla, exposing numerous complaints about its Autopilot self-driving feature. Covering 2015 to 2022, the data comprised 23,000 internal files detailing 3,900 reports of self-acceleration and brake function issues.</p><p id="">‍</p><p id="">The data included over 1,000 crash reports and a log of 3,000 incidents where drivers expressed safety concerns. While most of these incidents occurred in the United States, complaints were also recorded from Europe and Asia.</p><p id="">‍</p><p id="">What's particularly concerning about this breach, however, is the exposure of personally identifiable information (PII) of more than 100,000 current and former Tesla employees, including CEO Elon Musk.</p><p id="">‍</p><h2 id="">The Global Cybersecurity Landscape</h2><p id="">‍</p><p id="">This incident forms part of a larger global pattern. Multinational corporations in Australia and America have seen an uptick in data breaches. Companies, no matter their size or sector, must understand that cyber threats are not confined to their country's borders.</p><p id="">‍</p><p id="">Data breaches not only lead to significant financial losses but also result in the erosion of trust among consumers and stakeholders. For companies operating in sensitive sectors, such as electric vehicle manufacturing or technology, the stakes are even higher.</p><p id="">‍</p><h2 id="">Recommendations and Implications</h2><p id="">‍</p><p id="">Organisations must adopt a proactive stance towards data protection. Comprehensive data privacy protocols, regular audits, employee training, and robust response plans can significantly mitigate risks.</p><p id="">‍</p><p id="">The Tesla data breach is a stark reminder of the challenges and vulnerabilities that modern organisations face in the age of digital information. A multinational's cyber protection measures must evolve in line with these threats. It's not just about protecting sensitive internal information anymore; it's also about safeguarding the confidence that consumers place in these organisations.</p><p id="">‍</p><p id="">Companies must remember that an ounce of prevention is worth a pound of cure. As our reliance on digital technology grows, the emphasis on cyber hygiene, data protection, and proactive cybersecurity measures will be paramount for global business security.</p><p id="">‍</p><p id="">In conclusion, the Tesla data breach underscores the urgent need for robust cybersecurity infrastructures for all businesses. As the cyber threatscape continues to evolve, so too must our strategies to mitigate these risks. This incident should serve as a wakeup call to corporations in Australia, America, and around the world: neglecting cybersecurity is no longer an option.</p><p id="">‍</p>

<p id="">The recent federal budget has highlighted dependencies and potential vulnerabilities in Australia's approach to cyber security. The decommissioning of four centralised cyber hubs and the reallocation of funding towards new initiatives is causing concern about the continuity of industry-led cyber education programs and the national cyber resilience initiative.</p><p id="">‍</p><p id="">These changes have highlighted the crucial role of government support in promoting cyber security education and resilience. However, they have also revealed the potential pitfalls of over-reliance on such support. The sudden shift in funding has left some questioning the stability of the sector and the future of STEM programs, which are vital for developing the next generation of cyber security professionals.</p><p id="">‍</p><p id="">Australia's cyber security landscape, in the wake of this new federal budget, serves as a reminder of the importance of a balance between public and private sector involvement. There is a growing need for the Australian federal and state governments to not only support industry-led cyber essentials education leadership programs but also to leverage government-led initiatives to build cyber hubs.</p><p id="">‍</p><p id="">A recent report from InnovationAus.com reveals that the federal government's initiative to centralise networks through hubs in Canberra's largest agencies will be decommissioned after an $80 million pilot1. In place of these hubs, a series of new initiatives to harden cyber security are being developed, including the National Office of Cyber Security within Home Affairs. While the ongoing support of agencies currently served by the hubs is assured, the future beyond this is unclear1.</p><p id="">‍</p><p id="">The establishment of the National Office of Cyber Security is a positive step towards enhancing federal government cyber security efforts. However, this move must not come at the expense of private sector involvement. The strength of Australia's cyber security resilience lies in the collaboration between public and private sectors, enabling an exchange of knowledge, resources, and innovation.</p><p id="">‍</p><p id="">The decision to discontinue the cyber hubs also raises questions about the long-term implications for the cyber security industry. Andy Penn, former Telstra chief executive, called for the cyber hubs to have "more teeth and their work needs to be accelerated". With the decommissioning of these hubs, there is an opportunity for the private sector to step in and contribute to the cyber resilience of the nation.</p><p id="">‍</p><p id="">The federal and state governments need to recognise the value of these industry-led initiatives and provide the necessary support. It's crucial that they foster an environment conducive to investment in cyber security education and resilience. By doing so, they can help ensure the continuity of STEM programs and the development of the next generation of cyber security professionals.</p><p id="">‍</p><p id="">The government's role should be to facilitate and encourage these industry-led efforts, offering financial support where necessary, but also creating policies that enable these initiatives to flourish. This balanced approach would help ensure the long-term stability of the sector and the continued growth of Australia's cyber security capabilities.</p><p id="">‍</p><p id="">Recognising the importance of national cyber resilience policy and our digital defensive strategies for the new era, the Australian federal and state governments play an indispensable role. By supporting and capitalising on industry-led cyber essentials education leadership programs, they demonstrate the power of collaboration with the private sector. This cooperative stance allows for the creation of a robust and resilient cyber security landscape, fully equipped to navigate future challenges.</p><p id="">‍</p><h2 id="">Sources</h2><div id=""></div><p id="">‍</p>

<p id="">The global cybersecurity landscape has become increasingly complex, with nation-states actively engaging in digital warfare. The United States State Department's top cybersecurity official, Nathaniel Fick, has recently highlighted the challenges faced by NATO in deciding whether cyberattacks should trigger a collective military response under Article 5. This article will discuss the differing opinions among NATO members, analyse the potential risks and benefits of including cyberattacks under Article 5, and propose possible solutions to ensure the alliance's security in the digital age.</p><p>‍</p><p>‍</p><h2 id="">Differing Views and NATO's Challenges</h2><p>‍</p><p id="">Since Russia's invasion of Ukraine in February 2022, NATO has been grappling with the question of whether a damaging cyberattack could trigger Article 5 - the principle that an attack on any member necessitates a military response from all. While Article 5 has only been invoked once after the 9/11 terrorist attacks, the recent barrage of crippling cyberattacks against several European countries has sparked renewed interest in the topic (RSA Conference, 2023).</p><p>‍</p><p id="">NATO's adversaries exploit the lack of clarity in response policies, employing digital means to achieve their objectives without triggering a kinetic response (Fick, 2023). The Netherlands' Ambassador at-large for security policy and cyber, Nathalie Jaarsma, has noted that most cyberattacks fall below the threshold for triggering Article 5. However, some countries have called for the consideration of an accumulation of cyberattacks when assessing the applicability of Article 5 (RSA Conference, 2023).</p><p>‍</p><blockquote id=""><em id="">Fick said it would be to NATO’s “collective advantage to clarify and enforce how” they respond to cyber incidents.</em></blockquote><p>‍</p><p>‍</p><h2 id="">The Case for Including Cyber Attacks under Article 5</h2><p>‍</p><p id="">Proponents of including cyberattacks under Article 5 argue that doing so would strengthen NATO's deterrence posture in the digital domain. Fick (2023) suggests that it is essential to "extend the full power of deterrence into the digital world, using not only cyber means but every ounce of economic, informational and diplomatic means necessary." By broadening the scope of Article 5 to include cyberattacks, NATO could send a strong message to its adversaries that cyber aggression will not be tolerated and that the alliance is prepared to take collective action to defend its members.</p><p>‍</p><p id="">Furthermore, by acknowledging the potential severity of cyberattacks on critical infrastructure or causing loss of life, NATO can emphasise the importance of a unified response to such threats. This approach could also incentivize member states to invest more in their cybersecurity capabilities, fostering a more robust and resilient alliance in the face of digital threats.</p><p>‍</p><p>‍</p><h2 id="">The Case Against Including Cyber Attacks under Article 5</h2><p>‍</p><p id="">Opponents of including cyberattacks under Article 5 argue that doing so might inadvertently escalate conflicts in the digital domain. Mandiant CEO Kevin Mandia (2023) notes that despite the fears expressed by NATO members, Russia appears to understand the level of cyber aggression that would trigger Article 5, as evidenced by their restraint during the Ukraine conflict. Expanding the scope of Article 5 might, therefore, lead adversaries to miscalculate their actions, inadvertently triggering a military response.</p><p>‍</p><p id="">Additionally, the attribution of cyberattacks is often difficult and time-consuming, making it challenging for NATO to respond swiftly and decisively in the event of an Article 5 invocation. This could lead to disagreements among member states, weakening the unity of the alliance and potentially undermining its effectiveness.</p><p>‍</p><p>‍</p><h2 id="">Possible Solutions</h2><p>‍</p><p id="">To navigate the complexities of the digital battlefield, NATO could consider clarifying the alliance's cyber deterrence policy: Fick contends that it is in NATO's "collective advantage to clarify and enforce how" the alliance responds to cyber incidents. By establishing well-defined thresholds and response mechanisms for cyberattacks, NATO can ensure that adversaries comprehend the consequences of their actions. Open communication and collaboration among NATO members are crucial for addressing differing opinions and developing a unified approach to cyber deterrence. Frequent discussions and joint exercises can aid member states in better understanding one another's perspectives, identifying areas of consensus, and bolstering their collective response capabilities.</p><p>‍</p><p id="">Instead of adopting an all-or-nothing strategy, NATO could contemplate creating a graded response framework for cyber incidents. This would allow the alliance to calibrate its reactions based on the severity and impact of the attacks, encompassing diplomatic condemnations, economic sanctions, and ultimately, military responses in the most extreme cases. Additionally, such a framework would offer flexibility in addressing the "middle" ground between nuisance attacks and serious incidents involving critical infrastructure or loss of life.&nbsp;</p><p>‍</p><p id="">For an effective response under Article 5, the accurate and timely attribution of cyberattacks is essential. NATO should invest in the development of advanced attribution capabilities and intelligence-sharing mechanisms, ensuring that its members can confidently attribute attacks to the responsible parties and hold them accountable for their actions. By stressing the significance of robust cybersecurity defences, NATO can incentivize its members to invest in and prioritise their national cyber capabilities. This approach would not only assist individual countries in better protecting themselves against cyber threats but would also contribute to the overall resilience and security of the alliance.&nbsp;</p><p>‍</p><p id="">The inclusion of cyberattacks under Article 5 of the NATO charter is a complex and contentious issue. While there are valid arguments both for and against this approach, it is clear that NATO must adapt to the evolving cyber landscape to protect its members effectively. By clarifying its cyber deterrence policy, fostering dialogue and cooperation among member states, developing a graded response framework, enhancing attribution capabilities, and encouraging members to strengthen their cybersecurity posture, NATO can better navigate the digital battlefield and safeguard the alliance's security in the digital age.</p><p>‍</p><p>‍</p><h2>Sources</h2><p>‍</p><div></div>

<p id="">As artificial intelligence (AI) continues to evolve at a rapid pace, its impact on our daily lives and the global economy is becoming increasingly profound. Two prominent figures at the forefront of technology, billionaire entrepreneur Bill Gates and Tesla CEO Elon Musk, have divergent opinions on the future of AI and its potential benefits and risks. This article will explore the perspectives of both visionaries, highlighting their thoughts on the role of AI and the precautions needed to ensure its responsible development.</p><p id="">‍</p><p id="">‍</p><h2 id="">Bill Gates: Embracing the AI Revolution</h2><p id="">‍</p><p id="">In a recent blog post, Bill Gates expressed his optimism about the future of generative AI systems, particularly OpenAI's ChatGPT. He envisions AI as a white-collar assistant that can transform various industries and boost productivity. According to Gates, AI has the potential to revolutionise fields such as medicine, education, and even climate change research.</p><p id="">‍</p><p id="">“Clearly there’s huge benefits to these things… what we need to do is identify the tricky areas,” said Gates.</p><p id="">‍</p><p id="">Gates acknowledges the risks associated with AI but believes that, with proper regulation and collaboration, these challenges can be mitigated. He is confident that the benefits of AI will significantly outweigh its drawbacks, ultimately leading to a more efficient, prosperous future.</p><p id="">‍</p><p id="">‍</p><h2 id="">Elon Musk and the Call for Caution</h2><p id="">‍</p><p id="">On the other hand, Elon Musk, along with other prominent figures like Gary Marcus, Steve Wozniak, and more than 1,800 signatories, has expressed concerns about the rapid development of AI. On March 22, The Future of Life Institute, a thinktank that coordinated this effort, called for a six-month pause on the development of AI systems more powerful than GPT-4.</p><p id="">‍</p><p id="">This group cites 12 pieces of research from various experts, including university academics and current and former employees of OpenAI, Google, and its subsidiary DeepMind. They argue that the potential risks of AI, such as biases in algorithms, loss of privacy, and the potential for misuse, must be carefully evaluated and addressed before moving forward with more powerful systems.</p><p id="">‍</p><p id="">Whilst the list of signatories on the open letter includes several prominent figures, inconsistencies have been observed, It criticises the deployment of powerful chatbot technology as rash, but also over-hypes their capabilities, drawing on the doom-mongering about AI and killer robots that have captivated the press and distracted from more nuanced, real-world risks.</p><p id="">‍</p><p id="">‍</p><h2 id="">Over-hyping AI Capabilities</h2><p id="">‍</p><p id="">The open letter criticises the deployment of powerful chatbot technology as rash, but at the same time, it over-hypes their capabilities. The letter seems to be drawing on the doom-mongering narrative about AI and killer robots that have captivated the press and distracted from more nuanced, real-world risks. This overemphasis on the potential dangers of AI could stifle innovation and progress in the field.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Road Ahead</h2><p id="">‍</p><p id="">Calls to pause the development of artificial intelligence will not “solve the challenges” ahead, Microsoft co-founder Bill Gates told Reuters, his first public comments since an open letter sparked a debate about the future of the technology.</p><p id="">‍</p><p id="">The technologist-turned-philanthropist said it would be better to focus on how best to use the developments in AI, as it was hard to understand how a pause could work globally.</p><p id="">‍</p><p id="">“I don’t think asking one particular group to pause solves the challenges,” Gates said on Monday.</p><p id="">‍</p><p id="">The rapid advancements in AI have undeniably led to increased concerns about the technology's impact on society. Worries over job displacement, surveillance, privacy, and even the potential for autonomous weapons have fueled calls for a moratorium on AI development. While these concerns are valid, Gates' position emphasises the importance of embracing AI's potential while working to mitigate its risks.</p><p id="">‍</p><p id="">The age of AI has indeed begun, and its potential to revolutionise our world and reduce global inequities is immense. As Bill Gates emphasises, now is the time for us to harness this technology and work together to ensure it is developed and deployed responsibly.</p><p id="">‍</p><p id="">The contrasting views of Bill Gates and Elon Musk highlight the ongoing debate surrounding AI's future. As the technology advances, it is crucial for governments, researchers, and industry leaders to collaborate in shaping responsible policies and guidelines.&nbsp;</p><p id="">‍</p><p id="">Despite the potential for AI to revolutionise our society, we must tread carefully. As we continue to develop AI technology, it is crucial to establish ethical frameworks, regulations, and international standards that ensure its responsible development and deployment. Collaboration between the public and private sectors will be essential in implementing these guidelines and ensuring that AI's benefits are distributed equitably while minimising its drawbacks.</p><p id="">‍</p><p id="">It is clear there will be continued debate between proponents of fast pace advancements and critics which oppose the new era of AI until the conditions seem “right for society”.&nbsp;</p><p id="">‍</p><p id="">‍</p><h2 id="">AI era is here: "AI's society occupied by humans"</h2><p id="">‍</p><p id="">History has consistently shown that a select few who control technological advancements often opt for self-serving choices, striving to gain an advantage over others. With the rapid rise of artificial intelligence (AI), it is only natural to approach the promises of philanthropists and capitalists advocating for an "advanced world that gives equal opportunities to all" with a sense of cynicism. However, if AI is employed to address societal issues, it could potentially help resolve the ethical challenges that arise from such advancements.</p><p id="">‍</p><p id="">The idea of using synthetic intelligence to solve ethical issues is riddled with contradictions and poses numerous legislative challenges. Early adopters of AI technology may be tempted to exploit its potential for capital gain and commercial advantage, outpacing less-equipped economies and further widening global disparities. As billionaires influence the narrative and governments scramble to assess the situation, the jury remains out on the role AI will ultimately play in our world.</p><p>‍</p><p id="">If AI can address the world's most critical and pressing issues, such as climate change and social inequality, the solution to these problems may already be here. By handing over the world's challenges to AI, we may find answers rooted in unemotional truth, free from human bias.</p><p id="">‍</p><p id="">This theory suggests that eliminating the human element from the equation, which is often driven by bias and self-interest, might be the key to solving global problems. If correct, it implies that the AI era has arrived, and the ethical implications of an "AI's society occupied by humans" will reshape our world.</p><p id="">‍</p><p id="">The rise of AI presents both a challenge and an opportunity. If we can successfully navigate the ethical dilemmas surrounding AI, we have the potential to create a world where artificial intelligence serves the greater good, promoting equality and addressing pressing global issues.</p><p id="">‍</p>

<p id="">The Australian government tells companies never to pay ransoms to cybercriminals like those that hacked Optus and Medibank, but most companies ignore that and pay up. There are no laws against it.</p><p id="">‍</p><p id="">According to a report by cybersecurity firm Kaspersky, almost 80 per cent of businesses globally that were hit with ransomware, where a hacker makes company systems or data inaccessible until a payment is made, complied with the demands. Almost 90 per cent of businesses previously hit would pay again.</p><p id="">‍</p><p id="">There are no explicit rules for companies on the Australian Securities Exchange to disclose whether they’ve paid a ransom. Instead, companies are bound by their obligation to disclose an event if it would have a material impact on the price their shares.</p><p id="">‍</p><p id="">Division 400 of the Criminal Code Act 1995 (Cth), which deals with money laundering, makes it an offence to deal with money or property where there’s a risk that it will become an instrument of crime, and you are reckless or negligent as to whether it will be used as an instrument of crime.</p><p id="">‍</p><p id="">Obviously, a hacker demanding ransom has already committed at least one crime, and it’s entirely possible they’ll use the ransom money to carry out further ransomware attacks – meaning there’s a risk the money will become an instrument of crime (even if, ultimately, the hacker ends up using the money for some non-criminal purpose).</p><p id="">‍</p><p id="">Duress is a possible defence here, if you can demonstrate that you believed the hacker’s threat would be carried out unless you paid the ransom; there was no reasonable way the threat could have been rendered ineffective; and the payment of the ransom is a reasonable response to the threat.</p><p id="">‍</p><p id="">‍</p><h2 id="">Should you pay the ransom?</h2><p id="">‍</p><p id="">The ACSC recommends that victims of ransomware do not pay the ransom. Their reasoning is that paying the ransom effectively funds criminal groups, and demonstrates a willingness to give in to criminal demands, which can incentivise these groups to continue deploying ransomware attacks.</p><p id="">‍</p><p id="">The ACSC also notes there’s no guarantee you’ll actually regain access to your systems and your data after paying the ransom. (The files may not be recoverable at all, if the attackers used ‘wiper’ malware, which sometimes masquerades as ransomware.) There’s also no guarantee the group won’t just turn right around and hit you with another ransomware attack – they could even provide you with a payment link that instals more malware onto your system.</p><p id="">‍</p><p id="">Another approach is to engage with law enforcement agencies and industry groups to share threat intelligence and collaborate on responses to ransomware attacks. For example, the Australian Cyber Security Centre (ACSC) works closely with law enforcement agencies, industry groups, and international partners to provide advice and support to Australian businesses affected by cybercrime.</p><p id="">‍</p><p id="">Surveys Suggest it is a difficult decision to refuse ransomware payments</p><p id="">‍</p><p id="">The Australian Cyber Security Centre (ACSC) received approximately 76 thousand cybercrime reports in the financial year 2022. The number of reports has increased in comparison to previous years, with approximately 67 thousand cybercrime reports filed in financial year 2021.</p><p id="">‍</p><p id="">In 2021 Colonial Pipeline experienced operational disruptions, as was hit with a ransomware attack that forced it to shut down its pipelines for days. Colonial paid a $US4.4 million ransom to restore their network. This was a major hit to national infrastructure assets by an organised Cyber Syndicate using ransomware tactics.</p><p id="">‍</p><p id="">Colonial Pipeline CEO Joseph Blount said that Colonial could have restored from backups, but opted to pay the ransom because of the critical nature of the pipelines and the uncertainty over how badly their systems had been breached and how long it would take to recover them.</p><p id="">‍</p><p id="">A majority of respondents (62 per cent) to CNBC’s Global CFO Council survey for Q2 2021 said that Colonial had “no choice but to pay the ransom”, although only five per cent said it was the “right” choice.</p><p id="">‍</p><p id="">A 2021 survey conducted by the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP), nearly one in three Australian businesses paid a ransom demand to cybercriminals following a ransomware attack. The survey found that 29% of the surveyed companies that were targeted by ransomware paid the ransom to regain access to their encrypted data. This highlights the ongoing threat posed by ransomware attacks to Australian businesses</p><p id="">‍</p>

<p id="">Zirilio's Lawrence Patrick says by the time we know cybercriminals are there, it's usually too late and the damage has been done.</p><p id="">‍</p><p id="">Despite that, many businesses underestimate cyber risks, and don't have a recovery plan in place.</p>

<p id="">China's Foreign Minister, Qin Gang, has issued a warning to Japan following Tokyo's decision to curb exports of semiconductor gear, aligning with the U.S.-led pact that aims to limit Chinese companies' access to advanced chip technology. Qin's statement during a meeting with his Japanese counterpart, Yoshimasa Hayashi, has generated significant discussion surrounding the ongoing tensions between the two nations.</p><p id="">‍</p><p id="">Tokyo recently announced that it would impose export restrictions on 23 types of equipment used in semiconductor manufacturing (Ministry of Economy, Trade and Industry, 2023). This move follows the Netherlands' decision in early March to expand restrictions on exports of advanced chipmaking technology, including cutting-edge deposition and immersion lithography tools (Reuters, 2023). These curbs are expected to affect the overseas sales of Dutch-based ASML Holding's most advanced immersion deep ultraviolet (DUV) systems.</p><p id="">‍</p><h2 id="">Qin's Warning and The Impact of Export Restrictions</h2><p id="">‍</p><p id="">In a meeting with Japanese Foreign Minister Yoshimasa Hayashi on April 2 in Beijing, Chinese Foreign Minister Qin Gang expressed China's displeasure with Japan's decision to limit semiconductor exports (China's Foreign Ministry, 2023). Qin cited the ancient Chinese proverb, "Do not do unto others what you don't want done unto you," to underscore China's disapproval of Japan's actions.</p><p id="">‍</p><p id="">The export restrictions imposed by Japan and the Netherlands are expected to hinder Chinese companies' ability to develop advanced semiconductors. The technology is essential for various industries, including artificial intelligence, telecommunications, and defence systems (Bloomberg, 2023). By limiting access to this technology, Japan and the Netherlands are effectively creating barriers for Chinese companies to compete in the global semiconductor market.</p><p id="">‍</p><p id="">Japan and the Netherlands' decisions to curb semiconductor exports align with the U.S.-led pact that aims to prevent Chinese companies from obtaining cutting-edge chip technology (The Japan Times, 2023). This move by Japan and the Netherlands represents an expansion of the ongoing technological and trade rivalry between the United States and China. It also highlights the increasing tensions between China and its neighbours in the Asia-Pacific region.</p><p id="">‍</p><p id="">China's warning to Japan over semiconductor export restrictions reflects the ongoing tensions between the two nations and the larger global landscape of technological competition. The export restrictions imposed by Japan and the Netherlands may have significant implications for Chinese companies' access to advanced semiconductor technology, potentially impacting various industries.</p><p id="">‍</p><p id="">‍</p><h2 id="">Sources</h2><div id=""></div><p id="">‍</p>

<p id="">In a recent interview with Mayank Sharma, an Asia-Pacific-based cloud security architect and cybersecurity consultant, we learned about the complexities of cloud migration, IoT cybersecurity, and the challenges organisations face in today's rapidly evolving technological landscape. As the EU Cyber Solidarity Act strengthens cybersecurity capacities, businesses worldwide must adapt to these changes and adopt AI systems and continuous training for ethical standards to integrate AI cloud and security systems effectively.</p><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">Sharma emphasised the importance of understanding the strategic need for IoT and developing comprehensive security strategies to protect against potential threats. He also stressed the need for organisations to create an AI strategy for the cloud, given the consequences of an out-of-control AI model. The key to mitigating these risks lies in secure development practices, using high-quality data for training AI models, and ensuring ongoing governance to maintain trust and minimise bias.</p><p id="">‍</p><p id="">The EU Cyber Solidarity Act, adopted on April 18, 2023, aims to support detection and awareness of cybersecurity threats and incidents, bolster preparedness of critical entities, and reinforce solidarity, concerted crisis management, and response capabilities across Member States. The Act establishes EU capabilities to make Europe more resilient and reactive to cyber threats, strengthening existing cooperation mechanisms, and ensuring a safe and secure digital landscape for citizens and businesses. In addition, the Act focuses on protecting critical entities and essential services, such as hospitals and public utilities.</p><p id="">‍</p><p id="">The Commission has also presented a Cybersecurity Skills Academy as part of the 2023 European Year of Skills to ensure a more coordinated approach towards closing the cybersecurity talent gap, a prerequisite to boosting Europe's resilience. This initiative underscores the importance of continuous training for ethical standards and integrating AI cloud and security systems while addressing the ethical and technical dangers of AI adoption in security without human oversight.</p><p id=""><em id="">"Today marks the proposal of a European cyber shield. To effectively detect, respond, and recover from large-scale cybersecurity threats, it is imperative that we invest substantially and urgently in cybersecurity capabilities. The Cyber Solidarity Act is a critical milestone in our journey towards achieving this objective." said Commissioner Thierry Breton.</em></p><p id=""><em id="">‍<br><br></em>The Commission has also proposed this week a targeted amendment to the Cybersecurity Act, to enable the future adoption of European certification schemes for ‘managed security services’.</p><p id="">‍</p><div id=""></div><p id="">‍<br><br>The EU Cybersecurity Act introduces an EU-wide cybersecurity certification framework for ICT products, services and processes. Companies doing business in the EU will benefit from having to certify their ICT products, processes and services only once and see their certificates recognised across the European Union.</p><p id="">‍</p><p id="">The global business landscape should take note of the EU's proactive approach to cybersecurity and AI adoption. As Sharma's insights and the EU Cyber Solidarity Act show, organisations must prioritise AI integration and IoT security strategies in their business models. Adopting robust policies on the ethical and technical aspects of AI in security systems is vital to minimise potential risks and ensure that AI-driven solutions are effective, secure, and ethical.</p><p id="">‍</p><p id="">Moreover, the EU's focus on human oversight in AI-driven security systems highlights the importance of striking a balance between technological advancements and ethical considerations. In a world where AI and IoT are rapidly transforming the way we live and work, businesses must invest in continuous training and education to stay ahead of the curve and ensure that their workforce is equipped to navigate the challenges that lie ahead.</p><p id="">‍</p><p id="">This year has seen an unprecedented acceleration in the adoption of AI-based critical systems, including AI security cloud technologies. The growing momentum in the market for regenerative AI continues to challenge legislators across the EU, Asia, and Western countries to establish international standards. Mayank Sharma's insights and the EU Cyber Solidarity Act demonstrate the value of embracing these standards and working towards cross-border legal recognition as a key success factor for AI adoption.</p><p id="">‍</p><p id="">Uniformity and cross-border legal recognition of AI standards can significantly enhance IoT security and ensure continuous training for ethical standards. By prioritising these aspects, organisations can better position themselves for success in an increasingly interconnected and complex digital world. The future of cybersecurity relies on a collaborative and forward-thinking approach that safeguards both our technological infrastructure and the ethical principles that underpin it.</p><p id="">‍</p><p id="">As AI adoption continues to grow and expand into new areas, businesses worldwide can learn from the EU's proactive approach to cybersecurity and AI regulation. By implementing a unified regulatory framework, countries can facilitate smoother international collaboration, enabling businesses to adopt AI technologies more easily and confidently.</p><p id="">‍</p><p id="">The insights shared by Mayank Sharma and the EU Cyber Solidarity Act provide valuable guidance for businesses and governments alike. By embracing international standards and prioritising a cohesive approach to IoT security and ethical training, organisations and nations can work together to navigate the challenges of the ever-evolving digital landscape. The future of cybersecurity depends on our collective ability to maintain a collaborative, forward-thinking mindset that ensures the protection of both our technological infrastructure and the ethical values that guide its development.</p><p id="">‍</p>

<p id="">As the cybersecurity landscape becomes increasingly complex, enterprises face the challenge of managing the vast amounts of data produced by their security tools. This has created opportunities for innovative startups like Avalor, which seeks to revolutionise the industry by unifying cybersecurity tools and consolidating data. Avalor's approach signifies a substantial opportunity in the security sector cloud for investors. Its recent funding accomplishments and the challenges it faces in a highly competitive market demonstrate the growing demand for cybersecurity innovation and highlight the escalating levels of investment in the cyber realm.</p><p>‍</p><p id="">The data dilemma in the cybersecurity sector is well-known among industry experts like Kfir Tishbi, former engineering team leader at Datorama, a marketing analytics firm acquired by Salesforce in 2018. Tishbi, who also has experience with CitiBank and digital entertainment startup Playtika, noticed that security teams often had to manage multiple tools, each with their distinct taxonomies and outputs, in order to meet project deadlines.</p><p>‍</p><p id="">Investors appear to concur with Tishbi's concerns, as Avalor recently announced a $25 million Series A funding round led by TCV, with support from Salesforce Ventures. This brings the startup's total funding to $30 million, including a $5 million seed round led by Cyberstarts in the previous year. Avalor's CEO, Raanan Raz, plans to utilise the new funding to expand operations in the US and Israel, primarily focusing on R&amp;D, product development, sales, marketing, and customer success teams.</p><p>‍</p><p id="">Avalor's platform is designed to serve as a single source of truth for cybersecurity assets, controls, identities, vulnerabilities, bugs, and other data points by consolidating, standardising, de-duplicating, and tracking risk data from identification to resolution. This approach allows security teams and their internal partners, such as CTOs, engineering, and IT departments, to gain real-time visibility into data sources with labelling and lineage. Additionally, Avalor applies business context to security data, enabling organizations to prioritise vulnerabilities based on their specific business needs, thereby reducing noise from security scanners.</p><p>‍</p><p id="">However, Avalor is up against fierce competition from other cybersecurity startups, such as Security and Dig Security. Security, backed by millions in venture capital, recently introduced a "data security cloud" aiming to provide a layer of data protection and transparency wherever data resides. Dig Security, conversely, creates tools to tackle remaining observability issues in security.</p><p>‍</p><p id="">Despite the competitive environment, Avalor's approach possesses several unique features that could distinguish it from its competitors. Its emphasis on data standardisation and de-duplication generates a single, cohesive source of truth for security teams, allowing them to make informed, data-driven decisions without being inundated by numerous alerts and conflicting information. This deviates from traditional manual data correlation and aggregation methods, which are labour-intensive and error-prone, resulting in gaps in comprehension and an inability to effectively prioritise threats and vulnerabilities.</p><p>‍</p><p id="">Another crucial aspect of Avalor's strategy is incorporating business context into security data, empowering organisations to prioritise vulnerabilities and threats based on their specific business requirements and risk tolerance. By connecting security data to relevant business assets, Avalor assists organisations in better understanding the potential impact of a given vulnerability or threat, enabling them to allocate resources and respond to risks more efficiently.</p><p>In spite of its innovative approach and recent funding triumphs, Avalor confronts challenges as it strives to make its mark in the cybersecurity market. The sector is highly competitive, with numerous established players and startups vying for customers and market share. Avalor must prove the efficacy of its platform, forge strong alliances with third-party security vendors, and ensure data quality to create a lasting impact.</p>

<p id="">Cybersecurity officials from the United States, United Kingdom, Australia, Canada, and New Zealand have collaboratively released a joint guide titled "Cybersecurity Best Practices for Smart Cities." This initiative aims to help communities balance the benefits of efficiency and innovation with the crucial aspects of cybersecurity, privacy protections, and national security.</p><p id="">‍</p><p id="">Smart cities have the potential to create safer, more efficient, and more resilient communities through technological innovation and data-driven decision-making. However, these opportunities also introduce potential vulnerabilities that could impact national security, economic security, public health and safety, and critical infrastructure operations. With the increasing cyber threat activity against operational technology (OT) systems globally, the interconnection between OT systems and smart city infrastructure expands the attack surface and heightens the potential consequences of compromise.</p><p id="">‍</p><p id="">Integrating public services into a connected environment can enhance the efficiency and resilience of the infrastructure that supports everyday life in communities. However, smart cities must thoroughly assess and mitigate the cybersecurity risks that accompany such integration. The joint guide provides an overview of these risks, including expanded and interconnected attack surfaces, information and communications technology (ICT) supply chain risks, and increased automation of infrastructure operations.</p><p id="">‍</p><p id="">ICT supply chain vulnerabilities, which may be intentionally developed by cyber threat actors for malicious purposes or unintentionally created through poor security practices, can lead to data theft, loss of confidence in the integrity of a smart city system, or a system or network failure through disruption of availability in operational technology. ICT vendors providing smart city technology should adopt a holistic approach to security by adhering to secure-by-design and secure-by-default development practices, which can decrease the burden on resource-constrained local jurisdictions and increase the cybersecurity baseline across smart city networks.</p><p id="">‍</p><p id="">To address these risks, the guide offers three recommendations to strengthen a community's cyber posture: secure planning and design, proactive supply chain risk management, and operational resilience. Secure planning and design strategies include enforcing multifactor authentication, implementing zero trust architecture, protecting internet-facing services, and timely patching of systems and applications.</p><p id="">‍</p><p id="">Proactive supply chain risk management recommendations involve setting clear requirements for software, hardware, and Internet-of-Things (IoT) supply chains, and thoroughly reviewing agreements with third-party vendors, such as managed service providers and cloud service providers.</p><p id="">‍</p><p id="">Operational resilience strategies, including workforce training and incident response and recovery plans, can prepare organisations to isolate affected systems and operate infrastructure with minimal disruption in case of a compromise.</p><p id="">‍</p><p id="">The joint guide exemplifies the strong collaboration among global cybersecurity agencies to provide timely and useful cyber risk management guidance, helping connected communities better protect their infrastructure and sensitive data while enjoying the benefits of smart city innovations.</p><p id="">‍</p><div id=""></div><p id="">‍</p><p>‍</p><h2 id="">Additional resources:&nbsp; </h2><p>‍</p><p id=""><em id="">See guidance on secure-by-design and secure-by-default development practices:</em></p><ul id=""><li id=""><a href="https://www.cisa.gov/resources-tools/resources/secure-by-design-and-default" id=""><em id="">Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default</em></a><em id=""> (CISA, NSA, FBI, ACSC, NCSC-UK, CCCS, BSI, NCSC-NL, CERT NZ, NCSC-NZ)</em></li></ul><p id=""><em id="">Visit </em><a href="https://www.cisa.gov/" id=""><em id="">CISA.gov</em></a><em id=""> for more information and follow us on </em><a href="https://www.twitter.com/cisagov" id=""><em id="">Twitter</em></a><em id="">, </em><a href="https://www.facebook.com/CISA/" id=""><em id="">Facebook</em></a><em id="">, </em><a href="https://www.linkedin.com/company/cisagov/mycompany/" id=""><em id="">LinkedIn</em></a><em id="">, </em><a href="https://www.instagram.com/cisagov" id=""><em id="">Instagram</em></a><em id="">.&nbsp;</em></p><p id="">Assistance / Where can I go for help?</p><p id=""><em id="">The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).</em></p><p id=""><br></p><ul id=""><li id=""><a href="https://www.cisa.gov/resources-tools/resources/secure-by-design-and-default" id="">Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default</a> (CISA, NSA, FBI, ACSC, NCSC-UK, CCCS, BSI, NCSC-NL, CERT NZ, NCSC-NZ)</li></ul><p>‍</p><div></div><p id="">‍</p>

<p id="">The Australian Securities and Investments Commission (ASIC) has called for financial institutions to enhance their strategies for dealing with scams, following a recent analysis that revealed over $550 million in scam losses for major bank customers during the last financial year. These losses affected more than 31,700 customers.</p><p>‍</p><p id="">The figures are derived from ASIC's Report 761, which assessed the methods employed by Australia's four major banks to prevent, detect, and respond to scams. These banks play a crucial role in scam prevention, detection, and response in Australia. The losses come as no surprise, as consumer advocate CHOICE indicated in September 2022 that various scams, including fake cryptocurrency investment schemes and romance scams, cost Australians over $2 billion annually.</p><p>‍</p><p id="">According to the ASIC report, the major banks' approaches to scam strategy and governance were inconsistent and less mature than expected. It also highlighted that banks had narrow and varying methods for determining liability, did not consistently support scam victims, and exhibited gaps and inconsistencies in detecting and stopping scam payments. The report emphasised that despite some emerging good practices, more work is needed to prevent customers from falling victim to scams.</p><p>‍</p><p id="">To help combat scams, ASIC Deputy Chair Sarah Court has urged financial institutions, telecommunication providers, digital platforms, and other organizations to collaborate in addressing the issue at its source. Initiatives like the Commonwealth Bank's NameCheck technology, which verifies account details for all transactions, can help reduce false billing scams and mistaken payments.</p><p>‍</p><p id="">However, the report also found that 96% of total scam losses were borne by bank customers, and banks only detected and stopped about 13% of scam payments. Reimbursement rates were low, ranging from 2 to 5% across individual banks. Court stated that banks need to reconsider their methods of engaging with and supporting scam victims to alleviate distress and help them manage the situation more effectively.</p><p>‍</p><p id="">'Australia's big four banks have invested significantly in their anti-scam efforts over the last several years and have implemented a number of innovative and positive initiatives, including some recently implemented following the conclusion of ASIC’s review. However, the increasing prominence of scams means that there is still more to be done', said Ms Court.</p><p>‍</p><p id="">'We’d like to see the banks take steps to evolve their scam management practices, including how they inform and educate customers and help them through what is a distressing time.'</p><p>‍</p><p id="">Consumer advocacy groups like the Consumer Action Law Centre and Choice are calling for the government to mandate reimbursements, similar to the approach taken in the UK. ASIC hopes that the report's findings will encourage financial service businesses, telecommunication providers, digital platforms, and other organisations to develop consumer-focused scam management practices and strategies.</p><p>‍</p>

<p id="">Platform providers are battling for dominance as the mass migration to the cloud continues at pace. But Australian businesses are struggling to fully shift to the public cloud, with security a major concern.</p><p id="">‍</p><p id="">Data security is a challenge Cloudera's Renee Divr is tracking as well, saying it's an additional struggle to consolidate and govern data on different cloud systems. Oracle's Chris Chelliah is keeping an eye on the opportunities of migration as the cloud gets "closer and closer to the edge." </p><p id="">‍</p><p id="">To make it to the edge, HCL Technologies' Michael Horton warns Australia needs over 200,000 additional IT workers, and to ensure the transition happens safely. So which office cloud platforms are winning the race, and how is the struggle for data security helping and hindering cloud adoption?</p>

<p id="">The ACCC will examine the expanding ecosystems of digital platform service providers in Australia as part of its’ five-year <a href="https://www.accc.gov.au/focus-areas/inquiries-ongoing/digital-platform-services-inquiry-2020-25" id="">Digital Platform Services Inquiry</a>.</p><p>‍</p><p id="">Large digital platform service providers, like Alphabet (Google), Amazon, Apple, Meta (Facebook) and Microsoft, continue to invest heavily across different sectors and technologies, creating a web of interconnected products and services.</p><p>‍</p><p id="">“Australian consumers and businesses are increasingly reliant on the products and services offered by digital platforms so it’s crucial we examine how these companies are expanding their reach,” ACCC Chair Gina Cass-Gottlieb said.</p><p id=""><br></p><figure class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c29209272_gT-Pp8rJBFz52es6QIjJEbNY6oeyGPpprzJ1OD52FgkQCbTHv7LNCuy3rBcHqExOeiOeu9RNXGu32CqRMeP4VddkfOMLdek8CFGQcGsoZpHvS9JwEQBk1w-w8jrLPed3sa5QeV0txGVA6dq4uvJWYUo.png" id="" width="auto" height="auto" loading="auto"></div><figcaption><strong id=""><em id="">Selection of the different sectors and technologies Alphabet, Amazon, Apple, Meta and Microsoft have expanded into in Australia over the past decade. - ACCC</em></strong></figcaption></figure><p>‍</p><p>‍</p><p id="">The Australian Competition and Consumer Commission's (ACCC) Digital Platforms Branch is conducting a five-year inquiry into markets for the supply of digital platform services and their impacts on competition and consumers. The inquiry has focused on the dominant players in the market, including Google, Amazon, Apple, Meta, and Microsoft.&nbsp;</p><p>‍</p><p>‍</p><h2 id="">Google:&nbsp; ACCC&nbsp; inquiry on market dominance in the search engine market in Australia</h2><p>‍</p><p id="">The ACCC is examining the use of its market power to favour its own products and services over competitors. In December 2021, the ACCC released a draft code of conduct for digital platforms, which includes a range of measures aimed at promoting competition in the search engine market.</p><p>‍</p><p>‍</p><h2 id="">Amazon:&nbsp; Examining behaviour and dominance in the online retail market.</h2><p>‍</p><p id="">In March&nbsp; 2022, the ACCC released a draft code of conduct for digital platforms, which includes a range of measures aimed at promoting competition in the online retail market. The code includes provisions requiring digital platforms to provide users with a choice of online marketplaces and to ensure that third-party sellers have access to the same data and tools as the platform's own retail operations. The code is currently open for public consultation.</p><p>‍</p><p>‍</p><h2 id="">Apple: The inquiry focused on Apple's dominance in the app store market</h2><p>‍</p><p id="">In December 2021 and September 2022, the ACCC released a draft code of conduct for digital platforms, which includes a range of measures aimed at promoting competition in the app store market. The code includes provisions requiring digital platforms to provide users with a choice of app stores and to ensure that third-party developers have access to the same tools and data as the platform's own apps</p><p>‍</p><p>‍</p><h2 id="">Meta:&nbsp; Reviewing its dominance and behaviour in the social media market</h2><h2>‍</h2><p id="">In December 2021, the ACCC released a draft code of conduct for digital platforms, which includes a range of measures aimed at promoting competition in the social media market. The code includes provisions requiring digital platforms to provide users with a choice of social media platforms and to ensure that third-party developers have access to the same data and tools as the platform's own services</p><p>‍</p><p>‍</p><h2 id="">Microsoft: Commission examined&nbsp; the expansion strategies and how this has affected interoperability of products and services across ecosystems</h2><p>‍</p><p id="">In September 2022, the ACCC released a draft code of conduct for digital platforms, which includes a range of measures aimed at promoting competition in the desktop operating system market. The code includes provisions requiring digital platforms to provide users with a choice of operating systems and to ensure that third-party developers have access to the same tools and data as the platform's own services. The code is currently open for public consultation.</p><p>‍</p><p>‍</p><h2 id="">Updates</h2><p>‍</p><p id="">In summary the most significant reports released throughout this inquiry&nbsp; program conducted by the ACCC were published on 28 October 2021, with the release of the <a href="https://www.accc.gov.au/publications/serial-publications/digital-platform-services-inquiry-2020-2025/digital-platform-services-inquiry-september-2021-interim-report" id="">third interim report</a> of the Digital Platform Services Inquiry, which examined market dynamics and consumer choice screens in search services and web browsers. The <a href="https://www.accc.gov.au/publications/serial-publications/digital-platform-services-inquiry-2020-2025/digital-platform-services-inquiry-march-2022-interim-report" id="">fourth interim report</a> for the Digital Platform Services inquiry, which examined general online retail marketplaces, released in April 2002. And on 11 November 2022, when the <a href="https://www.accc.gov.au/publications/serial-publications/digital-platform-services-inquiry-2020-2025/digital-platform-services-inquiry-september-2022-interim-report-regulatory-reform" id="">fifth interim report</a> was released with recommendations, on a range of new measures to address harms from digital platforms to Australian consumers, small businesses and competition.</p><p id="">Overall, the ongoing ACCC inquiry has continued to highlight the significant market power held by dominant players in the digital platform industry in Australia. The inquiry has identified a range of concerns regarding the competition in these markets and the impact on consumers.</p><p>‍</p>

<p id="">The escalating competition for advanced AI technology between American and Chinese tech sectors is prompting concerns regarding its potential impact on governance, legislation, and society. The progress made in 2023 alone has generated significant media attention and commercial interest from billionaires and Wall Street investors to legislators in Washington and Beijing. We explore the potential negative outcomes and foreign policy implications that may emerge if AI developers collaborate with unethical media leaders to promote political agendas.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:762px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="762px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092a1_aVfOUc3m5hAU7I1XdqZbEPzqKNgb292aTQ_jzBLRFrK8lFHTRr1tw7p1vbxOE2i2O2aAM47cODUo4OmFFdBWbvwvSM5wwJxpGaXDww0wHZuniHLAGvAq9s4CavHDZuiqZdZ0jx9kTI-v3wtIA44F4x8.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">The rapid acceleration and increasing sophistication of AI-assisted media publications could potentially sway public opinion, intensify political tensions in the Pacific, and contribute to the decline of foreign relations among the "Five Eyes" countries, Japan, and China. It is not unreasonable to envision the potential repercussions of AI-generated technology being utilised for nefarious political purposes, resulting in misinformation and foreign interference through deep fakes and bot-driven news publications. This could transform AI into digital and cyber weaponry for disseminating disinformation and waging cyber warfare.</p><p id="">‍</p><p id="">In the context of the unstable and rapidly changing geopolitical landscape, these developments could escalate without proper diplomatic and industry "guardrails" and potentially be employed for military engagement. This may trigger a new wave of regional conflict, with the possibility of extending across the entire Pacific. Moreover, the same technology capable of generating university plans could, if misused, be repurposed as a cyber-technology weapon with boundless catastrophic consequences.</p><p id="">‍</p><p id="">The rate of AI adoption we are currently experiencing has outpaced the expectations of many academics and governments. We provide an overview of the urgency needed to garner widespread understanding of the necessity for additional development and adoption treaties and legislation. This framework can help evaluate the capacity of generative AI to address complex issues, provided that international standards and bipartisan support are in place to establish a unified approach to concepts and definitions.</p><p id="">‍</p><p id="">‍</p><h2 id="">AI Race: The United States and China</h2><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:862px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="862px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092a5_vcSvFAgIBl4R2OEnRIpRpPxFsztGkPTEbUp3ovzIGupwuvTFiJ8gMnlsezHI40qQJa4pc0LL43NwE3y_r50nUMU4JYNZRfA_02yM43TM7ngG3OeUoFJOgbB2_MgotvcnRL0KG1jXSnBNfjpsDSqGNjA.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">The AI race between the United States and China is heating up, with significant developments on both sides. In the United States, Elon Musk has announced plans to create "TruthGPT," an AI that seeks the truth and the nature of the universe. Meanwhile, in China, Alibaba's Cloud unit unveiled its Tongyi Qianwen AI model on April 18th, which aims to be integrated across the company's various businesses.</p><p id="">‍</p><p id="">On April 18th, Alibaba's Cloud unit unveiled its Tongyi Qianwen AI model, joining the ranks of Chinese tech companies launching their own AI offerings. This model, based on Alibaba's proprietary pre-trained model framework called Tongyi, will be integrated across various sectors, including enterprise communication, intelligent voice assistance, e-commerce, search, navigation, and entertainment. Alibaba's CEO Daniel Zhang emphasises the importance of generative AI and cloud computing for businesses to stay competitive in the rapidly evolving tech landscape.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:580px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="580px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092a3_1bYOG5n6Ae1zzag5gZsQ1HO9rTu5o9k5S__qHuHpjM9zhkv_gCaYVEobAaOihPrE8ZmEGeQxwUE8wOZ8weD4fhkGmOJlZdc3jJvodhR2yDW15XxMrFjKh7lV-S8zZjluFvwP6bM4oEcPGbZbOCCyJtY.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id=""><strong id=""><em id="">Alibaba says its AI model Tongyi Qianwen will be rolled out across its business units, with the technology first deployed on DingTalk, its digital collaboration workplace, and voice assistant Tmall Genie. Nikkei ASIA</em></strong></figcaption></figure><p id="">‍</p><p id="">The new AI model will be integrated across the company's businesses, spanning enterprise communication, intelligent voice assistance, e-commerce, search, navigation and entertainment, said Daniel Zhang, Chairman and CEO of Alibaba Group and head of Alibaba Cloud Intelligence.</p><p id="">‍</p><p id="">Chinese search engine giant Baidu has also unveiled its own ChatGPT-rival, Ernie Bot. This announcement follows similar AI development plans from artificial intelligence group SenseTime and internet security company Qihoo 360. The growing number of AI foundation models being developed by Chinese tech companies highlights the country's commitment to AI acceleration and its quest for AI supremacy.</p><p id="">‍</p><p id=""><em id="">"We are at a technological watershed moment driven by generative AI and cloud computing, and businesses across all sectors have started to embrace intelligence transformation to stay ahead of the game," Zhang said.</em></p><p id="">‍</p><p id="">‍</p><h2 id="">Government Involvement and Legislation</h2><p id="">‍</p><p id="">With rapid advancements in AI technology, governments worldwide are grappling with the need for new legislation to address potential ethical concerns and social implications. Following Alibaba's AI announcement, China's top cyberspace watchdog proposed a rule to regulate generative AI, which is now open for public consultation until May 10th. This move highlights the growing importance of AI regulation and the critical path for legislators to address potential risks and challenges.</p><p id="">‍</p><p id="">As AI technologies advance, the potential pathways for their impact on population bias become increasingly complex. This complexity amplifies the challenges faced by governments and legislators, as they must navigate the implications of AI-generated content, disinformation, and cyber threats. The increasing prevalence of nation-sponsored artificial social content and fake news has the potential to saturate popular channels and distort public opinion, leading to instability and biased perspectives.</p><p id="">‍</p><p id="">‍</p><h4 id="">Possible Pathways and Impact on Population Bias</h4><p id="">‍</p><p id="">The race for AI supremacy between American and Chinese tech companies presents multiple possible pathways for Chat AI owners and&nbsp; developers. It will be legislators, academics and defence strategists that will find themselves contending with the immense challenge where culture is shaped by technology, and social media technology will be driven by synthetic intelligence. </p><p id="">‍</p><p id="">The Pathways that will create unforeseeable Impact on Population Bias, will amplify the&nbsp; challenges ahead for governments and legislators, which in some cases&nbsp; are only steps away from greater national threats with disinformation and misdirection, escalating to hybrid threats&nbsp; with the unidentifiable amount of cyber threats, spy activity driven&nbsp; by artificial intelligence and nation sponsored artificial social content embedded generated with fake news and media airways that can saturate popular content channels.&nbsp;</p><p id="">‍</p><p id="">The results of escalating dangers with the potential for unhinging the information weapons against society via a “news rogue“ producer that will harness untruth based on computational guidelines based on threat actors or Nations sponsored agenda to cause AI news will can lead to instability and population bias can become devastating and disharmonize National and foreign affairs to almost warlike levels</p><p id="">‍</p><p id="">As companies develop AI systems with differing cultural and political biases, there is potential for these systems to shape public opinion and perpetuate biases. This makes it crucial for developers to consider ethical implications and promote transparency in their AI models to minimise the risk of perpetuating biases and misinformation.</p><p id="">‍</p><p id="">‍</p><h4 id="">Potentially Harmful Pathways and International Policy Ramifications</h4><p id="">‍</p><p id="">As the progress of AI hastens, anxiety increases regarding the potential harmful paths that could arise if Chat AI developers collaborate with dishonest media and political figures to advance political objectives. This utilisation would have no limits and could permit AI integration into defence and applied technologies, including both chemical, biological, radiological, and nuclear (CBRN) and advanced tactical weaponry. The growing attraction to this novel intelligence for enhancing applied defence technologies bears the innate risks of a double-edged sword.</p><p id="">‍</p><p id="">The possibility of "rogue news" creators exploiting falsehoods based on algorithmic principles or state-sponsored plans poses a considerable danger to societies across the globe. Under these circumstances, AI-supported media outlets might contribute to public prejudice and increased political strain in the Pacific region. </p><p id="">‍</p><p id="">There is a concern that such systems will sway public sentiment and reinforce biases, potentially worsening the decline of foreign relations involving the Five Eyes nations, Japan, and China. Furthermore, AI-created deep fakes and bot-generated news content could evolve into digital and cyber armaments, resulting in a surge of disinformation and cyber conflicts. The spread of AI-driven news could lead to instability and heightened public prejudice, possibly damaging both domestic and international affairs while escalating tensions to perilous extremes.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:493px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="493px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092a2_nMK1U_uKIxX3TyfqH79WweOYt-yIstvPxvHxNaX5K1DudQgM2efa6eNgi_D4o7De8wArMUXCF_xrjh_kJuJHv2f1iPcgCsoyS8Zn15wnVFciUIuzAKDWHuV0yGlFlncg97guRKibbUeNXsd_CXkllsE.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><h2 id="">A new era of Intelligence becoming central to weapon and defence policy</h2><p id="">‍</p><p id="">As recently as June 2022 Kathleen H Hicks Deputy Secretary of Defense , reiterated department of defence (DOD), new implementation of responsible AI (RAI), and setout frameworks towards strategy and processes for warfighting capabilities to support DOD AI ethical procedures.&nbsp;</p><p id="">‍</p><p id="">Speaking virtually to the opening of the Defense Department's Artificial Intelligence Symposium and Tech Exchange, Hicks said DOD's operators must come to trust the outputs of AI systems; its commanders must come to trust the legal, ethical and moral foundations of explainable AI; and the American people must come to trust the values DOD has integrated into each of its applications.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:787px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="787px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092a4_HTNfXxQaElFnZYSP4EZOS0qLyuA46K73dCwKc14ewly7lXrrIMbHCapws6vV6qNV4hG3cQlSMGq-RXBK-4fjNlRd3Yg5MInHqz6OijUeJlQvTIbK-p2JdPHOTmxfeYIYLT0KCmJzBfkKRM7b5U3zHW4.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id="">DOD News June 2022</figcaption></figure><p id="">‍</p><p id="">The deputy secretary said she recently set forth a series of data decrees for DOD that will help the U.S. achieve the AI superiority it needs.</p><p id="">‍</p><p id=""><em id="">"We will ensure that DOD data is visible, accessible, understandable, linked, trustworthy, interoperable and secure. To do so, I have directed key initial steps to ensure the department treats data as a strategic asset," she said, adding these steps set DOD on a solid foundation — both ethically and organizationally,”</em>said Hicks.</p><p id="">‍</p><p id=""><a href="https://www.darpa.mil/work-with-us/ai-next-campaign" target="_blank" id="">Defense Advanced Research Projects Agency (DARPA)</a>, a division of the United States Department of Defense responsible for developing cutting-edge technologies for military use, is currently grappling with the challenge of creating trustworthy AI technology in various areas. These include next-generation AI programs for implementing advanced machine learning to enable facial recognition and autonomous vehicles in tactical warfare conditions, as well as high-performance AI for deployment in data centres and on the battlefield to accelerate strategic decision-making and assess possible military situations.</p><p id="">‍</p><p id="">DARPA is also exploring the transition from second-wave machine learning techniques to those with contextual reasoning capabilities, allowing machines to evolve from mere tools to genuine partners. This shift, however, presents a technological challenge in ensuring reliable trustworthiness and treating machine learning as self-reasoning synthetic sentience, creating an unavoidable dilemma at the intersection of technical and ethical principles, especially when considering the potential for AI to influence tactical decisions in conflict situations.</p><p id="">‍</p><p id="">In the Asia-Pacific region, major powers are embracing AI technology as a new resource to form part of military deterrence to enhance strategic capabilities, ensure national security, and maintain international stability. Both the United States and China are in a race for military technological modernization. China has committed to comprehensively modernise its military theory, organisation, personnel, and weaponry, aiming to achieve national defence and military modernization by 2035 and build a world-class army by mid-century.</p><p id="">‍</p><p id="">In 2019, China's Information Office of the State Council highlighted that the Asia-Pacific region has become a focal point for major power competition, increasing uncertainty in regional security. The United States has reinforced its military alliances in the region and expanded its military presence and intervention, adding complexity to Asia-Pacific security. The deployment of the THAAD anti-missile system by the US in South Korea has significantly disrupted the regional strategic balance and harmed the strategic security interests of regional nations.</p><p id="">‍</p><p id="">During the 20th National Congress of the Chinese Communist Party (CCP) on October 16, Xi Jinping discussed how China will expedite the development of a world-class military. The PLA aims to capitalise on advanced technology, focusing particularly on the use of unmanned weapons and artificial intelligence. To achieve this, China is committed to implementing Xi Jinping's thinking on strengthening the military, his military strategic concepts, and promoting the integration of mechanisation and informatization while accelerating the development of military intelligence.</p><p id="">‍</p><h2 id="">‍</h2><h2 id="">AI Technology: The Next Wave of Military Deterrence in Pacific Superpowers</h2><p id="">‍</p><p id="">During the 20th National Congress, Xi Jinping highlighted China's focus on "intelligent" (智能化) weapon systems based on artificial intelligence, mentioning the term three times. In July 2019, the Information Office of the State Council released the white paper "<a href="http://www.gov.cn/zhengce/2019-07/24/content_5414325.htm" target="_blank" id="">China's National Defense in the New Era</a>," ", which reaffirms China's commitment to accelerating the construction of cyberspace forces, vigorously developing cybersecurity defence methods, and building a cyberspace defence force commensurate with China's international status and compatible with its ambitions as a cyber power.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-fullwidth" style="max-width:1028px" data-rt-type="image" data-rt-align="fullwidth" data-rt-max-width="1028px"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092a7_wAxwFKEpIwnpSznZXOXHPwfzz9nnh8WnkXaHWvvqg4asUXfnw-QS8Zxu6__Q5BJwgyecRcDmMSaiD1UY_1AS4-TYAcgQOY_m2gIgGQJl6dAsy1UAMYY2sQcVwjg6I-PXyTOv3MHjZXSyYbFIp2vs510.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">Researchers from the National Institute for Defense Studies in Japan have been examining the new cyber and space domains attracting attention from the People's Liberation Army (PLA), confirming China's military-civil fusion strategy aimed at leveraging science and technology for military purposes. China's cyber strategy is ambitious, with the Xi Jinping administration actively promoting the diffusion of information technology across Chinese society. The PLA is pursuing informatization in this context, recognizing the crucial role cyberspace plays in "informatized warfare."</p><p id="">‍</p><p id="">China's cyber strategy has evolved alongside the PLA's informatization, which refers to the incorporation of information and communication technology (ICT) into the military and connecting military services. China believes it can surpass the U.S. military in this domain. At the 19th Party Congress in 2017, Xi insisted China would build a world-class military by the middle of this century.</p><p id="">‍</p><p id="">The AI race is driving advancements in defence technologies, with both the United States and China seeking a competitive edge in industrial defence. The integration of AI intelligence into defence and tactical warfare may result in hybrid warfare designed by military strategists, aiming for military and geopolitical superiority in the Pacific and among NATO allies. </p><p id="">‍</p><p id="">The potential involvement of Silicon Valley and Chinese AI companies in the development of AI systems for weapons and defence systems, including increased adoption in AI systems for cyber command activities, underscores the need for caution and regulation.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Potential Role of AI in Pacific Conflicts and the Importance of Establishing Guardrails</h2><p id="">‍</p><p id="">During a speech in Washington in 2022, Foreign Minister Penny Wong made a plea to China for a joint strategic framework with the United States.&nbsp;</p><p id="">‍</p><p id="">Without ethical guidelines and guardrails for the development and deployment of AI in defence technology, the risk of spiralling AI-driven conflicts increases.&nbsp;</p><p id="">‍</p><p id="">In the PLA’s glossary of military terms, information operations are defined as: “integrating modes such as electronic warfare, cyber warfare, and psychological warfare to strike or counter an enemy to interfere with and damage the enemy’s information and information systems in cyberspace and electromagnetic space.</p><p id="">‍</p><p id="">It is likely that technology warfare exercises would be used as the first stage in military readiness, using satellite, radio communication interference technology, unmanned navy vessels, and drones to initiate the first phase of armed threat strategies. The acceleration of strategic decision-making through predetermined systems and proximity signalling could inadvertently create a posture of war in the Pacific.</p><p id="">‍</p><p id="">As recently as October 2022,&nbsp; China reaffirmed in its latest defence paper its commitment to uphold&nbsp; and Safeguard national territorial sovereignty and maritime rights and interests. Outlined as one their military objectives is the East China Sea, the South China Sea, the Yellow Sea to guard and defend, keep abreast of the surrounding maritime situation, organise joint maritime rights protection and law enforcement, properly handle sea and air situations, and resolutely respond to maritime security threats and infringements and provocations</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092a8_V6RDVryrETKlCG_6BpywmbT07wu7qJVtzOYAOhejDuGeN9V5IvHMXwQrkgSmLQ3Q_DJrgDC4QdDTRorA36Sl_rm8bwog422kGK-ijzKBXef_qBRzXtT2X_ZpMUWIn7oqqNaGUeV3qqaKys_PXe92E3o.png" id="" width="auto" height="auto" loading="auto"></div></figure><p id="">‍</p><p id="">Based on China’s strategy, experts suggest the initial stages of a gradual conflict could occur in the South China Sea region, with the potential for armed conflict resulting in various territorial justifications, such as China's efforts to reabsorb Taiwan and the US government's possible naval blockade. </p><p id="">‍</p><p id="">This blockade would likely lead to a series of regional sub-conflicts across the South China Sea and adjacent territories.</p><p id="">‍</p><figure id="" class="w-richtext-figure-type-image w-richtext-align-center" data-rt-type="image" data-rt-align="center"><div id=""><img src="https://cdn.prod.website-files.com/647533a76457864c2920901f/647533a76457864c292092a6_83fpEzXpPaD_MGhovxaIQMeCvKruHFFHwGU-TPdKWXJbKcsM5taP4do_NyiS-257QKM2Rjb9TAWdRO5A1e8bEF_I8M0NdOq8uI2M9khh_qUZtjOh9JT7SiYFleY1ut3MNKAQuU8WEKS4gkHdCP9jKXs.png" id="" width="auto" height="auto" loading="auto"></div><figcaption id=""><strong id="">Image of US and Australian Navy:&nbsp; RIMPAC</strong></figcaption></figure><p id="">‍</p><p id="">Given this potential scenario, it is urgent to establish international treaties and agreements to disclose and agree on the interpretation of AI purpose in national defences and understand strategies to mitigate risks on inadvertent computerised intelligence managing or influencing military decision or activation of frontline assets. Without a security technology framework in place, the unchecked development of AI could contribute to a spiralling out-of-control threat from AI, machine learning, digital, and armed threats.</p><p id="">‍</p><p id="">According to China’s defence&nbsp; whitepaper - it recognises the principles of non-conflict, non-confrontation, mutual respect, and win-win cooperation, it said “China actively and steadily handles military relations with the United States, and strives to make the relationship between the two militaries a stabiliser for the relationship between the two countries. Contribute to U.S. relations”</p><p id="">‍</p><p id="">While the idea of competitive coexistence could work, it would require regular meetings between US and Chinese officials to discuss differences and clarify their respective red lines. However, Beijing is not keen on specific guardrails, as it fears that these would legitimise US behaviour it regards as provocative. It does not want to manage incidents in the South China Sea, for example; it just wants the US out of the area.</p><p id="">‍</p><p id="">Given the collapse of trust between China and the US and the fundamental differences that now define that relationship, a framework to help manage the risks inherent in competition is the very best we can hope for</p><p id="">‍</p><p id="">The AI race between the United States and China has significant implications for governments, legislation, and society. Although the notion of self-restraint is not often reciprocated by Beijing, diplomacy and reassurance must accompany deterrence and the hardening of our economies and societies if competition is to exist within peaceful bounds. It is crucial to establish international treaties and agreements to establish guardrails on AI development and integration into defence technologies to mitigate the potential for AI-driven conflict escalation.</p><p id="">‍</p><p id="">As AI continues to advance rapidly, governments and legislators must address the potential risks and challenges posed by these technologies, ensuring that AI development serves the greater good rather than perpetuating bias, disinformation, and political tension.</p><p id="">‍</p><h2 id="">Sources</h2><div id=""></div><p id="">‍</p>

<p id="">The Australian Communications and Media Authority (ACMA) has been working tirelessly to combat scams, spam, and telemarketing in Australia. In the October to December 2022 period, the ACMA has taken a range of actions to protect Australians from these types of activities.</p><p id="">‍</p><p id="">Scams continue to be a major problem in Australia, with reports to the ACMA increasing by 8% in the last quarter. The most common types of scams reported were investment scams, phishing scams, and romance scams. To combat these scams, the ACMA has been working closely with other government agencies, telecommunications providers, and financial institutions.</p><p id="">‍</p><p id="">One of the key actions taken by the ACMA during this period was the blocking of 34 websites associated with investment scams. These websites were found to be promoting fraudulent investment opportunities, and were targeting Australian investors. By blocking these sites, the ACMA is helping to prevent Australians from falling victim to these scams.</p><p id="">‍</p><p id="">‍</p><h2 id="">Key Actions</h2><p id="">‍</p><p id="">Telcos blocked over 155 million scam calls and over 40 million scam SMS in the quarter. This brings the total to 955 million scam calls blocked (since December 2020) and 90 million scam SMS blocked (since July 2022).</p><p id=""> </p><p id="">Investbybit Pty Ltd penalised $2 million for breaches of the Spam Act. Businesses have paid $6.3 million in penalties for breaching spam and telemarketing rules in the last 18 months.</p><p id="">‍</p><p id="">Telco Circles.Life penalised $200,000 and offered compensation of over $100,000 to its consumers after failing to have multifactor ID checks in place to prevent scammers accessing mobile accounts.</p><p id="">‍</p><p id="">The ACMA has also been working to raise awareness of scams, by launching a new campaign aimed at young people. The campaign, called "Scam Savvy", encourages young people to be cautious when sharing personal information online, and to be aware of the signs of scams. The campaign includes a series of videos and social media posts, and has been widely shared on social media platforms.</p><p id="">‍</p><p id="">Spam continues to be a major problem in Australia, with the ACMA receiving over 18,000 reports of spam in the last quarter alone. To combat spam, the ACMA has been working with telecommunications providers to block spam calls and messages, and to identify and take action against spammers.</p><p id="">‍</p><p id="">During this period, the ACMA also took action against a number of telemarketing companies that were found to be breaching the Do Not Call Register. These companies were fined a total of $268,000 for making unsolicited telemarketing calls to Australian consumers who had opted out of receiving such calls.</p><p id="">‍</p><p id="">The latest announcement by ACMA's actions on scams, spam, and telemarketing during the October to December 2022 period demonstrate its commitment to protecting Australians from these types of activities. By taking a range of actions, including blocking fraudulent websites, launching awareness campaigns, and taking enforcement action against offenders, the ACMA is helping to make Australia a safer place for consumers. However, it is important for individuals to remain vigilant and to report any suspicious activity to the ACMA, Scamwatch, or the police.</p><p id="">‍</p><p id="">The Australian Communications and Media Authority announced earlier in February announced The Latest report outlining the 2022 to October December accident scams actions and scams activity ordered on activity audits on TuneIn organise communication organisations and telecom companies.</p><p id="">‍</p>

<p id="">Since its release, ChatGPT has caused people’s jaws to drop in new and exciting ways - businesses, experts, and even its creators, ‘OpenAI’ have been amazed by its capability. However, unlike most big tech start-ups who ride their hype, OpenAI seems intent on sharing their newfound success with the rest of the world. Only time will tell whether this leads to another hyperscaling tech giant such as Google, Meta, or Amazon - or perhaps even one platform to rule them all.</p><p id="">‍</p><p id="">For the meantime we can get a glimpse of how ChatGPT might change the world by looking at 5 new businesses utilising OpenAIs new API:</p><p id="">‍</p><p id="">‍</p><h2 id="">Consensus</h2><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">Ever wanted to feel like a researcher or doctorate graduate without doing a single hour of work? Well you can’t, but at least now you’ll be able to complete your incredibly expensive degree with half the hassle. Consensus AI takes ChatGPT and plugs it into a network of evidence based research papers.</p><p id="">Consensuses’ mission is to “use AI to make science accessible and consumable for all” and “democratise scientific evidence and make the world a better place, by making it a more informed place.”</p><p id="">‍</p><p id="">Hopefully this will allow students to cut down on time taken for research and exhaustive sourcing, and sometimes even money; if they find the right report faster they don’t have to purchase as many.</p><p id="">‍</p><p id="">‍</p><h2 id="">Magical</h2><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">Magical AI, another popular app, is known for its ability to generate creative content. By analysing large datasets, the app can produce original and engaging content for businesses and social media influencers.&nbsp;</p><p id="">‍</p><p id="">But its use doesn’t stop there. It can also be used to cut out the stress lots of workers get when writing messages or emails. That’s right, now you don’t have to sit at your desk for 30 minutes wondering if you missed any email etiquette to a colleague, or waste time thinking about what to write when sending a message to someone.</p><p id="">‍</p><p id="">Now, it could be argued that ChatGPT can already do this, but Magical takes it a step further by adding a chrome extension and analysing a much stricter dataset to serve up much better replies on average.</p><p id="">‍</p><h2 id="">Chatfuel</h2><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">Chatfuel AI and Castmagic AI are two apps that are revolutionising the way businesses interact with their customers. By providing personalised recommendations and support, these apps are helping businesses increase customer satisfaction and loyalty.</p><p id="">‍</p><p id="">When call centres started up it revolutionised the way businesses provided support, and instant messaging chats on the browser took this to new levels. The only drawback was the cost of maintaining a small army of support agents and trying to reduce ever increasing queue times to provide that seamless user experience all businesses dream of.&nbsp;</p><p id="">‍</p><p id="">Now Chatfuel AI offers a lifeline to small businesses wanting to provide the next level of support for their clients. With the advent of AI any business can now provide instant messaging support or sales advice for any customer, without needing to finance an entire centre of support agents.</p><p id="">‍</p><p id="">‍</p><h2 id="">Chatbeacon</h2><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">However, as exciting as these advancements may be, some experts are urging caution. Chatbeacon, for example, is a chatbot app that is specifically designed to help users via chat support, much like Chatfuel. However, the difference lies with Chatbeacon’s claim to be able to assist in chat sessions regarding mental health issues by providing:</p><p id="">‍</p><p id="">“support through information, emotional assistance, assessments, coping strategies, self-care exercises, reminders, crisis support, and referrals, aiming to empower individuals to manage their mental health and enhance their well-being.”</p><p id="">‍</p><p id="">While the app is highly effective, experts warn that it should not be used as a substitute for professional therapy.</p><p id="">‍</p><p id="">‍</p><h2 id="">Rationale AI</h2><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">‍</p><p id="">Rationale AI is designed to “ assist business owners, managers, and individuals in making tough decisions.” &nbsp;While current reports indicate it’s highly accurate, it is important for businesses and individuals to carefully consider the recommendations they receive and not rely solely on AI. After all, let's not forget the conclusion the powerful AI ‘Skynet’ jumps to in the Terminator series.</p><p id="">‍</p><p id="">‍</p><h2 id="">What’s The Upshot</h2><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">As the use of AI chatbot apps continues to grow, it is important for individuals and businesses alike to remain cautious and use these technologies responsibly. With the right approach, however, these apps have the potential to transform the way we interact with technology and each other.</p><p id="">‍</p>

<p id="">The GoAnywhere breach that occurred in March has potentially impacted 130 companies globally. In Australia major organizations like Rio Tinto, Crown Resorts, Meriton have been impacted; overseas and the list of victims continues to grow, with the Fintech company Hatch Bank and in Japan Hitachi Energy have also impacted . The cyber attack was carried out by a group known as Clop ransomware, which conducted the attack over a 10-day period, starting on January 30.&nbsp;</p><p>‍</p><p>‍</p><h2 id="">Background on the GoAnywhere Breach</h2><p>‍</p><p id="">GoAnywhere is a managed file transfer (MFT) solution that helps organizations securely exchange sensitive data with external partners. The platform's wide adoption by companies across various industries has made it an attractive target for cybercriminals.</p><p>‍</p><p id="">The Clop ransomware group is known for its targeted attacks on high-profile companies, seeking to extort them for financial gain. This group has a history of stealing sensitive data and threatening to release it publicly unless a ransom is paid.</p><p>‍</p><p>‍</p><h2 id="">The Tasmanian government - one of many institutions impacted globally</h2><p>‍</p><p id="">At a press conference on Monday, Science and Technology Minister Madeleine Ogilvie said it appeared no government-held data had been compromised in the hack of a file sharing site, by the ransomware group Cl0p.</p><p>‍</p><p id="">The government of Tasmania is looking into claims that it was attacked by the Clop ransomware group, <a href="https://therecord.media/fortra-goanywhere-clop-attacks-response" id="">which has spent weeks</a> exploiting a <a href="https://therecord.media/forta-goanywhere-mft-file-transfer-zero-day" id="">vulnerability</a> in a popular file sharing tool.</p><p>‍</p><p id="">But on Wednesday, Ms Ogilvie said the investigations had found there was a risk financial data, held by the Department for Education, Children and Young People, had been accessed — but added there was "no confirmation such information has been stolen" and reiterated "no Tasmanian government IT systems have been hacked".</p><p>‍</p><p id="">Dozens of governments, businesses and schools – from <a href="https://therecord.media/toronto-virgin-clop-hack-goanywhere" id="">the City of Toronto to Virgin</a> and <a href="https://therecord.media/clop-ransomware-adds-dozens-to-goanywhere-victim-list" id="">Hitachi</a> – have come forward to say data was stolen through a bug affecting Fortra’s GoAnywhere file transfer product. In February, Clop claimed it had attacked more than 130 organizations and it has slowly been adding names to its list of victims since then.</p><p>‍</p><p id="">On Friday, Clop addedTasmania, an island state in Australia, to its list alongside several more companies and the <a href="https://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra" id="">U.K. Pension Protection Fund</a>.</p><p>‍</p><p id="">Fintech banking platform Hatch Bank has also reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. Also Consumer goods giant Procter &amp; Gamble</p><p>‍</p><p id="">In the U.S Hatch Bank is a financial technology firm allowing small businesses to access bank services from other financial institutions.Consumer goods giant Procter &amp; Gamble</p><p>‍</p><p id="">In Japan, Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a GoAnyway zero-day vulnerability.</p><p>‍</p><p>‍</p><h2 id="">Timeline and Impact of the Breach</h2><p>‍</p><p id="">The attack began on January 30 and continued for ten days, affecting a potential 130 companies, including Rio Tinto, Crown Resorts, and Meriton. The breach exposed sensitive data and disrupted business operations for these organizations. The exact extent of the damage and the specific datacompromised are still being assessed, but the incident has raised concerns over the security of third-party services and the need for organizations to bolster their cybersecurity defences.</p><p>‍</p><p>‍</p><h2 id="">Response from Fortra</h2><p>‍</p><p id="">Fortra, the company behind GoAnywhere, has faced backlash for its response to the fiasco. Several customers <a href="https://techcrunch.com/2023/03/24/fortra-goanywhere-clop-ransomware/" id="">told TechCrunch</a> last week that the company told them their data was safe when it was not.</p><p>‍</p><p id="">When asked for a response to the most recent claims, Fortra said it would not comment on specific customers but listed off several actions it has taken to address the issue.</p><p>‍</p><p id="">Fortra spokesperson Rachel Woodford would not comment but did not dispute what the two organizations had told us or that Fortra had told customers their data was safe. Fortra did not make CISO Chris Reffkin available for an interview.</p><p>‍</p><p id="">In response to the breach, Fortra, the company that owns the GoAnywhere platform, claims it has implemented several measures to prevent the attack from escalating further. The organisation claims that immediate&nbsp; steps were used to isolate the affected systems with containment and security patching was implemented.&nbsp;</p><p>‍</p><p id="">However the Fortra has received harsh criticism of the level of transparency in its communication with affected clients, not providing regular updates on the situation and the steps taken to mitigate the risks.</p><p>‍</p><p>‍</p><h2 id="">Lessons Learned and Recommendations</h2><p>‍</p><p id="">The GoAnywhere breach highlights the growing threat landscape faced by organizations and the importance of robust cybersecurity measures. Companies should consider the following recommendations to protect their digital assets with constant and regular assessments and update security protocols and ensure open dialogue with software vendors with regular software version updates.&nbsp;</p><p>‍</p>

<p id="">The Australian government's security review of TikTok and its potential diplomatic risks highlights the delicate balance between addressing privacy concerns and maintaining international relations. As countries around the world grapple with the challenges posed by social media platforms and their data collection practices, adopting a country-agnostic approach ensures that the focus remains on addressing security and privacy risks rather than targeting specific nations or companies.</p><p id="">‍</p><p id="">Last week, it was reported that senior officials within the Department of Prime Minister and Cabinet had raised concerns over the potential diplomatic risks associated with the government's security review of TikTok. These officials warned that singling out TikTok could be perceived as targeting Chinese companies, which could have significant diplomatic implications. An internal departmental "messaging" document provided to the Prime Minister's office, obtained by The Australian under Freedom of Information, advised that the government adopt a country "agnostic" approach to the review.</p><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">According to the document, "This review risks being perceived as targeting Chinese companies. Government should maintain a country and vendor agnostic approach to reviewing social media application policy." This recommendation comes as the Home Affairs Minister, Claie O'Neil, initiated a security review late last year to examine data harvesting by social media platforms and the implications for national security and privacy.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Albanese Government's Ban:</h2><p id="">‍</p><p id="">Anthony Albanese, the Prime Minister, has enforced a sweeping ban on the Chinese-owned social media app, TikTok, following a Department of Home Affairs review that raised concerns about potential espionage risks. Effective immediately, the ban will apply to all government and department-issued devices used by politicians and public servants.</p><p id="">‍</p><p id="">The decision comes after months of debate and scrutiny of the popular app, which has been under fire for its extensive data collection practices. Experts have warned that the information gathered by TikTok's parent company, ByteDance, could be exploited by Beijing for intelligence purposes or even cyberattacks.</p><p id="">‍</p><p id="">The company has rejected security concerns and has claimed it posed no risk to Australian users.</p><p id="">‍</p><p id="">TikTok General Manager Australia and New Zealand Lee Hunter, the company rejected claims its platform posed a security risk.</p><p id="">‍</p><div id=""></div><p id="">‍</p><p id="">“If confirmed, we are extremely disappointed by this decision, which, in our view, is driven by politics, not by fact,” Mr Hunter said in a statement.</p><p id="">‍</p><p id="">Home Affairs Minister Clare O'Neil was awaiting a review on the potential for TikTok and other social media platforms to be used for foreign interference in government agencies — in the meantime, departments went their own way on deciding whether or not to ban their staff from using the app.</p><p id="">‍</p><p id="">People affected by the ban would still be able to continue using the app on their personal devices.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Global Crackdown on TikTok</h2><p id="">‍</p><p id="">Last Month the Biden administration gave all government agency staff 30 days to delete TikTok from federal devices and systems over data security concerns. The White House directive came after the U.S. Congress officially banned the app on all federal government devices in December.</p><p id="">‍</p><p id="">The US, which began last year banning the app from government devices, has moved closer to issuing a national ban on TikTok, with Congress considering a Bill that would allow platforms with links to foreign governments being banned</p><p id="">‍<br></p><div id=""></div><p id="">‍</p><p id="">The U.S. and Canada both issued in March banning the use of TikTok on government-issued mobile devices amid growing privacy and cybersecurity concerns about the Chinese-owned video-sharing app</p><p id="">‍</p><p id="">On the 16th of March, the UK Cabinet announced that TikTok was banned on UK government devices as part of wider app review.The ban comes after Cabinet Office Ministers ordered a security review. This looked at the potential vulnerability of government data from social media apps on devices and risks around how sensitive information could be accessed and used by some platforms.</p><p id="">‍</p><p id="">Given the potentially sensitive nature of information which is stored on government devices, government policy on the management of third party applications will be strengthened and a precautionary ban on TikTok on government devices is being introduced.</p><p id="">‍</p><p id="">In recent weeks the platform has come under increasing scrutiny from regulators, particularly when it comes to protecting the privacy of its young users. The U.K.'s data regulator, the Information Commissioner's Office (ICO), recently issued a £12.7 million fine against TikTok for several breaches, including misusing children's data.</p><p id="">‍</p><p id="">According to the ICO, TikTok users are required to be over the age of 13, but an estimated 1.4 million children in the U.K. were using the platform in 2020, violating its terms of service. This meant that the social network was collecting and using children's personal data without parental consent. Furthermore, the ICO found that TikTok "did not do enough" to verify the ages of its users, leading to a breach of data protection regulations.</p><p id="">‍</p><p id="">At first glance, TikTok appears to be just another social media app, with features akin to those of Instagram and Snapchat. However, underneath its engaging exterior lies a well-oiled data harvesting machine designed to collect as much personal information as possible, including facial and voice biometrics. The extent of data collection far exceeds what the app requires or what any reasonable user might expect, raising concerns about privacy and security.</p><p id="">‍</p><p id="">The fact that TikTok's parent company, ByteDance, is based in China has sparked suspicions that the Chinese government could potentially access the vast amounts of data collected by the app for intelligence purposes. The potential for this data to be used for hacking or other malicious activities has led to increasing concerns from various governments and security experts.</p><p id="">‍</p><p id="">‍</p><h2 id="">Weighing the Geopolitical Risks and Implications</h2><p id="">‍</p><p id="">The ban on TikTok in Australia's government devices echoes similar actions taken by the United States, UK and India, reflecting a growing trend of countries seeking to protect their national security interests by restricting Chinese-owned apps. However, this move could potentially escalate tensions between Australia and China, further straining their already fraught relationship. In recent years, Australia has seen a decline in its diplomatic ties with China, with disputes over issues such as human rights, foreign interference, and trade.</p><p id="">‍</p><p id="">The Chinese government has not yet formally responded to the Australian ban, but past experiences suggest that retaliation is a possibility. In the past, China has imposed tariffs and trade restrictions on Australian exports such as barley, wine, and coal, leading to significant economic losses for Australian businesses. If China perceives the TikTok ban as a direct attack on its interests, it may choose to retaliate through similar trade measures, reviving political tensions throughout the Morrison Government in 2020, further harming the Australian economy.</p><p id="">‍</p><p id="">That said, it is crucial for the Australian government to balance its national security concerns with the potential geopolitical risks and economic implications. While the decision to ban TikTok on government devices may help protect sensitive information from potential foreign interference, it is essential to engage in open dialogue with China to address any concerns and prevent further escalation.</p><p id="">‍</p><p id="">The Albanese government should also work closely with its allies and international partners to develop a coordinated approach to address potential threats posed by foreign-owned apps. Collaborating on developing data privacy and security standards can help create a more secure digital environment, while also reducing the likelihood of trade sanctions and retaliation from countries like China.</p><p id="">‍</p>

<p id="">The proposed deepening of Japan's partnership with NATO signifies a shift in the international security landscape that will reverberate far beyond the geographical confines of the Indo-Pacific and Europe. As the cyber domain becomes increasingly integral to national security strategies, this new alliance will undoubtedly impact Australia and the Five Eyes intelligence community.</p><p>‍</p><p id="">At the core of the Japan-NATO agreement is an intention to collaboratively address cyber threats posed by Russia and China. This increased focus on cyber defense, space domains, and emerging technologies offers both opportunities and challenges for Australia and the Five Eyes nations.</p><p>‍</p><p id="">As part of the Five Eyes, Australia has a vested interest in Japan's alliance with NATO. Japan's strategic location in the Indo-Pacific region and its technological prowess provide an excellent frontline buffer for cybersecurity in the region. The inclusion of Japan in large-scale NATO cyber defense drills, with a focus on emerging technologies like artificial intelligence, biotechnology, and quantum computing, signals a critical expansion of the global cybersecurity community.</p><p>‍</p><p id="">However, this expansion also raises questions regarding intelligence sharing and compatibility between NATO and the Five Eyes. Careful diplomacy and negotiation will be needed to maintain the balance of information exchange and security interests within this increasingly complex alliance web.</p><p>‍</p><p id="">Furthermore, the Japan-NATO partnership spotlights the pressing need for a more comprehensive approach to cyber security within the Five Eyes community. Australia, in particular, should seize this opportunity to enhance its own cyber defense capabilities and to further invest in emerging technologies, considering the increasingly hostile cyber environment.</p><p>‍</p><p id="">The shifting geopolitical landscape also demands a reassessment of Australia's relationship with its European counterparts. Europe's increasing engagement in the Indo-Pacific, as indicated by the UK's closer ties with Japan post-Brexit, and Germany's discussions on economic security with Japan, necessitates that Australia fosters stronger European connections.</p><p>‍</p><p id="">As Russia's actions in Ukraine have shown, geopolitical tensions are not confined to one region, and the interconnected nature of cyber security means no country is isolated from global cyber threats. Australia must ensure it is not left behind as these alliances and partnerships evolve in response to the changing geopolitical landscape.</p><p>‍</p><p id="">The proposed Japan-NATO partnership underscores the urgent need for Australia and the Five Eyes to rethink their approach to cyber politics. It is clear that cyber defense is not a standalone issue, but rather interconnected with traditional geopolitics, requiring an innovative, comprehensive approach. By embracing these emerging alliances and partnerships, Australia and the Five Eyes nations can effectively navigate this new cyber frontier.</p><p>‍</p><p id="">In conclusion, as we approach the NATO summit in July, it is clear that cyber security, emerging technologies, and international alliances are becoming increasingly vital in maintaining global security. Australia and the Five Eyes nations must adapt to these changes by strengthening their own cyber defense capabilities and fostering strategic international partnerships. The evolution of cyber politics necessitates a proactive, rather than reactive, approach to ensure the security and prosperity of our digital future.</p>

<p id="">The United States Government Accountability Office, In November&nbsp; received the latest Department of Defence to&nbsp; conduct a cyber incident review .</p><p id="">‍</p><p id="">The <a href="https://www.gao.gov/assets/gao-23-105084.pdf" id="">70-page report</a> published in November warns that hackers are continuing to target the DOD itself alongside the U.S. defense industrial base.</p><p id="">‍</p><p id="">The report revealed DOD has not consistently documented the notifications of affected individuals, because officials said notifications are often made verbally or by email and no record is retained.&nbsp;</p><p id="">‍</p><p id="">Failures in reporting cyber incidents at the U.S. Department of Defense risks leaving commanders in, the risks to DOD and DIB information systems are increasing as cybersecurity threats evolve and become more sophisticated.&nbsp;</p><p id="">‍</p><p id="">For example, in November and December 2021, Chinese hackers breached five U.S. defense and technology firms. The hackers obtain passwords to access the organizations’ systems and intercept sensitive communications. Similarly, between May and July 2019, hackers breached the Defense Information Systems Agency’s (DISA) network in the dark about the effects hackers could have on their missions, according to the report .</p><p id="">&nbsp;</p><p id="">While external information sharing around the Russian invasion of Ukraine has won the DOD and broader U.S. security and intelligence community plaudits, the lack of internal information sharing within the DOD and the defense industry is leading to “lost opportunities to identify system threats and improve system weaknesses.”</p><p id="">‍</p><p id="">“Until DOD assigns responsibility for ensuring complete and updated incident reporting and proper leadership notification, the department will not have assurance that its leadership has an accurate picture of its posture,” the report warns. “As a result, the department may miss opportunities to assess threats and weaknesses, gather intelligence, support commanders, and share information.”</p><p id="">‍</p><p id="">Partially these issues are caused by the design of JIMS. While the DOD’s official Cyber Incident Handling Program Manual requires 46 different data fields for reporting a cyber incident, JIMS only requires users to include information on 13 of the 46 fields –with the other data fields either presented as optional (such as operational impact and system weaknesses) or unavailable (such as root cause(s) and systems affected) in the system.</p><p id="">‍</p><p id="">DOD officials “acknowledged that JIMS has limitations” according to the GAO report and “are considering implementing a new solution to address those limitations.”</p><p id="">‍</p><p id="">The GAO report concluded that the DOD needs to take stronger measures to protect its networks and data from cyber attacks. Specifically, the report recommended that the DOD improve its cybersecurity policies and procedures, increase its use of encryption and other security measures, and enhance its cyber threat intelligence capabilities.</p><p id="">‍</p><p id="">The GAO also recommended that the DOD improve its coordination with other government agencies and private sector partners to better defend against cyber threats. Finally, the report urged the DOD to address staffing shortages and training gaps in its cybersecurity workforce, which could leave it vulnerable to attacks.</p><p id="">‍</p><p id="">Overall, the GAO report highlights the ongoing challenge that the DOD and other government agencies face in defending against cyber threats, and the need for continued investment in cybersecurity infrastructure and personnel.</p><p id="">‍</p><p id="">‍</p>

<p id="">The European Parliament’s co-rapporteurs proposed compromise amendments to the list of high-risk AI applications, banned uses and concept definitions.</p><p id="">‍</p><p id="">EU lawmakers Brando Benifei and Dragoș Tudorache are striving to close the negotiations on the Artificial Intelligence Act in the coming days. The Act is the world’s first attempt to regulate AI based on its potential to cause harm.</p><p id="">‍</p><p id="">Among the pending issues the two lawmakers are trying to close is the list of AI uses that pose significant risks, the prohibited practices and the definitions of the key concepts used in the draft law, according to documents presented in Brussels by the European Commission.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Areas of high Risk</h2><p id="">‍</p><p id="">The AI Act’s Annex III lists critical areas with specific use cases.</p><p id="">‍</p><p id="">On Monday (6 February), the co-rapporteurs extended the notion of biometric identification and categorisation to biometric-based systems like Lensa, an app that can generate avatars based on a person’s face.</p><p id="">‍</p><p id="">As the co-rapporteurs want live biometric identification in publicly accessible spaces to be banned altogether, the high-risk use case has been limited to ex-post identification. For privately-accessible spaces, both live and ex-post identification have been added to the list.</p><p id="">‍</p><p id="">Moreover, the use cases include remote biometric categorisation in publicly-accessible spaces and emotion recognition systems.</p><p id="">‍</p><p id="">The co-rapporteurs also included critical assets,&nbsp; if the system’s failure is highly likely to lead to an imminent threat to such supply, this aims to to ensure the safety of water supply, gas, heating, energy, and electricity would only qualify in this category.</p><p id="">‍</p><p id="">In the field of employment, the high-risk category was expanded to include algorithms that make or assist decisions related to the initiation, establishment, implementation or termination of an employment relation, notably for allocating personalised tasks or monitoring compliance with workplace rules.</p><p id="">‍</p><p id="">In the educational sector, the wording has been amended to include systems that allocate personalised learning tasks based on the students’ personal data.</p><p id="">‍</p><p id="">A new risk area was for&nbsp; AI systems that may seriously affect a child’s personal development and also added for systems meant to be used by vulnerable groups. This vague wording might result in covering social media’s recommender systems.</p><p id="">‍</p><p id="">Lawmakers expanded the wording in the law enforcement, migration and border control management to avoid the high-risk classification being circumvented using a contractor.</p><p id="">‍</p><p id="">The EU legislators applied amendments into&nbsp; AI applications that could influence people’s voting decisions at local, national or European polls is considered at risk, together with any system that supports democratic processes such as counting votes.</p><p id="">‍</p><p id="">A residual category was introduced to cover generative AI systems like ChatGPT and Stable Diffusion. Any AI-generated text that might be mistaken for human-generated is considered at risk unless it undergoes human review and a person or organisation is legally liable for it.</p><p id="">‍</p><p id="">‍</p><h2 id="">Prohibited practices</h2><p id="">‍</p><p id="">Additional bans were added in the AI rulebook as part of the proposed changes by EU Lawmakers.</p><p id="">‍</p><p id="">According to another compromise seen, CNC staff&nbsp; subliminal techniques used by AI models using beyond a person’s consciousness are to be banned except if their use is approved for therapeutic purposes and with the explicit consent of the individuals exposed to them.</p><p id="">‍</p><p id="">Applications that are driven by AI computing are also prohibited, if they are destined to be used intentionally for manipulation or designed to exploit a person’s vulnerability, like mental health or economic situation, to materially distort his or her behaviour in a way that can cause significant physical or psychological harm.</p><p id="">‍</p><p id="">The co-rapporteurs are proposing expanding the ban on the social scoring not only of individuals but also to groups over inferred personal characteristics that could lead to preferential treatment.</p><p id="">‍</p><p id="">The ban on AI-powered predictive policing models was maintained.</p><p id="">‍</p><p id="">More definitions have been added concerning data, profiling, deep fakes, biometric identification and categorisation, subliminal techniques and sensitive data, bringing more clarity to these concepts and aligning them to the EU’s General Data Protection Regulation.</p><p id="">‍</p><p id="">‍</p>

<p id="">The Biden administration is exploring the possibility of new export controls that would limit China’s access to some of the most powerful emerging computing technologies, according to people familiar with the situation.</p><p id="">‍</p><p id="">The potential plans, which are in an early stage, are focused on the still-experimental field of quantum computing, as well as artificial intelligence software, according to the people, who asked not to be named discussing private deliberations.</p><p id="">‍</p><p id="">Industry experts are weighing in on how to set the parameters of the restrictions on this nascent technology, they said.</p>

<p id="">One of Australia's largest property developers, Meriton, has recently fallen victim to a data breach, with cybercriminals potentially stealing sensitive personal information.&nbsp;</p><p id="">‍</p><p id="">Meriton is best known for its luxury hotels and apartments, but also leases and sells commercial properties.</p><p id="">‍</p><p id="">It was founded by property developer Harry Triguboff, who according to the Australian Financial Review is Australia's sixth-richest man and is estimated to be worth $21.2 billion.</p><p id="">‍</p><p id="">In a statement, Meriton confirmed to the ABC that it was the victim of a "cybersecurity incident" which compromised 35.6 gigabytes of data, and which it attributed to an "unidentified third party".</p><p id="">‍</p><p id="">Meriton revealed that it had fallen victim to a cyberattack, in which sensitive employee information, including bank details, tax file numbers, salary information, and performance reviews, may have been stolen by hackers. The company is working closely with cybersecurity experts and law enforcement agencies to investigate the breach and mitigate any potential harm to the affected individuals.</p><p id="">‍</p><p id="">The Meriton cyberattack highlights the vulnerability of the building industry to cyber threats. As the industry increasingly relies on digital technologies, it becomes more susceptible to attacks from malicious actors seeking to exploit security weaknesses.</p><p id="">‍</p><p id="">As building automation and management systems become increasingly prevalent in the property industry, the sector is becoming more reliant on digital technologies. This reliance exposes building technologies to the risk of cyberattacks, which can have significant financial, operational, and reputational repercussions for property developers, managers, and owners.</p><p id="">‍</p><p id="">The increasing use of SCADA (Supervisory Control and Data Acquisition) systems, IP networking, and cloud-based platforms in the building and property industry has led to greater interconnectivity between building management systems (BMS) and corporate networks. While these technologies have improved efficiency and collaboration, they have also made BMS more susceptible to cyberattacks.</p><p id="">‍</p><p id="">BMS control various functions, such as heating, ventilation, and air conditioning (HVAC), lighting, and security, which in the past were run as a parallel close network, moreover the advent of cloud monitoring systems has increased vulnerability points in the crossover between BMS and corporate network services.&nbsp;</p><p id="">‍</p><p id="">Recent innovations in building services such as the Internet of Things, which encompass smart thermostats, lighting systems, and surveillance cameras, are increasingly integrated into modern building designs. A large portion of these technologies intersect from SCADA to IP networks and with the increase reliance of cloud-based platforms for data storage, project management, to increase collaboration&nbsp;</p><p id="">‍</p><p id="">The Need for Comprehensive Cybersecurity Measures to improve risk management processes&nbsp; and conduct regular assessments of their cyber risk exposure, including identifying vulnerabilities in their building technologies and implementing appropriate risk mitigation strategies.</p><p id="">‍</p><p id="">Property companies must invest in cybersecurity training for employees to recognize and respond to potential cyber threats, promoting a culture of security awareness and invest in the adoption of&nbsp; a multi-layered approach to cybersecurity, implementing a combination of technical, administrative, and physical controls to protect their digital assets and building technologies&nbsp;</p><p id="">‍</p><p id="">As the property sector becomes increasingly digitised and interconnected, supply chain cybersecurity risks will continue to grow. Property companies must proactively address these threats by implementing robust security measures, collaborating with supply chain partners, and complying with industry standards and regulations.</p><p id="">‍</p><p id="">‍</p><h2 id="">Cyber Attacks in the Building and Property Industry is a worldwide phenomenon&nbsp;</h2><p id="">‍</p><p id="">Meriton joins a long list of firms that have been attacked by hackers over the past year. The hotel and property developer has also taken “appropriate” measures to notify those affected, sending letters to both guests and staff members.&nbsp;</p><p id="">‍</p><p id="">“We have been working closely alongside leading cybersecurity and forensic IT professionals and taking all available steps to protect against future risk to data and prevent recurrence.” told the ABC in a statement&nbsp;</p><p id="">‍</p><p id="">A major data breach at property valuation firm, LandMark White. revealed in February 2019, resulting in the exposure of more than 100,000 personal and financial records. The breach occurred due to an unsecured API, allowing unauthorised access to the sensitive information. In the aftermath of the incident, several major banks suspended their dealings with the company, leading to substantial financial losses.</p><p id="">‍</p><p id="">In early 2020 French media reported that the Bouygues Group’s construction subsidiary had been hit by a massive ransomware attack. The entire computer network has been affected, and all of the company’s servers shut down. A ransom of 10 million Euros has been requested, and at least 200GB of data has already been stolen.</p><p id="">‍</p><div id=""></div><h2 id="">Minister Claire O'Neil and the National Office for Cyber Security&nbsp;</h2><p id="">‍</p><p id="">Last month Prime Minister Albanese announced the creation of a new National Coordinator for Cyber Security, supported by a National Office for Cyber Security.</p><p id="">‍</p><p id="">Minister for Cyber Security Senator O’Neill, presented in March 22, 2023 at the Australian Information Security Association’s (AISA) Australian Cyber Conference 2023, reaffirming the government's commitment to fight Cybercrime in 20023, with a series of coordinated initiatives </p><p id="">‍</p><p id="">The Minister is considering a range of measures&nbsp; “The Cyber Security Strategy include creating a legislative framework to shift cyber security risks away from our most vulnerable members of the community towards those who are best placed to manage it, including software and cyber security service providers, telecommunications firms and technology developers,” the Cyber Security Minister told the audience.</p><div id=""></div><p id="">‍</p><p id="">“Helping the government to develop the new Cyber Security Strategy is an Expert Advisory Board led by former Telstra CEO Andy Penn, and including one of Australia's foremost cybersecurity and telco experts, Rachael Falk, and former Chief of Air Force Mel Hupfeld.” Said, Senator O’Neill</p><p id="">‍</p><p id="">With multiple building technologies at risk, regulators must play an active role in promoting best practices and ensuring that companies adopt robust cybersecurity measures to protect their sensitive data and assets.</p><p id="">‍</p><p id="">The recent attacks in Australia are the most recent evidence that the building Industry and financial services sectors are part of a broader cyber security phenomenon impacting the economy. These incidents illustrate that companies operating in this space must prioritise cybersecurity strategy and collaboration with regulators.</p>

<p id="">Latitude Financial, a leading consumer finance company in Australia and New Zealand, recently suffered a significant data breach, exposing personal and financial information of numerous customers.&nbsp;</p><p id="">‍</p><p id=""><a href="https://investors.latitudefinancial.com.au/investor-centre/?page=asx-announcements" target="_blank" id="">Latitude Financial says </a>that 7.9 million Australian and New Zealand drivers licence numbers were stolen in a hack earlier in March, a number far higher than initially estimated. This incident has raised questions about the security of customer data and the necessary measures to protect it.&nbsp;</p><p id="">‍</p><p id="">We will examine the explanations from the CEO and authorities, Minister Claire O'Neil's planned actions, and the broader impact on financial services in Australia and New Zealand, as well as the required regulatory actions. Furthermore, will discuss the potential legal implications, customer concerns, and the impact on Latitude Financial's reputation.</p><p id="">‍</p><p id="">The CEO of Latitude Financial has publicly apologised for the data breach and reassured customers that immediate actions are being taken to address the issue. They explained that the breach occurred due to a sophisticated cyber attack exploiting a previously unknown vulnerability in their system. The company has since engaged external cybersecurity experts to assist in the investigation and remediation process.</p><p id=""><a href="https://investors.latitudefinancial.com.au/investor-centre/?page=asx-announcements" target="_blank" id="">‍</a></p><div id=""></div><p id="">‍</p><h2 id="">Authorities' Response:</h2><p id="">Authorities have expressed concern about the increasing frequency of cyber attacks on financial institutions. They are urging companies to invest in more robust security measures and implement stricter cybersecurity protocols.&nbsp;</p><p id="">‍</p><p id="">The Office of the Australian Information Commissioner (OAIC) has said it continues to engage with Latitude Financial and is making preliminary inquiries regarding the cybersecurity incident. The OAIC is formally investigating Medibank Private’s security breach last year which could trigger massive fines and open the way for compensation payments to customers whose privacy was impacted.</p><p id="">‍</p><p id="">Regulatory bodies such as, ASIC &amp; ACMA, are also considering updates to the existing cybersecurity regulations to increase the accountability of companies handling sensitive customer data.</p><p id=""><a href="https://investors.latitudefinancial.com.au/investor-centre/?page=asx-announcements" target="_blank" id="">‍</a></p><p id="">‍</p><h2 id="">Minister Claire O'Neil's Actions:</h2><p id="">‍</p><p id="">The announcement of another Nationwide cyber attack comes less than a week after <a href="https://minister.homeaffairs.gov.au/ClareONeil/Pages/australian-information-security-associations-australian-cyber-conference-2023.aspx" target="_blank" id="">the Minister for Cyber Security opened the National AISA conference 22 March 2022</a>,&nbsp; referring to the progress the Albanese Government has made in streamlining the government department to improve the handling of major cyber attacks on Australian organisations.&nbsp;</p><p id="">‍</p><p id="">“We are punching back where necessary. And we are fighting to protect our citizens, every day," said O’Neil, ensuring to the audience that “[t]he Albanese Labor Government and I will not settle for the complacency and neglect of the past. We are building a more resilient Australia, so that our country isn’t seen as a soft target. Because we’re not.”</p><p id="">‍</p><div id=""></div><p id="">Source: Sen O’Neil Twitter : Presenting at AISA&nbsp; 27th March 2023</p><p id="">‍</p><p id="">In response to the latest cyber attack, Minister Claire O'Neil has announced several initiatives to strengthen cybersecurity in the financial sector. These include:</p><p id="">‍</p><p id="">Establishing a dedicated cybersecurity task force to support financial institutions in enhancing their security measures Also continue to introduce new legislation that mandates regular security audits and reporting for financial institutions</p><p id="">‍</p><p id="">To be established in May, the group will be responsible for implementing the new Australian Cyber Security Strategy 2023–2030 and will specifically work to support Home Affairs and Cyber Security Minister Clare O’Neil and a cyber security coordinator that is yet to be appointed.</p><p id="">‍</p><p id="">‍</p><h2 id="">Legal Action and Potential Consequences:</h2><p id="">‍</p><p id="">Gordon Legal and HSA's investigation into possible legal action against Latitude Financial highlights the severity of the data breach and the potential repercussions for the company. If a class-action lawsuit is initiated, Latitude Financial could face substantial financial penalties and compensation claims from affected customers. Moreover, the company may also be subject to regulatory fines and penalties for any failure to adequately protect customer data.</p><p id="">‍</p><p id="">“We are investigating how a breach of this size could occur. Latitude customers deserve to understand their legal rights and the steps that have been taken to protect their personal data,” Gordon Legal’s James Naughton said on Tuesday.</p><p id="">‍</p><p id="">The investigation will examine how the breach occurred, including the effectiveness of Latitude’s security measures, and whether the consumer finance group took appropriate steps to protect its customers’ personal information.</p><p id="">‍</p><p id="">The Office of the Australian Information Commissioner (OAIC) has said it continues to engage with Latitude Financial and is making preliminary inquiries regarding the cybersecurity incident. The OAIC is formally investigating Medibank Private’s security breach last year which could trigger massive fines and open the way for compensation payments to customers whose privacy was impacted.</p><p id=""><a href="https://investors.latitudefinancial.com.au/investor-centre/?page=asx-announcements" target="_blank" id="">‍</a></p><p id="">‍</p><h2 id="">Broader Impact on Financial Services in Australia and New Zealand:</h2><p id="">‍</p><p id="">The Latitude Financial data breach highlights the vulnerability of the financial sector to cyber attacks. Financial institutions in both countries need to reassess their cybersecurity measures and invest in more sophisticated protections to regain customer trust and maintain the stability of financial systems.</p><p id="">‍</p><p id="">With the focus on improving International and national Cyber infrastructure A new role has been established to lead the new group, with the Australian Cyber and Infrastructure Security Centre’s (CISC) inaugural head Hamish Hansford being appointed deputy secretary.</p><p id="">‍</p><p id="">“A new Cyber and Infrastructure Security Group will be created on May 1, under the leadership of Hamish Hansford in a new deputy secretary position,” said secretary Michael Pezzullo during his speech at the Home Affairs cyber and infrastructure security conference last week.</p><p id="">‍</p><p id="">In addition to its role in implementing the new cyber security strategy, Pezzullo has said that the group will be responsible for leading securing partnerships between government and industry, ensuring that the two “work together on hardening Australian infrastructure and our economy from cyber attacks and from other hazards”.</p><p id="">‍</p><p id="">Required Regulatory Actions:</p><p id="">‍</p><p id="">To better protect customer data in the financial sector, regulatory bodies should consider implementing the following actions:</p><p id="">‍</p><p id="">‍</p><h2 id="">Operation Guardian expands to combat further cybercrime</h2><p id="">‍</p><p id="">The AFP has expanded Operation Guardian to help protect Latitude Services customers whose personal information has been stolen by cybercriminals.</p><p id="">‍</p><p id="">Operation Guardian, a joint initiative with state and territory police run through the AFP-led Joint Policing Cyber Crime Coordination Centre (JPC3), was set up in September 2022 to protect more than 10,000 customers whose personal information was unlawfully released online after the Optus data breach. It was also extended to Medibank Private customers.</p><p id="">‍</p><p id="">There is no evidence to date that the personal details of Latitude Services customers are available, or being sold on online or dark web forums.</p><p id="">‍</p><p id="">In light of the recent data breach, Latitude Financial must reevaluate its data security practices and implement robust measures to prevent future incidents. </p><p id="">‍</p><p id="">With millions of customers affected and potential legal action on the horizon, the company must act swiftly to address the issue, restore customer trust, and improve its data security measures. </p><p id="">‍</p><p id="">This incident serves as a stark reminder of the importance of robust data protection practices in the financial sector and the need for constant vigilance against cyber threats.</p><p id="">‍</p>

<p id="">In his first appearance before Congress on Thursday, <a href="https://edition.cnn.com/2023/03/23/tech/tiktok-ceo-hearing/index.html" target="_blank" id="">TikTok CEO Shou Chew faced a barrage of questions</a> from lawmakers who expressed deep scepticism about the company's attempts to protect US user data and ease concerns about its ties to China. Chew sought to reassure the congressional panel that his company is committed to transparency and protecting the privacy of its American users, but many remained unconvinced.</p><p id="">‍</p><p id="">During the hearing, Chew emphasised that TikTok has taken significant steps to distance itself from its parent company, ByteDance, which is based in China. He pointed out that TikTok's data centres for US users are located in the United States and Singapore, and that the company has implemented strict access controls to prevent unauthorised access to user data.</p><p id="">‍</p><p id="">Lawmakers, however, were not easily swayed by Chew's assurances. Several members of Congress questioned the CEO about the potential for the Chinese government to access TikTok user data, citing concerns about the country's history of intellectual property theft, espionage, and censorship. Chew reiterated that TikTok has implemented stringent measures to safeguard user data and that the company has never received a request from the Chinese government to access US user data.</p><p>‍</p><p id="">Despite these assurances, lawmakers pressed Chew to provide more concrete evidence of TikTok's independence from China. Some called for the company to undergo a thorough security audit by a third-party organisation to validate its data protection measures and verify its claims of independence.</p><p>‍</p><p id="">In addition to data privacy concerns, members of Congress raised questions about TikTok's content moderation practices. Several lawmakers pointed out instances where the platform appeared to suppress content related to human rights abuses in China, such as the treatment of Uyghur Muslims in Xinjiang. Chew acknowledged these concerns and explained that TikTok is continually working to improve its content moderation policies and practices, including increased transparency and collaboration with external organizations.</p><p>‍</p><p>‍</p><h2 id="">Washington has already made up its mind about TikTok</h2><p id="">‍</p><p id="">The hearing, which lasted for more than five hours, kicked off with calls from a lawmaker to ban the app in the United States and remained combative throughout. It offered a vivid display of the bipartisan push to crack down on the popular short-form video app and the company’s uphill battle to improve relations with Washington.</p><p id="">‍</p><p id="">Washington Republican Rep. Cathy McMorris Rodgers, the chair of the House Energy and Commerce Committee, opened Thursday’s hearing by telling Shou: “Your platform should be banned.”</p><p id="">‍</p><p id=""><em id="">“To the American people watching today, hear this: TikTok is a weapon by the Chinese Communist Party to spy on you, manipulate what you see and exploit for future generations,”</em> said Rep. McMorris Rodgers.</p><p id="">In an exchange with California Democratic Rep. Anna Eshoo, Chew talked up TikTok’s ongoing efforts to protect US user data and said he has “seen no evidence that the Chinese government has access to that data; they have never asked us, we have not provided it.”</p><p id="">‍</p><p id="">In closing, Chew emphasised that TikTok is committed to earning the trust of its American users and will continue to take steps to address the concerns raised by lawmakers. He pledged that the company would remain transparent about its data protection practices and work tirelessly to maintain the safety and privacy of its users.</p><p id="">‍</p><p id="">While the CEO's testimony may not have entirely dispelled the scepticism surrounding TikTok's ties to China, it marked a significant step in the company's ongoing efforts to engage with US authorities and address concerns about its data privacy practices. Whether these efforts will be enough to satisfy lawmakers and regulators remains to be seen, but the hearing highlighted the challenges that the popular social media platform faces in navigating the complex geopolitical landscape.</p><p id="">‍</p>

<p id="">In a recent development, the US House Speaker announced that lawmakers would proceed with a bill targeting the popular social media platform TikTok. This move raises questions about the implications for TikTok in the United States and the broader geopolitical relationship between the US and Chinese tech businesses operating within the country.</p><p>‍</p><p id="">TikTok, owned by Chinese tech company ByteDance, has been under scrutiny in the US over concerns related to user data privacy and potential links to the Chinese government. The proposed bill aims to address these concerns by imposing stricter regulations on the platform, which could potentially impact its operations and growth in the American market.</p><p>‍</p><p id="">If the TikTok bill is passed, the platform may face new restrictions and compliance requirements, affecting its ability to serve the US user base. Moreover, the company could be compelled to make significant changes to its data storage and privacy practices, which may result in increased operational costs and a negative impact on user experience.</p><p>‍</p><p id="">The Australian government has already indicated it will not put a nationwide ban in place, something that has been threatened in the US. However, a growing list of people believe the government may reconsider depending on what happens in the US.</p><p>‍</p><p id="">On Friday 24th February 2023,&nbsp; New Zealand banned the short-video sharing app TikTok from devices with access to the country's parliamentary network, citing cybersecurity concerns. The island nation is the latest among several Western countries to ban the app from lawmakers' phones.</p><p>‍</p><p id="">One of the United States’ top technology regulators has urged Australia to ban TikTok in its current form, arguing the wildly popular Chinese-owned app is a sophisticated surveillance tool that poses a uniquely troubling national security threat.</p><p>‍</p><p id="">The move to advance the TikTok bill also sheds light on the broader geopolitical relationship between the US and Chinese tech businesses operating within the country and the ripple effect across allied western nations in the Pacific . In recent years, tensions between the two nations have escalated, with the US government expressing concerns about the potential security risks posed by Chinese tech companies and their products.</p><p>‍</p><p id="">Examples of this strained relationship include the ban on Huawei, a leading Chinese telecom giant, which was accused of posing a national security threat due to its potential ties to the Chinese government. Similarly, the Trump administration had issued an executive order to ban TikTok and WeChat, although this was later halted by legal challenges.</p><p>‍</p><p id="">In August 2018, the Australian government announced that it would exclude Huawei from participating in the country's 5G network development, citing national security risks. The decision was based on concerns that Huawei's involvement could potentially expose Australia's critical infrastructure to foreign interference and espionage, given the company's alleged close ties with the Chinese government.</p><p>‍</p><p id="">The Huawei ban has had a significant geopolitical impact on the relationship between Australia and China, exacerbating existing tensions over issues such as trade, human rights, and regional security. The ban has been perceived by China as a direct affront, contributing to a deterioration in diplomatic relations between the two nations. The situation has escalated to a point where both countries have accused each other of spreading disinformation and engaging in political warfare.</p><p>‍</p><p id="">The advancement of the TikTok bill signals a continuation of the US government's efforts to safeguard national security and data privacy from perceived threats posed by Chinese tech companies. This approach may lead to further restrictions and regulatory measures targeting other Chinese-owned businesses operating in the US, which could adversely affect their market share, profitability, and reputation.</p><p>‍</p><p id="">The decision to move forward with the TikTok bill has significant implications for the social media platform's future in the United States, as well as the broader geopolitical relationship between the US and Chinese tech businesses operating within the country. As tensions between the two nations continue to escalate, it is crucial for both sides to engage in dialogue and seek collaborative solutions that address security concerns while promoting innovation and global cooperation in the tech sector.</p><p>‍</p>

<p id="">On March 20, ChatGPT, an AI-driven language model developed by OpenAI, experienced an outage followed by issues with making conversation history accessible to users. This incident raised concerns about the potential cyber leakage of sensitive user data and the overall security of AI-based platforms.&nbsp;</p><p>‍</p><p id="">ChatGPT owner OpenAI says it has fixed a bug that caused a “significant issue” of a small set of users being able to see the titles of others’ conversation history with the viral chatbot.</p><p>‍</p><p id="">As a result of the fix, users could not access their chat history on March 20, Chief Executive Sam Altman said in a tweet on Wednesday.</p><p>‍</p><p>‍</p><h2 id="">Impacts of the ChatGPT Outage</h2><p>‍</p><p id="">The outage disrupted the user experience, causing inconvenience to those relying on the AI language model for personal, educational, or professional purposes. The inability to access conversation history raised concerns about the security of user data, potentially eroding trust in the platform. This incident has brought forward more critics regarding the attention to the broader issue on ethical issues on AI platform reliability and the need for robust security measures to protect user data.</p><p>‍</p><p>‍</p><h2 id="">The Glitch and Concerns About User Privacy</h2><p>‍</p><p>A recent glitch in the system has raised concerns about the extent to which OpenAI has access to user chats and how the company handles this information. The glitch inadvertently exposed some users' conversation history, leading to fears that private information could be released through the tool.</p><p>‍</p><p>‍</p><h2 id="">User Concerns</h2><p>‍</p><p id="">Following the outage, users expressed various concerns, primarily focused on data privacy, with users worried about the potential exposure of their sensitive information, such as personal details, confidential business information, Further questions regarding about the stability and reliability of ChatGPT and similar AI-driven platforms, prompting users to reconsider their dependence on such tools.</p><p>‍</p><p id="">Finally,&nbsp;users sought clear communication from OpenAI regarding the cause of the outage and the steps taken to resolve the issue.</p><p>‍</p><p>‍</p><h2 id="">OpenAI's Response and Future Steps</h2><p>‍</p><p id="">In response to the concerns, OpenAI has acknowledged the glitch and assured users that it is taking steps to address the issue. The company has reiterated that it only uses anonymized data for training purposes, with PII removed to ensure user privacy. OpenAI is also committed to transparency, regularly updating its privacy policy and data usage guidelines to provide users with a clear understanding of how their information is being used.</p><p>‍</p><p id="">The company has taken additional steps to prevent this from happening again in the future including adding redundant checks to library calls, "programatically examined our logs to make sure that all messages are only available to the correct user," and "improved logging to identify when this is happening and fully confirm it has stopped." The company says that it has also reached out to alert affected users of the issue.</p><p>‍</p><p id="">The ChatGPT outage highlights the need for strong security measures and incident management strategies for AI-based platforms, as users entrust these tools with sensitive information. OpenAI's proposed measures aim to address user concerns and prevent future incidents of cyber leakage</p><p>‍</p><p>‍</p><h2 id="">OpenAI's ambitious master plan</h2><p>‍</p><p id="">Nearly a dozen companies debuted ChatGPT plugins today in conjunction with the feature’s debut. Among them is Instacart Inc., which has created a tool that allows the chatbot to order food from grocery stores. Expedia Group Inc. is using ChatGPT to help users craft travel plans, while OpenTable Inc. will deliver AI-generated restaurant suggestions.</p><p>‍</p><p id="">OpenAI is working to map out the potential risks associated with the new plugin feature. According to the startup, its engineers have carried out a number of tests to determine how plugins could potentially be misused. It’s also inviting outside researchers to contribute feedback.&nbsp;</p><p>‍</p><p id="">The launch of the plugin feature comes a few days after OpenAI debuted its newest machine learning model. GPT-4, as the model is called, is a more advanced version of the neural network on which ChatGPT is based. It’s described as being more adept at complicated tasks such as solving mathematical problems.</p><p>‍</p>

<p id="">On Tuesday 25 March, it was revealed that cloud data management giant Rubrik had fallen victim to a cyber attack. Hackers reportedly used a vulnerability in a popular file transfer tool, Fortra's GoAnywhere Managed File Transfer product, to gain unauthorised access to Rubrik's systems. The attack was attributed to the Clop ransomware group, which has been exploiting the Fortra vulnerability in a string of attacks on various organisations.</p><p>‍</p><p id="">The Clop ransomware group has become notorious for its use of the Fortra vulnerability, which it has used to successfully attack a number of organizations in recent months. The vulnerability is a zero-day flaw in the GoAnywhere Managed File Transfer product, meaning that it is unknown to the vendor and therefore not patched. The attackers are able to use the vulnerability to gain access to the targeted systems without detection.</p><p>‍</p><p id="">The attack on Rubrik highlights the ongoing threat posed by cyber attacks to cloud service providers and their customers. As more organisations move their data and applications to the cloud, they become attractive targets for hackers who are looking to exploit vulnerabilities in these systems.</p><p>‍</p><p id="">A spokesperson for the company told The Record that based on an investigation being carried out by a third party, the hackers did not access any data Rubrik secures on behalf of its customers.</p><p>‍</p><p id="">Using the widely-covered zero-day vulnerability affecting GoAnywhere, the hackers gained access to information in one of Rubrik’s non-production IT testing environments.</p><p>‍</p><p id="">“The current investigation has determined there was no lateral movement to other environments,” Mestrovich said. “Rubrik took the involved non-production environment offline and leveraged our own security systems and solutions to quickly contain the threat and help restore our test environment.”</p><p>‍</p><p id="">The spokesperson directed The Record to a longer statement from Rubrik CISO Michael Mestrovich, which said Clop’s attack began in February.</p><p>‍</p><p id="">Community Health Systems, Inc.,&nbsp; one of the largest health providers in the U.S. <a href="https://www.sec.gov/Archives/edgar/data/1108109/000119312523035789/d422693d8k.htm" id="">filed documents with the SEC</a> confirming that the sensitive data of more than one million people had been stolen following a breach that involved the compromise of its GoAnywhere system.</p><p>‍</p><p id="">That filing came after the Clop ransomware group <a href="https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/" id="">told BleepingComputer</a> that it hacked into more than 130 organizations through the GoAnywhere vulnerability.</p><p>‍</p><p id="">The Rubrik attack also highlights the need for organizations to be aware of the risks associated with third-party software and services. While these tools and services can be highly beneficial to organizations, they also introduce new vulnerabilities and risks that need to be managed. Organisations should perform due diligence on any third-party software or services they use, and ensure that appropriate security measures are in place.</p><p>‍</p><p id="">The Clop ransomware gang was one of the groups that exploited the Accellion vulnerability, attacking several high profile victims that included U.S. retail store chain Kroger, Morgan Stanley, Shell and aero plane maker Bombardier.</p><p id="">‍</p>

<p id="">Only hours after the joint announcement by President Joe Biden and Prime Ministers Anthony Albanese and Rishi Sunak in San Diego, of the multi-decade collaboration of Virginia- and SSN-AUKUS-class submarines, a scathy reaction by prominent political figures has halted the over eager Labor government “Submarine PR machine”.</p><p id="">&nbsp;</p><p id="">Not surprisingly, the Former PM Paul Keating, is the one of very few proven political figures of our time that can bring a government marketing parade to a halt. On the 15th of February, only two days after the historical announcement by the Prime MInister Abanese in SanDiego,&nbsp; Presented his case and the former PM forced the Press Club to take note of the different perspectives and concerns over the defence alliance, including the strategic impact with China.&nbsp;</p><p id="">‍</p><p id="">Mr Keating criticised the AUKUS pact and discussed relations with China as the “worst international decision by an Australian Labor government”.&nbsp;</p><p id="">‍</p><p id="">Only a handful of Australians can call out its own Party to question the logic and the long term strategic and consequential impact with our Asian trade partners.</p><p id="">‍</p><p id="">It has forced the press and commentators to endure the legitimate effort to critically&nbsp; examine the decisions by the current government to commit decades of defence commitment by Australia with the United States and United Kingdom.</p><p id="">‍</p><p id="">The former prime minister may have brought up critical issues with the AUKUS 'forever deal' with the US and UK, let's not expect a patriotic media to play along.</p><p id="">‍</p><p id="">But he’s right that the unipolar world of US hegemony is over and we have to live with China’s growing influence in the world, and especially in Asia, whether we like it or not, and however many submarines we end up with. Carrying on as if only the US can have spheres of influence or a powerful military paves the way for a disastrous confrontation.</p><p id="">‍</p><p id="">The US made up around 40 per cent of global GDP in the 1960s, at the height of its relative power, around double the level today, a share that is expected to continue to slowly decline.</p><p id="">‍</p><p id="">In this context it will become harder – and indeed inadvisable – for Washington to seek to arbitrate disputes of its choice anywhere in the world, be it in Ukraine, the Middle East, or in the South China Sea. That would be a recipe for wars even more disastrous than those instigated over the past 20 years, where Washington tried and largely failed to impose its will on other, much weaker nations in the Middle East and Africa.</p><p id="">‍</p><p id="">As Prime Minister Anthony Albanese and senior Cabinet ministers push back on Paul Keating's strident criticism of the AUKUS pact, The process of Federal Government lobbying to state government and local MP to engage in the construction of the submarine in Port Adelaide&nbsp; workshop and nuclear waste depot has begun.&nbsp;</p><p id="">‍</p><p id="">The Prime Minister, Mr Biden and Mr Sunak said in a joint statement that the AUKUS pathway would elevate the industrial capacity of all three countries and expand their presence in the Indo-Pacific.</p><p id="">‍</p><p id="">It is expected the AUKUS&nbsp; rollout&nbsp; <a href="https://www.defence.gov.au/about/taskforces/aukus/submarine-industry-workforce" id="">will support 4000 to 5000</a> direct jobs in Adelaide, plus another 4000 workers to design and build the infrastructure. Another 3000 direct jobs are expected to be created in Western Australia.</p><p id="">‍</p><p id="">There are concerns that a naval buildup from Australia, supported by the United States and the United Kingdom, may not have any significant strategic significance for longer-term stability and prosperity amongst ASEAN countries, Australia, and China. Some argue that Australia should instead focus on developing stronger economic ties with China and other trading partners in the region.</p><p id="">‍</p><p id="">However, others argue that a closer alliance with the United States and its allies is necessary to ensure Australia's security in the face of an increasingly assertive China. They argue that a stronger military presence in the region could help to deter Chinese aggression and ensure regional stability.</p><p id="">‍</p><p id="">No doubt, the AUKUS defence pact has generated a tsunami of debates about Australia's relationship with China and its place in the region. While some argue that a closer alignment with the United States and its allies is necessary to ensure regional security, others argue that Australia needs to prioritise its economic relationships with China and other trading partners in the region. The debate highlights the complex geopolitical challenges facing Australia and the need for careful consideration of the country's foreign policy priorities.</p><p id="">‍</p><p id="">To take us through this storm of judgement, Australians need compelling and stable communications that accounts for the course the government has elected to take. With the intention to inform and update industry and communities. This narrative must be honest—any untruths or convenient exaggerations will most certainly be exposed by the passage of time.</p><p id="">‍</p><p id="">The AUKUS Nuclear-Powered Submarine Pathway: A QUICK GUIDE</p><p id="">‍</p><p id="">‍</p><h2 id="">WHAT IS AUKUS</h2><p id="">‍</p><p id="">The AUKUS nuclear-powered submarine pathway will deliver Australia a world-class capability that will see our nation become one of only 7 countries that operate nuclear-powered submarines.</p><p id="">‍</p><p id="">The pathway delivers significant long-term strategic benefits for Australia, the United Kingdom and the United States. It strengthens the combined industrial capacity of the 3 partners, with increased cooperation making trilateral supply chains more robust and resilient.</p><p id="">‍</p><p id=""><strong id="">THE COST:</strong> The AUKUS program is forecast to cost $268bn to $368bn between now and the mid 2050s, or about 0.15 per cent of Australia’s GDP. The government will spend $9bn over the next four years, offset by cuts in Defence. Of this figure, about $2.5bn will be invested in US shipyards to boost production of the Virginia-class submarines and $500m in Britain. The remaining $5bn will be invested domestically, including $2bn for new South Australian infrastructure.</p><p id="">‍</p><p id=""><strong id="">INDUSTRY: </strong>The trilateral nature of AUKUS will give rise to a unified supply chain, with all three partner countries contributing to each other’s industrial bases. This could involve SA companies creating parts to be fitted on Virginia-class submarines in the US. There will also be opportunities to sustain subs that will be rotating through HMAS Stirling – and the three US subs Australia will buy in the 2030s.</p><p id="">‍</p><p id=""><strong id="">FORWARD ROTATIONS:</strong> The US plans to increase nuclear submarine port visits to Australia starting this year. This will allow Australian sailors to join US crews for training. The British navy will begin increasing visits in 2026. As early as 2027, Britain and the US will establish a rotational presence of one Astute-class submarine and four Virginia-class submarines at HMAS Stirling near Perth. It will be dubbed “Submarine Rotational Force - West”, boosting the presence of nuclear-powered submarines in the region while Australia works on acquiring its own nuclear fleet.</p><p id="">‍</p><p id=""><strong id="">JOBS AND SKILLS: </strong>AUKUS will create 20,000 direct jobs across Australia over the next 30 years, including up to 8500 direct jobs in the industrial workforce alone. More than half – up to 5500 – of these will be in SA when construction at the Osborne shipyard reaches its peak in 20 to 30 years. Australia is facing a worrying skills shortage, particularly in nuclear expertise. Measures to address this shortfall include sending hundreds of civilian workers to learn in US and British shipyards. Navy officers will study nuclear courses in the two countries and be embedded on US and British nuclear submarines. Extra places in STEM courses will be added to SA universities and a shipbuilding academy will be created at Osborne.</p><p id="">‍</p>

<p id="">The regulator will invest "significant amount of time and resources" in the process, which is set to be completed by mid-2024. It will check for banks' ability to respond to and recover from cyberattacks, ECB's top official for oversight, Andrea Enria, <a href="https://www.bankingsupervision.europa.eu/press/interviews/date/2023/html/ssm.in230309~5f39ac5267.en.html" id="">said</a> in an interview with Lithuanian journalist Naglis Navakas.</p><p id="">‍</p><p id="">‍</p><h2 id="">ECB Cyber Stress Tests</h2><p id="">‍</p><p id="">The move from the agency comes amid worries about cyberthreats accelerated by Russia's ongoing invasion of Ukraine. The cyber dimension of the invasion appears mainly contained within Ukraine, "but there is a need to strengthen the defences in this area," Enria said.</p><p id=""><br></p><p id="">The ECB has announced plans to conduct cyber stress tests on European financial institutions that will simulate a range of cyber incidents, including DDoS attacks, data breaches, and ransomware attacks.</p><p id=""><br></p><p id="">The aim of the tests is to identify vulnerabilities in banks' IT systems and to assess their ability to respond to and recover from cyber incidents. The results of the tests will be used to inform the development of cyber security policies and practices, as well as to guide investments in IT security.</p><p id=""><br></p><p id="">Cyberattacks against lenders have gone up in recent months and include incidents that have caused market disruptions.</p><p id="">‍</p><p id="">In Feb. 2, 2023 The LockBit ransomware-as-a-service group added ION Group to its data leak site, stating that it will publish "all available data" on the morning of Feb. 4 unless it receives an extortion payment.</p><p id=""><br></p><p id="">ION Cleared Derivatives is part of ION Group, which offers software designed to automate the complete trade life cycle and the derivatives clearing process. It said <a href="https://iongroup.com/press-release/markets/cleared-derivatives-cyber-event/" id="">in a statement on its website</a> that a "cybersecurity event" had affected some of its services and that "the incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing."</p><p id=""><br></p><p id="">Thet London-based <a href="https://www.bankinfosecurity.com/ransomware-hit-on-ion-group-delays-eu-derivatives-trades-a-21077" id="">ION Cleared Derivatives</a>, which supports significant volume of derivatives trading, forced major European banks to process trades manually, causing delays in settling trades.</p><p>‍</p><h2 id="">Regulations on Third-Party Service Providers</h2><p id=""><br></p><p id="">In addition to the ECB's review, Rostin Behnam, the chairman of the US Commodity Futures Trading Commission, has announced that the agency will be working on regulations requiring the derivatives market to exercise more due diligence of third-party service providers.</p><p id=""><br></p><p id="">This is in response to the increasing number of cyber attacks targeting financial institutions that rely on third-party service providers for critical IT services. Cyber criminals often target third-party service providers as a way to gain access to the IT systems of financial institutions.</p><p id=""><br></p><p id="">By requiring the derivatives market to exercise more due diligence of third-party service providers, the US Commodity Futures Trading Commission aims to reduce the risk of cyber attacks targeting financial institutions. This is an important step towards improving cyber security in the financial sector, and could help to prevent future cyber attacks like the Lockbit ransomware attack against The ION Cleared Derivatives.</p><p id=""><br></p><p id="">Such incidents have prompted other regulators to take active measures to counter various cyberthreats. Following the ION hack, Rostin Behnam, the chairman of US Commodity Futures Trading Commission, <a href="https://www.bloomberg.com/news/articles/2023-02-03/cftc-chief-plots-new-cyber-rules-in-wake-of-ion-trading-hack" id="">said</a> that the agency will be working on regulations requiring the derivatives market to exercise more due diligence of third-party service providers.</p><p id="">‍</p>

<p id="">The Australian government has sought to assure south-east Asian and Pacific countries that its nuclear-powered submarine plan</p><p id="">‍</p><p id="">Asked how he would explain the project to Beijing, Mr Albanese said Australia could build its defence capabilities and improve its relationships with other countries in the region, including China, at the same time.</p><p id="">‍</p><p id="">“What I say is we’re investing in capability as we should, but we’re also investing in relationships as we are. It is not a contradictory position. It’s a consistent position,” he said.</p><p id="">‍</p><p id="">‍</p><h2 id="">Not a binary choice’</h2><p id="">‍</p><p id="">Leaks out of the UK and the US this week have started to point to the outlines of a deal that will be officially announced in San Diego on Monday, US time.</p><p id="">‍</p><p id="">CNC has reported the long-term Aukus plan would likely involve a British submarine design with heavy use of American technology – an outcome also reported by Bloomberg.</p><p id="">‍</p><p id="">But that does not preclude a US interim solution to plug a potential capability gap caused by the retirement of Australia’s existing Collins class conventional submarines from the late 2030s.</p><p id="">‍</p><p id="">The speed of procuring a first strike defence asset has been underscored by the Prime Minister&nbsp; “We need to ensure that Australia’s defence assets are the best they can be. And that we build our capability. At the same time, we need to build relationships. That’s what I’ve been doing," Albanese said.</p><p id="">‍</p><p id="">“I’ve been doing that here in India, we’re doing that throughout the Indo-Pacific, we’ve done that (and) improved our relationship with China in recent times as well.”</p><p id="">‍</p><p id="">Albanese confirmed he and Indian Prime Minister Narendra Modi had discussed the details of the submarine agreement and said briefings with other countries were “taking place as appropriate”.</p><p id="">‍</p><p id="">Beijing responded to the reports with a warning from Chinese Foreign Ministry spokeswoman Mao Ning, who said the deal posed “serious nuclear proliferation risks” and would undermine peace and stability in the region.</p><p id="">‍</p><p id="">We urge the United States, the UK and Australia to abandon the Cold War mentality and zero-sum game, faithfully fulfil their international obligations and do things that contribute to regional peace and stability,” she said.</p><p id="">‍</p><p id="">The submarines Australia is expected to acquire, known as the SSNR, are in the design phase, and it will be years before they are operational.</p><p id="">‍</p><h2 id="">China leading AI, Navy Combat Technology</h2><p id="">‍</p><p id="">On the other side of the Pacific, China has demonstrated not only boasting development of the largest Naval fleet,&nbsp; but also the most technologically advanced.&nbsp;&nbsp;</p><p id="">‍</p><p id="">China's Ship Design and Research Centre said the AI perfectly navigated more than 400 challenging design tasks, prompting leading senior engineer Luo Wei to declare the programme was 'ready for engineering applications' in China's shipbuilding industry to boost the speed of warship manufacturing.</p><p id="">‍</p><p id="">The shocking news comes just weeks after the US Secretary of the Navy warned that China's naval fleet has surpassed America's in terms of sheer size and is growing faster than US manufacturers have the capacity to match.</p><p id="">‍</p><h2 id="">Can policy keep up with ambition?</h2><p id="">‍</p><p id="">Australia's&nbsp; Naval commitment is on course to long awaited improvement on&nbsp; Defense modernisation and investment in next generation electronic warfare computing. It has become an all embracing National commitment which is geared to shift the middle power posture into a higher order.&nbsp;</p><p id="">‍</p><p id="">This is a long awaited&nbsp; implementation of AUKUS. A strategy, designed by the previous government and delivered by Albanese as head of State with Marles as Defense Minister. The results ought&nbsp; to recalibrate the power deterrence capabilities in the Pacific. The question remains how's the years of complacency come to wider gap, technology and speed of deployment.</p><p id="">‍</p><p id="">‍</p><h2 id="">The Navy arms race is led by China leveraging advanced technology with artificial intelligence.</h2><p id="">‍</p><p id="">It was reported in February the research team funded by the Chinese military says they used artificial intelligence to design the electrical layout of a warship with unprecedented speed and accuracy.</p><p id="">‍</p><p id="">It took the AI designer about a day to complete work that took humans, using the most advanced computer tools available, 300 times longer – or nearly a year, according to the team from the China Ship</p><p id="">‍</p><p id="">Chinese defence ministry&nbsp; announced the development of unmanned "Naval stealth drone." A 200 ton-class unmanned surface vessel, characterized by its capabilities in stealth and far sea operation,&nbsp; wrapped up its first autonomous sea trial meet mid 2022.</p><p id="">‍</p><p id="">In Stark contrast the track record in delivering large scale Naval project is not the best -&nbsp; It has always been a challenge, the current program to receive and deliver three Virginia-class submarines may still take up to 7 to 10+ years to realise, ongoing programs until 2040. There is no line of sight to a fix delivery date. With billions required to upgrade Perth Naval base&nbsp; and the Osborne shipyards in Adelaide.&nbsp;</p><p id="">‍</p><p id="">The three party nation program will expand the political and bureaucratic complexity in managing the timelines administration and deliverables of not one,.&nbsp; but several submarine projects.&nbsp;&nbsp;</p><p id="">‍</p><p id="">On Thursday 9th of March, Defence Minister and Acting Prime Minister Richard Marles told parliament the submarine program would be “a massive industrial endeavour” that would create thousands of jobs and lift the nation’s technological capacity.</p><p id="">‍</p><p id="">Unless the purchase announcement this month comes with&nbsp; more unexpected short term defence implementation, the Australia's Navy&nbsp; is no contest in the Pacific against China for the remainder of this decade..</p><p id="">‍</p><p id="">Unlocking Australia’s growth potential is the essential mechanism for the Albanese government to deliver on the AUKUS commitments that will shape our strategic and industrial policies across the next 40 years. The Labor Party has now imposed upon itself a series of ambitions that will shape this period of history – the technological upgrade to nuclear-powered submarines, the recasting of our economy given the massive renewable investment needed to achieve its 2030 clean energy transition and the essential shift to a sustainable fiscal position.</p><p id="">‍</p>

<p id="">This decade has provided evidence of the shift in power base in the pacific with China demonstrating their multi decade commitment to become a superior power whilst the United States, is contending with unprecedented Challenge forcing a new strategy to build a regional race in the pacific, not seen since the WWII, The result, has catapulted increased spending by several Pacific nations, with Australia leading a Tri - Nation pact with Aukus.&nbsp;</p><p id="">‍</p><p id="">This has also increased diplomatic activity across ASEAN nations and INDO pacific. With Prime Minister Albanese outlining policy integrating India as a first Tier defence partner in the Indo-Pacific.</p><p id="">‍</p><p id="">‍</p><h2 id="">Latest Tests by the Chinese Navy Using AI Technology</h2><p id="">‍</p><p id="">The rapid naval development is accelerating across the Pacific, The recent report issued February indicates China unassailable&nbsp; position as a Naval superpower in the pacific. China's Ship Design and Research Centre said the AI perfectly navigated more than 400 challenging design tasks, prompting senior engineer Luo Wei to declare the programme was 'ready for engineering applications' in China's shipbuilding industry to boost the speed of warship manufacturing.</p><p id="">‍</p><p id="">The shocking news comes just weeks after the US Secretary of the Navy warned that China's naval fleet has surpassed America's in terms of sheer size and is growing faster than US manufacturers have the capacity to match.</p><p id="">‍</p><p id="">A research team funded by the Chinese military says they used artificial intelligence to design the electrical layout of a warship with unprecedented speed and accuracy.</p><p id="">‍</p><p id="">It took the AI designer about a day to complete work that took humans, using the most advanced computer tools available, 300 times longer – or nearly a year, according to the team from the China Ship Design and Research Centre.</p><p>‍</p><p id="">According to Luo’s team, the AI designer project received funding from the Chinese military because design was the main area holding back the speed of production, rather than shipyard delays.</p><p>‍</p><p>‍</p><h2 id="">Superiority of Chinese Naval Forces in the South East Asia and Pacific</h2><p>‍</p><p id="">China's investments in AI technology have given it a significant military advantage in the South East Asia and Pacific regions. The development of AI-based decision-making tools and autonomous weapons systems could give China a significant military advantage in the region, potentially tipping the balance of power in its favour. Furthermore, China's unmanned vehicles, AI algorithms, and software allow its navy to quickly and effectively gather intelligence and carry out combat operations, without risking human lives.</p><p id="">‍</p><p id="">The Chinese Navy's use of AI technology also enables it to conduct surveillance and reconnaissance missions more effectively, giving it a better understanding of the movements and capabilities of other countries' navies in the region.</p><p id="">‍</p><p>‍</p><h2 id="">Potential First Strike Threat to Australia Borders</h2><p id="">‍</p><p id="">The Chinese Navy's growing military capabilities, including its investments in AI technology, have raised concerns among neighbouring countries, including Australia, about the potential for a first strike threat to their borders. The development of AI-based weapons systems, including autonomous torpedoes and missiles, could be used to target enemy vessels or other targets with a high degree of accuracy, without the need for human intervention.</p><p id="">‍</p><p id="">While it is unclear if China's investments in AI technology will result in a first strike threat to Australia's borders, the Australian government has been closely monitoring China's military activities in the region. In response to these concerns, the Australian government has been investing heavily in its own naval capabilities, including the development of its own unmanned vehicles and AI technology.</p><p>‍</p><p id="">The Chinese Navy's investments in AI technology have given it a significant military advantage in the South East Asia and Pacific regions, and have raised concerns among neighbouring countries about the potential for a first strike threat.</p><p id="">‍</p>

<h2 id="">Wikipedia "degraded" in Pakistan for blasphemous content.</h2><p id="">‍</p><p id="">TechCrunch <a href="https://techcrunch.com/2023/02/01/pakistan-degrades-wikipedia-warns-of-complete-block-over-sacrilegious-content/" id="">reports</a> that Pakistan's Internet authority yesterday "degraded" Wikipedia because of content it contains that is, in Islamic terms, sacrilegious. The Pakistan Telecommunication Authority asked Wikipedia to remove blasphemous content. Wikipedia has forty-eight hours to comply before being completely blocked in Pakistan. The online encyclopedia did not immediately respond to the takedown demand.</p><p id="">‍</p><p id="">‍</p><h2 id="">Ukraine news agency falls victims to foreign interference&nbsp;</h2><p id="">‍</p><p id="">The Ukrainian Computer Emergency Response Team (CERT-UA) on Friday <a href="https://cert.gov.ua/article/3718487" id="">reported</a> identifying five distinct strains of wiper malware in the networks of the Ukrinform news outlet. The strains, and the systems the affected, were: CaddyWiper (Windows), ZeroWipe (Windows), SDelete (Windows), AwfulShred (Linux), and BidSwipe (FreeBSD). The Russian hacktivist group "CyberArmyofRussia_Reborn" claimed credit in its Telegram channel for the infestations. BleepingComputer <a href="https://www.bleepingcomputer.com/news/security/ukraine-sandworm-hackers-hit-news-agency-with-5-data-wipers/" id="">says</a> that two of the strains, ZeroWipe and BidSwipe, represent either novel malware or, if they're existing, known strains, they're being tracked under unfamiliar names by CERT-UA.</p><p id="">‍</p><p id=""><a href="https://thecyberwire.com/stories/4138154429fa4eb69404c127d9b50b30/ukraine-at-d328-russia-takes-soledar-announces-military-expansion" id="">Two weeks</a> ago a Russian cyberattack <a href="https://mediacenter.org.ua/media-center-ukraine-ukrinform-hit-by-russian-cyberattack/" id="">interfered briefly</a> with Ukrinform online broadcasts. The interest in Ukrinform offers some confirmation of the Ukrainian view that Russian cyber operations are more closely connected with influence operations than they are with tactical operations.</p><p id="">‍</p><p id="">‍</p><h2 id="">What a Russian media ban means: perspective from a banned outlet.</h2><p id="">‍</p><p id="">Meduza, the expatriate Russian news service that publishes in Russian and English from its headquarters in Latvia, was <a href="https://meduza.io/en/news/2023/01/26/russia-has-outlawed-meduza" id="">banned</a> in Russia last week. Russia's Prosecutor General’s Office designated the service as an illegal, “undesirable organization” on the grounds that Meduza’s activities “pose a threat to the foundations of the Russian Federation’s constitutional order and national security." It's not, apparently, strictly speaking illegal to read Meduza in Russia (although as a practical matter it's unwise to rely on Moscow's concepts of legality) but interacting with Meduza in other ways is decidedly risky, clearly proscribed by Russian law.</p><p id="">‍</p><p id="">Meduza <a href="https://meduza.io/en/cards/life-after-undesirability" id="">offers a primer</a> on what users in Russia (and nota bene, travelers, it's "users in Russia," not just "Russian users") might face should they run afoul of the law. "Liking" and "commenting" are grey areas, maybe not illegal stricto sensu, but it's probably safer not to do them. The same can be said of forwarding Meduza newsletters (but printing them is probably worse, and would be construed as intent to distribute). Linking to or reposting Meduza content is clearly illegal, and carries criminal penalties. "The first time a Russian national is convicted of sharing content from an “undesirable” organization, the penalty is a fine of 5,000 to 15,000 rubles (about $70 to $215). Subsequent offenses carry the risk of felony prosecution, and violators can face up to four years in prison, community service, restrictions of freedom, or a raised fine of up to 500,000 rubles (more than $7,000)."&nbsp;</p><p id="">‍</p><p id="">‍</p><h2 id="">Industry perspectives on ChatGPT and other advanced AI.</h2><p id="">‍</p><p id="">ChatGPT has drawn considerable attention for its potential abuse in the production of deep fakes that could be employed in both fraud and disinformation. Adrien Gendre, Chief Tech and Product Officer at Vade, described the linguistic capabilities of the AI:</p><p id="">‍</p><p id="">"Hackers will use ChatGPT to develop multi-lingual communications with unsuspecting users in business supply chains. Many of the most notorious cybercriminal gangs and state-sponsored cybercriminals operate in countries like Russia, North Korea and other foreign countries. The positive of this, from a cybersecurity perspective, is that it makes personal communications from these threat actors—for example, in phishing and spear phishing emails—somewhat easier for end users to detect. With ChatGPT, that barrier is gone. This technology can develop written communications in any language, with perfect fluency. It will be very difficult for users to recognize that they are potentially communicating via email with an individual who barely speaks or writes in their language. The damage this technology will cause is almost a certainty."</p><p id="">‍</p><p id="">Benjamin Fabre, CEO at DataDome, also cautions that the technology has poorly understood malign potential. "ChatGPT and tools like it are a slippery slope; they make it easy to build sophisticated bots -- for good or for bad. And we all know that bad bots cause chaos. For example, ChatGPT could be leveraged to run unprecedented, massive influence fraud: bots can generate millions of realistic messages that automatically post across social media platforms or in mainstream media comments to attack companies, politicians, or countries."</p><p id="">‍</p><p id="">But it's not just a potential for disinformation. ChatGPT has many other uses. It's been used to write code, and its potential as a smart search tool has also been noted. Jerrod Piker, Competitive Intelligence Analyst at Deep Instinct, call it a "Swiss Army knife." For example, "The crypto community has latched on to this tool, and they are creating lots of useful applications such as trading bots and crypto blogs. One such trading bot was created to identify entry and exit points using simple moving averages of cryptocurrencies. This type of application could serve to automate the process of buying and selling cryptocurrencies for the masses with scary accuracy." And it has other benign uses. "Other recent positive uses include using ChatGPT to write a sample smart contract and patch vulnerabilities in existing smart contracts. On the other side of the coin, it could also be used to exploit those same vulnerabilities in smart contracts. Overall, the bot is very efficient at writing statements, blogs, and theses, and in one case, a crypto community member got it to write a song about losing all your money in crypto."</p><p id="">‍</p><p id="">Piker notes that, like any artificially intelligent system, ChatGPT is dependent for its accuracy, its utility, and its plausibility on the data used to train it. "As is the case with any AI-based tool, the system is only as accurate as the data upon which it is modeled. There is always a chance that either its data source has been corrupted in some way or is just not accurate or true. In these cases, users may run the risk of getting inaccurate parameters for crypto trading, which could cause buyers to lose money."</p><p id="">‍</p><p id="">There's also a great deal in the tasking. Well-constructed taskings produce better results than brute, maundering, or ill-intentioned requests. Michael Covington, VP of Portfolio Strategy at Jamf, describes the way these varying results are generated:</p><p id="">‍</p><p id="">"As with most technologies, the actual user of ChatGPT can significantly influence what the tool produces. With a thoughtful and well-phrased question, for example, the chatbot can produce an eloquent, detailed, and accurate response. On the other hand, a misleading, vague, or malicious task can produce very different results. The tool is only as effective as the skillfulness of the user that wields it.</p><p id="">‍</p><p id="">"While the technology behind ChatGPT has proven to aid in the advancement of malicious tooling (e.g., by creating compelling phishing content), there's no reason it can't also be used to better cybersecurity.</p><p id="">‍</p><p id="">"As with most products, the first applications and use cases addressed establish the brand. ChatGPT is still in its infancy, and it's clear that the community of users is pushing its limits and testing its effectiveness in various areas. What we're learning is that there are some places where the tool is more effective than the community was expecting (example: test results where the chatbot performs better than the average test taker).</p><p id="">‍</p><p id="">"It will be interesting to see how ChatGPT, and other technologies like it, can be used to better the outcomes it produces. If ChatGPT can develop an effective phishing attack, can ChatGPT also be used to identify its own phishing attacks?"</p><p id="">‍</p><p id="">Randy Lariar, Practice Director of Big Data, AI and Analytics at Optiv, offers some thoughts on the likely direction ChatGPT will take, and the effects it will have on various technology sectors and disciplines"</p><p id="">‍</p><p id="">"ChatGPT will help close the cybersecurity talent shortage &amp; skills gap – Given ChatGPT’s ability to help users quickly and easily access knowledge, search for answers and write code, the technology will help close the cybersecurity talent shortage by making a single security professional more effective. It also will help reduce the cybersecurity skills gap by enabling junior personnel to take on the responsibilities of more senior professionals.</p><p id="">‍</p><p id="">"ChatGPT will increase the risk of phishing – The AI model will provide a way for non-English speaking attackers and those with limited English to craft a phishing email with perfect spelling and grammar. It also will make it much easier for all bad actors to emulate the tone, word selection and style of writing of their intended target – which will make it harder than ever for recipients to decipher whether an email is legitimate.&nbsp;</p><p id="">‍</p><p id="">"The new wave of AI is here to stay, so organizations need to look at it holistically – All companies should aim to use their data to make better decisions. ChatGPT and other next-gen AI tools can help to accelerate this. Companies should have an offensive strategy to use AI technology to improve their business. However, they also need a defensive strategy for how they’ll secure themselves from evolving security risks. Companies need to be thinking about AI as they consider updating their policies, procedures and protocols to protect against bad AI-enabled actors.</p><p id="">‍</p>

<p id="">More than 400 distinct cloud applications delivered malware in 2022 as cloud adoption continues to rise, Netskope data shows.</p><p id="">‍</p><p id="">According to Zirilio, a Cybersecuritiy leader which operates a Security operations centre across Australian Health operators and government health agencies have registered a sharp increase in 2022 of malware traffic. The threat analysis is attributed to the ever growing adoption of cloud applications to support health care systems for national implementations. Recent announcements from Cyber security authorities across allied nations, is a stark reminder that the threat index for Health services providers in Australia will remain high in the&nbsp; sector.</p><p id="">‍</p><p id="">&nbsp;<a href="https://healthitsecurity.com/features/pros-and-cons-of-public-private-hybrid-multi-cloud-architectures" id="">Cloud adoption has been on the rise</a> in the healthcare sector for years for good reason as more organizations lean into <a href="https://healthitsecurity.com/features/what-is-holding-healthcare-back-from-digital-transformation" id="">digital transformation</a>. <a href="https://www.vantagemarketresearch.com/industry-report/healthcare-cloud-computing-market-1101" id="">According</a> to Vantage Market Research, the healthcare cloud computing market is expected to reach $128.19 billion by 2028, growing at a CAGR of 18.74 percent from 2021 to 2028.</p><p id="">‍</p><p id="">But despite rapid adoption, cloud technologies are <a href="https://healthitsecurity.com/news/many-cloud-attacks-end-in-financial-loss-for-healthcare-sector" id="">not immune to security threats</a>.</p><p id="">‍</p><p id="">According to new <a href="https://www.prnewswire.com/news-releases/netskope-threat-research-malware-delivering-cloud-apps-nearly-tripled-in-2022-301717314.html" id="">data</a> from Secure Access Service Edge (SASE) company Netskope, more than 400 distinct cloud applications delivered malware in 2022. That figure is nearly triple the amount observed in 2021. Netskope leveraged anonymized usage data collected by its Netskope Security Cloud platform to inform its insights.</p><p id="">‍</p><p id="">The <strong id="">lead manager for the </strong>security operating Centre at <a href="https://www.zirilio.com/" id="">Zirilio</a> remains vigilant and concerned on the increased cyber threat activity, Guidelines from the Zirilio Security Operating Centre are important resources to establish routine cloud audits and behavioral&nbsp; improvement on cyber hygiene.&nbsp;</p><p id="">‍</p><p id="">“Cloud malware delivery increased in 2022 after having remained constant in 2021, caused by an increase in the total number of apps abused to deliver malware and the quantity of malware downloads coming from the most popular apps,” the report noted.</p><p id="">‍</p><p id="">“Microsoft OneDrive’s position as the most popular cloud storage app in the enterprise also meant that it continued to lead the charts in 2022 as the origin of the plurality of cloud malware downloads.”</p><p id="">‍</p><p id="">In fact, 30 percent of the observed cloud malware downloads stemmed from Microsoft OneDrive alone, largely due to the fact that it is widely used around the world.</p><p id="">‍</p><p id="">COVID-19 sparked a rise in remote work, which subsequently led to an increased reliance on cloud-based collaboration apps, Netskope suggested. According to Netskope’s data, 40 percent of people use OneDrive daily, and more than 25 percent of people upload content to OneDrive daily.</p><p id="">‍</p><p id="">Healthcare experienced some of the largest increases in cloud malware downloads in 2022 compared to other industry verticals, along with the telecom and manufacturing sectors.</p><p id="">‍</p><p id="">“Phishing, scams, credit card skimmers, exploit kits, and other malicious web content also continued to rise in 2022. Compromised sites, sites created using free hosting services, and fake websites hosting seemingly legitimate content have helped attackers disguise malicious web content, making it difficult to filter malicious content using URL categorization alone,” the report stated.</p><p id="">‍</p><p id="">“The rise in cloud malware delivery and malicious web content underscores the importance of inspecting all content, from all destinations, for both web and cloud.”</p><p>‍</p><p id=""><strong id="">Multifactor Authentication (MFA) is not enforced.</strong> MFA, particularly for remote desktop access,</p><p id="">‍</p><p id="">can help prevent account takeovers. With Remote Desktop Protocol (RDP) as one of the most common infection vector for ransomware, MFA is a critical tool in mitigating malicious cyber activity. Do not exclude any user, particularly administrators, from an MFA requirement.</p><p id="">‍<br></p><p id=""><strong id="">Incorrectly applied privileges or permissions and errors within access control lists.</strong></p><p id="">‍</p><p id="">These IT mistakes can prevent the enforcement of access control rules and could allow unauthorized users or system processes to be granted access to objects.</p><p id=""><br></p><p id=""><strong id="">Remote services, such as a Virtual Private Network (VPN)</strong>, lack sufficient controls to prevent unauthorized access. Remote Desktop Protocol (RDP) is one of the most common infection vectors for ransomware, MFA is a critical tool in mitigating malicious cyber activity. Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access. During recent years, malicious threat actors have been observed targeting remote services.</p><p id=""><br></p><p id=""><strong id="">Strong password policies are not implemented</strong>. Malicious cyber actors can use a myriad of methods to exploit weak, leaked, or compromised passwords and gain unauthorized access to a victim system.</p><p id="">‍</p><p id="">Zirilio recommended that organizations enforce granular policy controls to limit data flow, deploy cloud data protection, and use behavioral analytics to detect compromised accounts and devices. The company also recommended that organizations inspect all HTTP and HTTPS traffic, including traffic within cloud apps, for any evidence of malicious activity.&nbsp;</p><p id=""><br></p><p id="">Despite these concerns, cloud-based technology can have great benefits to healthcare organizations. However, it is crucial to balance these benefits with carefully considered security measures in order to mitigate risk.</p><p id="">‍</p>

<p id="">Leaked information from the Canberra defence community indicates that Australia is to buy two types of nuclear-powered submarines under the AUKUS pact.</p><p>‍</p><p id="">The AUKUS treaty, which is an agreement between Australia, the United States and the United Kingdom, signed in 2021, has been making global headlines due to Australia's decision to purchase two nuclear submarines from the United States. The announcement of this purchase has significant geopolitical implications for the region, as well as broader implications for global security.</p><p>‍</p><p id="">The prime minister is expected to visit San Diego next week to announce Australia’s purchase of up to five Virginia-class submarines from the US, defying repeated warnings that American shipyards were stretched to full capacity and could not sell any boats to Australia.</p><p>‍</p><p id="">Australian Strategic Policy Institute analysts have previously estimated the submarine project could cost as much as $170 billion. They are expected to arrive sometime in the 2030s and could require Australia to spend billions of dollars to expand America’s shipbuilding capacity, on top of paying for the submarines.</p><p>‍</p><p id="">The Australian Federal Government signals a steadfast involvement in regional security strategies, cementing defence ties within the Indo-Pacific region. This comes after Albanese’s recent announcement of a “commitment to place India at the heart of Australia’s approach to the Indo-Pacific and beyond.” He argued that the security partnership between Australia and India was “of increasing strategic importance as we navigate the challenges of our region together.”</p><p>‍</p><p id="">“For Australia, India is a top tier security partner,” he said. “The Indian Ocean is central to both countries’ security and prosperity.”</p><p>‍</p><p id="">This coincides with The Age and The Sydney Morning Herald splashing their front pages earlier this week with the headlines such as “Australia ‘must prepare’ for threat of China war” and “Red alert: War risk exposed.”</p><p>‍</p><p id="">The article received mixed reactions from all four corners of the country, it also drew the ire of the former Labor leader and former PM Paul Keating, who berated the media company, the journalists and the editors for running the content.&nbsp;</p><p>‍</p><p id="">The Red Alert series on national security this week presented Peter Jennings, a former deputy secretary for strategy in the Defence Department, with the possibility of scenarios that the nation needed to prepare for a rapid escalation in the Pacific. He outlined that within 72 hours of a conflict breaking out over Taiwan, Chinese missile bombardments and devastating cyberattacks would begin pummeling Australia.</p><p>‍</p><p id="">“Distance is no longer equivalent to safety from our strategic perspective,” he says. In the first three days of a war, he says Beijing would be tempted to target Australian military bases with a long-range, intercontinental, ballistic missile attack to minimise our usefulness in the conflict.</p><p>‍</p><p id="">“If China seriously wants to go after Taiwan in a military sense, the only way they can really contemplate quick success is to pre-emptively attack those assets that might be a threat to them. That means Pine Gap goes,” he says, referring to the top secret US-Australian base in the Northern Territory that the US uses to detect nuclear missile launches.</p><p>‍</p><p id="">“We might not be able to change China’s objectives, but we can alter its cost calculations and behaviour and constrain its options,” Lavina Lee, a foreign policy expert at Macquarie University, argued in “What we do matters.”</p><p>‍</p><p id="">The decision by Australia to purchase two nuclear submarines from the United States is significant for several reasons. First, it marks a significant shift in Australia's defence strategy, as it moves away from its reliance on conventional submarines and towards a more advanced and technologically sophisticated platform. This move is seen as necessary to counter the growing military capabilities of China, which has been investing heavily in its naval capabilities in recent years.</p><p>‍</p><p id="">Despite these concerns, the AUKUS treaty and Australia's decision to purchase nuclear submarines from the United States are seen as a significant step forward in regional security and cooperation. The treaty represents a commitment by the US and the UK to support Australia in the face of growing threats from China, and it is seen as a sign of the deepening strategic partnership between the three countries.</p><p>‍</p><p id="">However, the move has also drawn criticism from other quarters, particularly from China. Chinese officials have accused the US and its allies of undermining regional stability and escalating tensions in the region. They have also expressed concerns about the potential for a nuclear arms race in the Indo-Pacific region.</p><p>‍</p><p id="">The decision by Australia to purchase two nuclear submarines from the United States under the AUKUS treaty has significant geopolitical implications for the region and broader implications for global security. While it is seen as a significant step forward in regional security and cooperation, it also raises questions about global non-proliferation efforts and the potential for a nuclear arms race in the Indo-Pacific region. As tensions between China and the United States continue to escalate, the AUKUS treaty and its implications will continue to be closely watched by policymakers and analysts around the world.</p><p id="">‍</p>

<p id="">WASHINGTON — U.S. Cyber Command is keeping a close watch on digital activity in the Russia-Ukraine war that may coincide with a springtime renewal of military operations, according to the organization’s leader, Gen. Paul Nakasone.</p><p>‍</p><p id="">Nakasone, who oversees both CYBERCOM and the National Security Agency, told <a href="https://www.defensenews.com/congress/2023/02/01/armed-services-panel-finalizes-roster-with-three-new-gop-senators/" id="">the Senate Armed Services Committee</a> March 7 that his teams are monitoring the situation in Ukraine “very carefully,” noting that Russia remains a “very capable adversary.”</p><p>‍</p><p id="">During his testimony, General Nakasone provided an overview of the current state of cybersecurity and outlined the challenges facing the United States in this area.</p><p>‍</p><p id="">“By no means is this done, in terms of the Russia-Ukraine situation,” Nakasone said, responding to questions from Sen. Richard Blumenthal, a Connecticut Democrat. “So, as Russia looks at armaments coming into the country, as Russia looks at different support, how do they react?”</p><p>‍</p><p id="">One of the key themes of General Nakasone's testimony was the growing threat posed by nation-state actors in the cyber domain. He noted that countries like Russia and China are investing heavily in their cyber capabilities and are using these capabilities to engage in a range of nefarious activities, including espionage, intellectual property theft, and even sabotage.</p><p>‍</p><p id="">General Nakasone also highlighted the growing threat posed by cybercriminals, who are using increasingly sophisticated techniques to target both individuals and organisations. He noted that cybercrime is a growing industry, with cybercriminals using a range of tools and tactics to conduct their activities, including ransomware attacks, phishing scams, and social engineering techniques.</p><p>‍</p><p id="">In addition to these threats, General Nakasone also highlighted the need for the United States to invest in its own cyber capabilities. He noted that the United States is facing a shortage of cyber professionals and that there is a need to increase investment in research and development to stay ahead of the curve.</p><p>‍</p><p id="">The war in Eastern Europe kicked off Feb. 24, 2022, when Moscow launched a surprise incursion across the border into Ukraine, seeking to topple the government in Kyiv.</p><p>‍</p><p id="">The invasion was preceded by a flurry of cyberattacks, including one on Viasat, a California company, meant to cripple command and control networks. The hack had no effect on Viasat’s government customers.</p><p>‍</p><p id="">The CyberPeace Institute, a Switzerland-based non-governmental organisation, has reported that in 2022 alone, there have been more<a href="https://cyberconflicts.cyberpeaceinstitute.org/" id=""> than 50 discrete </a>attacks&nbsp; on critical infrastructure and civilian systems in Ukraine. The organisation catalogued these discrete assaults, including ransomware attacks, distributed denial-of-service (DDoS) attacks, and data breaches, as part of its ongoing efforts to track cyber threats and promote peace and security in the digital domain.</p><p>‍</p><p id="">Overall, General Nakasone's testimony highlighted the significant challenges facing the United States in the area of cybersecurity. He noted the need for increased investment in research and development, as well as greater collaboration between the government and private sector, to address these challenges and protect against cyber threats.</p><p>‍</p>

<p id="">On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war. On that day, hours before missiles were launched and tanks rolled across borders, Russian actors launched a massive destructive cyberattack against Ukrainian government, technology, and financial sector targets characterised as the year of the hack by many research groups.&nbsp;</p><p id="">‍</p><p id="">The year 2022 has been characterised as a year in which organised nation-state attacks have influenced independent Sovereign Nations, and found themselves impacted to a level never witnessed in prior decades. We highlight a series of surveys from research houses and security monitoring agencies assessing the nature of information operations impacting public government systems, private sector health supply chain and&nbsp; all the way through critical military defense assets.</p><p id="">‍</p><p id="">Microsoft has reported an increased nation-state attacks as competing governments rush to compromise systems for cyber espionage and to spread misinformation. The company also observed increased password attacks as hackers “industrialize” cybercrime, thus lowering the entry barrier.</p><p id="">‍</p><p id="">According to Microsoft, nation-state attacks targeting critical infrastructure doubled from 20% to 40% in a year. This increase is primarily due to Russia targeting the critical infrastructure of Ukraine and its allies while also trying to gather intelligence by compromising IT firms worldwide.</p><p id="">‍</p><p id="">According to Microsoft<a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us" id="">Microsoft Digital Defense Report 2022</a>,, 90% of Russian attacks were against NATO countries, with nearly half (48%) targeting IT firms.</p><p>‍</p><p id="">Microsoft’s threat intelligence team also found that the time between the discovery and commoditization of software vulnerabilities had significantly reduced. The tech giant observed that it takes 14 days from when a vulnerability is publicly disclosed to its exploitation in the wild.</p><p id="">‍</p><p id="">In this report Edna Conway, Vice President, Security &amp; Risk Officer, Cloud Infrastructure outlined said;“ICT infrastructure suppliers are increasingly&nbsp; targets as they enable widespread replication of a single attack. At the same time, global legislation, regulation, and customer demands for supply chain security and resiliency are on the rise, often diverging in their requirements. The solution is partnership. Together with</p><p id="">suppliers and global governments”</p><p id="">‍</p><p id="">Many other Cyber security analysts agree with the “state of cyber warfare” that had impacted throughout 2022, the issues of social stability and governments - attempting to manage&nbsp; anti disinformation campaigns across the globe.&nbsp; Mandiant also provided insight with the <a href="https://www.mandiant.com/resources/blog/cyber-snapshot-issue-two" id="">release of</a> the second issue of its Cyber Snapshot report, looking at the proliferation of information operations (IOs), threats to NFTs and cryptocurrency, and enterprise security best practices.</p><p>‍</p><p id="">The researchers note that Russian state-sponsored threat actors are currently “conducting widespread IO campaigns to bolster the positive perception of the Russian invasion of Ukraine to the Russian people.”&nbsp;</p><p id="">‍</p><p id="">Meanwhile, China-aligned actors are carrying out information operations to “sway public opinion against the expansion of rare-earth minerals mining and refining operations in the U.S. and Canada, likely as an attempt to protect China’s heavy investments in rare-earth production.”</p><p id="">‍</p><p id="">The researchers add, “Mandiant finds that these kinds of campaigns are happening constantly. We regularly see new actors who operate on behalf of nation-states that have never before demonstrated a significant cyber capability.”</p><p id="">‍</p><p id="">ESET has published a <a href="https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/" id="">report</a> on POLONIUM, a Lebanese threat actor that sometimes coordinates with Iranian threat actors to target organizations in Israel. POLONIUM has exclusively targeted Israeli entities over the past year, with the goal of conducting espionage:</p><p>‍</p><p id="">"According to ESET telemetry, POLONIUM has targeted more than a dozen organizations in Israel since at least September 2021, with the group’s most recent actions being observed in September 2022.</p><p id="">‍</p><p id="">Despite these reports, dependencies on cloud-based technology, AI and social media platforms are having great benefits in communities for the economy and government authorities. However, it is evident that 2023 will remain a challenging year for governments maintaining a delicate balance between policy observers supporting democratisation of “data freedoms”, legislators issuing data privacy restriction reform, and the ever increasing government intervention which may spark authoritarian behavior - acting in the interest of national security.</p><p id="">‍</p>

<p id="">FALLS CHURCH, Va. — Generative artificial intelligence like the wildly popular ChatGPT has a promising future at the U.S. Department of Defense, where time-consuming tasks and red tape can clog the path to accomplishment, according to Lauren Knausenberger, the Air Force’s chief information officer.</p><p>‍</p><p id="">A smart assistant or AI-powered chatbot could efficiently find files, answer frequently asked questions or dig up contact information, among other menial assignments, Knausenberger said Feb. 28 at an event in Virginia hosted by Billington Cybersecurity. Automating such processes could save precious time and resources.</p><p>‍</p><p id="">The U.S. Department of Defense (DoD) is investing heavily in artificial intelligence (AI) and machine learning (ML) technologies to enhance its IT systems and capabilities. The DoD's strategy for using AI in its IT systems includes several key initiatives and references.</p><p>‍</p><p id="">One of the key initiatives is the Joint Artificial Intelligence Center (JAIC), which was established in 2018 to accelerate the adoption of AI across the DoD. The JAIC is responsible for developing and implementing AI technologies that enhance the DoD's capabilities in areas such as cybersecurity, logistics, and decision-making.</p><p>‍</p><p id="">Another key initiative is the DoD's AI and Data Ethics Initiative, which was launched in 2021 to ensure that the development and deployment of AI technologies are aligned with ethical principles and values. The initiative includes the development of guidelines and best practices for the ethical use of AI in the DoD.</p><p>‍</p><p id="">OpenAI’s ChatGPT — capable of carrying a convincing conversation and churning out content, like computer code or children’s stories — surpassed 1 million registered users within a week of its November launch.</p><p>‍</p><p id="">It quickly caught the attention of the Pentagon too. Generative AI, which fuels ChatGPT, was added to a Defense Information Systems Agency tech watch list, which previously featured 5G, zero-trust cybersecurity, edge computing and more.</p><p>‍</p><p id="">It is evident that in 2023 there will be extensive assessment on&nbsp; DoD's strategy for using AI in its IT systems, including several key initiatives and projects within JAIC, the AI and Data Ethics Initiative, and collaborations with industry partners and academic institutions. By leveraging AI technologies, the DoD aims to enhance its capabilities in areas such as decision-making, logistics, and cybersecurity, and maintain its technological edge in an increasingly complex and dynamic global security environment.</p><p>‍</p>

<p id="">Royal ransomware is continuing to be used in aggressive cyberattacks against critical infrastructure. As previously reported, the group poses a significant threat to the healthcare sector.</p><p>‍</p><p id="">Actions to take today to mitigate cyber threats from ransomware:</p><ul id=""><li id="">Prioritise remediating <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" id="">known exploited vulnerabilities</a>.</li><li id="">Train users to recognize and report <a href="https://www.cisa.gov/phishing-infographic" id="">phishing attempts</a>.</li><li id="">Enable and enforce <a href="https://www.cisa.gov/mfa" id="">multifactor authentication</a>.</li></ul><p>‍</p><p id="">To help organizations mitigate risk, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory (CSA) about the variant, providing the most comprehensive overview of the group’s tactics to date.</p><p>‍</p><p id="">Since September 2022, cyber threat actors have leveraged the Royal and its custom-made file encryption program to gain access to victim networks and request ransoms ranging from $1 million to $11 million, CISA and the FBI found.</p><p>‍</p><p id="">The healthcare sector has been particularly hard hit by Royal ransomware attacks, with several hospitals and healthcare providers falling victim to these attacks in recent years. These attacks have caused significant disruptions to patient care and have put lives at risk. Similarly, the manufacturing and communications industries have also been targeted by Royal ransomware attacks, which have caused significant disruption to operations and have resulted in the loss of sensitive data.</p><p>‍</p><p id="">The FBI and CISA's joint release highlights the seriousness of the threat posed by the Royal ransomware and the need for organizations to take proactive measures to protect themselves against these attacks. This includes implementing robust cybersecurity measures, such as regular software patching, network monitoring, and user awareness training. It also means working closely with law enforcement agencies and other stakeholders to share information and collaborate on cybersecurity initiatives.</p><p id="">‍</p><p id="">However, while these measures are essential, they are not sufficient on their own. Organizations must also take a broader view of cybersecurity and recognize that it is not just a technical issue, but also a business issue. This means ensuring that cybersecurity is integrated into all aspects of the organisation, from governance and risk management to compliance and vendor management.</p><p>‍</p><p id="">The FBI and CISA also recommended that network defenders implement key mitigations aligned with CISA’s Cybersecurity Performance Goals (CPGs), which were released in October 2022.</p><p>‍</p><p id="">Specifically, the authoring entities recommended that critical infrastructure organizations implement a strong recovery plan, require multi-factor authentication (MFA), segment networks, and keep all operating systems up to date.</p><p>‍</p><p id="">Lastly, the FBI and CISA reminded entities that they do not encourage paying a ransom to threat actors, “as payment does not guarantee victim files will be recovered.”</p><p>‍</p><p id="">“Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”</p><p>‍</p><p id="">The summary of&nbsp; the FBI’s and CISA's joint release on the continued use of the Royal ransomware in aggressive cyberattacks against critical infrastructure highlights the ongoing threat posed by cybercrime to organisations and 2023 still remains a tough environment for Cyber defenders and&nbsp; authorities.</p><p id="">‍</p>

<p id="">In the modern business environment, cyber threats pose a significant risk to public companies in Australia. These risks are a major concern for directors who have a fiduciary responsibility to protect shareholder value and maintain the financial integrity of their organization. One effective way for companies to protect themselves against cyber threats is by implementing a Security Information and Event Management (SIEM) system. In this analysis, we will explore the benefits of installing a SIEM for public companies in Australia and how this will assist in directors' disclosures responsibilities regarding possible breaches on cyber security reporting.</p><p id="">‍</p><h2 id="">Benefits of Implementing a SIEM System</h2><p id="">‍</p><p id="">Improved Threat Detection: A SIEM system is designed to detect and respond to potential cyber threats in real-time. It can analyze large amounts of data from multiple sources to identify suspicious behaviour or patterns that may indicate a cyber attack. This helps companies to detect and respond to threats before they cause significant damage.</p><p id="">‍</p><p id="">Enhanced Incident Response: A SIEM system can provide real-time alerts and notifications to key personnel in the event of a security incident. This helps companies to respond quickly and effectively, minimizing the impact of the incident and preventing further damage.</p><p id="">‍</p><p id="">Regulatory Compliance: Public companies in Australia are subject to a range of regulatory requirements, including the Australian Privacy Principles (APPs), the Notifiable Data Breaches (NDB) scheme, and the Corporations Act 2001 (Cth). A SIEM system can help companies to comply with these requirements by providing real-time monitoring and reporting on security incidents, data breaches, and other relevant events.</p><p id="">‍</p><p id="">Cost-Effective: Implementing a SIEM system can be a cost-effective way for companies to protect themselves against cyber threats. The cost of remediation, legal fees, and damage to reputation can be significant for companies that suffer a cyber attack. A SIEM system can help to prevent incidents from occurring in the first place, reducing the risk of financial and reputational damage.</p><p id="">‍</p><p id="">Improved Risk Management: A SIEM system provides a comprehensive view of a company's security posture, enabling it to identify and prioritize risks and implement appropriate mitigation measures. This can help companies to reduce the likelihood of security incidents and minimize the impact of any incidents that do occur.</p><p id="">‍</p><h2 id="">Examples of SIEM Systems in Action</h2><p id="">‍</p><p id="">One example of a public company that has implemented a SIEM system is the Commonwealth Bank of Australia (CBA). The bank implemented a SIEM system to provide real-time monitoring and analysis of its systems and networks. The system has helped the bank to detect and respond to potential cyber threats, reducing the risk of financial and reputational damage.</p><p id="">‍</p><p id="">Another example is Telstra, Australia's largest telecommunications company. Telstra implemented a SIEM system to help protect its networks and infrastructure from cyber threats. The system has helped the company to detect and respond to potential threats, enabling it to maintain the integrity of its networks and protect sensitive customer data.</p><p id="">‍</p><h2 id="">How a SIEM System Can Assist in Directors' Disclosures Responsibilities</h2><p id="">‍</p><p id="">Directors of public companies in Australia have a legal responsibility to disclose any material information that may affect the value of the company's shares. This includes information about potential cyber threats and data breaches. A SIEM system can help directors to fulfill this responsibility by providing real-time monitoring and reporting on security incidents and other relevant events.</p><p id="">‍</p><p id="">A SIEM system can also help directors to identify and prioritize risks associated with cyber threats. This can help them to make informed decisions about allocating resources and implementing appropriate mitigation measures to protect the company from cyber threats.</p><p id="">‍</p><p id="">Furthermore, a SIEM system can help directors to demonstrate due diligence in fulfilling their responsibilities regarding cyber security reporting. The system provides a comprehensive view of the company's security posture, enabling directors to identify potential risks and take appropriate action to protect the company from cyber threats.</p><p id="">‍</p><p id="">Conclusion</p><p id="">‍</p><p id="">In conclusion, a SIEM system can provide significant benefits for public companies</p><p id="">‍</p>

<p id="">Twitter has experienced several technology failures in the past that have caused the platform to go offline or become unstable. Some of these failures have been the result of server issues, software bugs, or cyber attacks.</p><p id="">‍</p><p id="">The "current API plan" part of the error message led to widespread speculation that the problem was related to Twitter's decision to charge for API access. "Did Twitter forget to subscribe to their own API?" one user asked. "Twitter's own products are breaking because it ended the free API," The Information tech reporter Paris Martineau wrote.</p><p id="">‍</p><p id=""><em id="">“A small API change had massive ramifications,” Twitter CEO Elon Musk wrote in a tweet on Monday, referring to the tool used by third-party developers who run programs that draw on Twitter data and post to its site. “The code stack is extremely brittle for no good reason. Will ultimately need a complete rewrite.”</em></p><p id="">‍</p><p id="">It was the second time Monday he’d turned to that explanation, both times calling the site “brittle.”</p><p id="">‍</p><p id="">Since taking over Twitter, CEO Elon Musk has laid off more than two-thirds of the company’s staff, embarking on aggressive cost-cutting and shedding workers in part by compelling them to commit to an “extremely hardcore” workplace or leave the company. The massive layoffs led to widespread concerns about Twitter’s ability to retain core functions, as critical engineering teams were reduced to one or zero staffers.</p><p id="">‍</p><p id="">Musk and Twitter did not immediately respond to requests for comment.</p><p id="">‍</p><p id="">Since taking over Twitter, Musk has followed through with a plan to cut 75 percent of the company’s staff, aggressively cut costs and pursued new revenue streams, such as charging $8 a month for the company’s signature blue verification icons. But his tenure has also been marked by embarrassing mishaps, such as the botched rollout of the check mark feature, which resulted in a swarm of impersonators and prompted Twitter to temporarily pause the subscription service on multiple occasions.</p><p id="">‍</p><p id="">Even before Musk’s takeover, Zatko, who was hired by Twitter in November 2020 as head of security, raised concerns about the potential for overlapping outages at Twitter's off-site data centres in a complaint filed with the Securities and Exchange Commission (SEC) in December 2020. The complaint alleged that Twitter was aware of the risks of overlapping outages but had failed to take adequate steps to mitigate those risks.</p><p id="">‍</p><p id="">The potential consequences of overlapping outages at Twitter's data centres could be severe. In the event of such an outage, the platform could become inaccessible or unstable, potentially resulting in lost revenue, damage to the platform's reputation, and a loss of user trust.</p><p id="">‍</p><p id="">Zatko's warning about overlapping outages at Twitter's data centres underscores the importance of robust and effective risk management practices in the technology industry. As the social media platform continues to grow in popularity and become more central to our daily lives, ensuring the reliability and security of these platforms is critical.</p><p id="">‍</p><p id="">The warning by Twitter whistleblower Peiter Zatko about the potential event of overlapping outages at Twitter's off-site data centres serves as a reminder of the critical importance of effective risk management practices in the technology industry.</p><p id="">‍</p><p id="">Monday wasn’t the first time Musk suggested Twitter’s code needed to be entirely rewritten. He has maintained that stance for months, since taking over the site last year. On a December Twitter Spaces, the site’s live audio feature, he said the company’s code base needed to be overhauled.</p><p id="">‍</p>

<p id="">U.S. Cyber Command, tasked with defending Department of Defense IT networks and coordinating cyberspace operations, is developing its own intelligence hub, after years of relying on other information gathering sources.</p><p id="">‍</p><p id="">The endeavour, still in its infancy, is meant to buttress data collection and augment CYBERCOM’s understanding of foreign capabilities in <a href="https://www.c4isrnet.com/cyber/2023/01/06/pentagon-hosts-five-eyes-partners-for-zero-trust-cybersecurity-talks/" id="">the ever-expanding cyber realm</a> including the alliance built with&nbsp; Five Eyes partners for zero-trust cybersecurity.</p><p id="">‍</p><p id="">The pivot to zero trust and the pursuit of widespread connectivity come as the U.S. prepares for a potential fight with China or Russia, world powers capable of intercepting military chatter and syphoning sensitive information from thought-to-be-secure systems.</p><p id="">‍</p><p id="">The Defense Department has since 2015 experienced more than 12,000 cyber incidents, according to a Government Accountability Office evaluation. Yearly totals have declined since 2017.</p><p id="">‍</p><p id="">“We know everything about a T-72 tank, all the way to every nut and bolt in there, for the Army,” Col. Candice Frost, the leader of the Joint Intelligence Operations Center at CYBERCOM, said at a Feb. 28 event hosted by Billington Cybersecurity in Virginia. “But we don’t have that for networks, with respect to an all-source capability.”</p><p id="">‍</p><p id="">“Congress asked us: Do we need a centre that is focused on all-source intelligence to <a href="https://www.armytimes.com/news/your-army/2022/12/13/army-one-star-general-fired-from-cyber-command/" id="">support Cyber Command</a>, in the cyber domain?” Frost said. “And the answer was a resounding yes.”</p><p id="">‍</p><p id="">The prospective Cyber Intelligence Center was previously teased by CYBERCOM’s director of intelligence, Brig. Gen. Matteo Martemucci. He told the Armed Forces Communications &amp; Electronics Association International’s Signal magazine in November that an in-depth review of assets highlighted a need for a hub dedicated to analysing cyber expertise and exploits abroad.</p><p id="">‍</p><p id="">It would complement the slate of well-established centres and intel-collecting practices with products that are sought-after but still not available, <a href="https://www.afcea.org/signal-media/intelligence/cyber-command-advocates-cyber-intel-center" id="">Martemucci said at the time</a>.</p><p id="">‍</p><p id="">Cyber as a discipline and general interest area has exploded in recent years. Paralysing ransomware attacks, as was seen with Colonial Pipeline, and the bloody Russia-Ukraine war have pushed discussions about digital destruction to the popular fore.</p><p id="">‍</p><p id="">“We’ve got great partners with the National Security Agency, and they’re very focused on signals intelligence. That’s a huge part of what we look at. But across the spectrum, a combatant command really needs all-source intelligence,” she said. “We have found, unfortunately, that the foundational layer in cybersecurity just wasn’t there.”</p><p id="">‍</p><p id="">The Cyber Intelligence Center would be primarily staffed through the Defense Intelligence Agency, which produces, analyses and disseminates military intelligence for combat and non combat missions.</p><p id="">‍</p><p id="">Frost in her remarks acknowledged the work already done by <a href="https://www.nasic.af.mil/" id="">National Air and Space Intelligence Center</a>, the National Air and Space Intelligence Center and others, which feed the U.S. defence colossus scientific and technical information about faraway forces.</p><p id="">‍</p><p id="">Frost - Indicated that the timeline for full implementation for a central source intelligence hub is yet unclear,&nbsp; referring to all matters in a large structured hierarchical Defence Force system, it will “take time”,&nbsp; however the plan is underway and the agency is forward-looking.</p><p id="">‍</p>

<p id="">Extortion payments from ransomware, a hacking scourge that has crippled hospitals, schools and public infrastructure, fell significantly last year, according to federal officials, cybersecurity analysts and blockchain firms.</p><p>‍</p><p id="">In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC.</p><p id="">‍</p><p id="">They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.</p><p id="">‍</p><p id="">Ransomware attacks have been a significant concern for many organizations in recent years, causing financial loss, reputational damage, and legal liability. However, there have been reports of a decrease in ransomware events in 2022, which is a welcome relief for businesses and individuals alike. The latest events provide the possible reasons for the reduction in ransomware events in 2022.</p><p id="">‍</p><p id="">The U.S&nbsp; Dept of Justice (DOJ),&nbsp; has signaled in recent years that it is ramping up its policing of cybercrime. In 2021, the agency created new groups internally, including the National Cryptocurrency Enforcement Team and the Ransomware and Digital Extortion Task Force.&nbsp;</p><p id="">‍</p><p id="">Such efforts have helped the DOJ investigate and extradite alleged hackers to the US, the agency said. For instance, federal prosecutors said last year that they brought in a man who had been detained in Poland to appear before a federal court. The agency said he had used the Sodinokibi/REvil ransomware against companies including software firm Kaseya.&nbsp;</p><p id="">‍</p><p id="">The agency has also stepped up its oversight amid high-profile attacks on domestic infrastructure, including the Colonial Pipeline hack that affected a 5,000 mile gas pipeline serving the East Coast of the US in 2021.</p><p id="">‍</p><p id="">In the DOJ's cybersecurity report in July, the department said it had been looking into more than "100 variants of ransomware" and groups it "suspected of causing over $1 billion in losses to victims."</p><p>‍</p><p id="">Countries are generally also stepping up their oversight of ransomware attacks and trying to improve privacy regulations, according to the research and consulting firm Gartner.</p><p>‍</p><p id="">Close to a third of nation-states are expected to devise laws governing ransomware by 2025, the firm said in a June report on its anticipated cybersecurity trends in the next year. In 2021, that figure was smaller than 1%, according to the report.&nbsp;&nbsp;</p><p>‍</p><p id="">The reduction in ransomware events in 2022 can be attributed to several factors, including increased cybersecurity measures, improved cybersecurity awareness, international law enforcement operations, improved backup and recovery strategies, and a change in attacker focus.</p><p id="">‍</p>

<p id="">Several large-scale data breaches impacted millions of Australians’ personal information in the second half of 2022, as part of a 26% increase in breaches overall, according to the latest <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/notifiable-data-breaches-report-july-december-2022" id="">Notifiable data breaches report</a> released today.</p><p id="">‍</p><p id="">Australian Information Commissioner and Privacy Commissioner Angelene Falk said cyber security incidents in particular can have significant impacts on individuals, and organisations need to be alert to the risks.</p><p id="">‍</p><p id="">“We saw a significant increase in data breaches that impacted a larger number of Australians in the second half of 2022,” she said.</p><p id="">‍</p><p id="">“Cyber security incidents continue to have a significant impact on the community and were the cause of the majority of large-scale breaches.”</p><p id="">‍</p><p id="">Thirty-three of the 40 breaches that affected over 5,000 Australians were the result of cyber security incidents. “Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Commissioner Falk said.</p><p id="">‍</p><p id="">“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”</p><p id="">‍</p><p id="">Commissioner Falk said organisations need to be vigilant as large-scale compromises of personal information may lead to further attacks.</p><p id="">‍</p><p id="">“As personal information becomes increasingly available to malicious actors through breaches, the likelihood of other attacks, such as targeted social engineering, impersonation fraud and scams, can increase.</p><p id="">‍</p><p id="">“Organisations need to be on the front foot and have robust controls, such as fraud detection processes, in place to minimise the risk of further harm to individuals,” she said.</p><p id="">‍</p><p id="">Figures released on Wednesday by the Office of the Australian Information Commissioner show five breaches affected between 1 million and 10 million people between July and December.</p><p id="">‍</p><p id="">The statistics do not name the entities breached or the exact size of the incidents but confirm a sharp rise in major cyberattacks and privacy breaches. The total number of incidents reported to the commissioner was up 26 per cent over the previous period, while the number of breaches that affected more than 5000 Australians rose 67 percent to 40.</p><p id="">‍</p><p id="">The cyber incidents of 2023 exposed publicly prominent Australian companies such as&nbsp; Medibank and Optus, Woolworths subsidiary MyDeal disclosed a breach affecting an estimated 2.2 million people. The breaches could also be from overseas companies that affected Australians.</p><p id="">‍</p><p id="">Criminal attacks accounted for 70 per cent of breaches, with the rest a result of problems such as human error and system faults. The healthcare, finance, insurance, professional services and recruiting industries reported the most breaches, in that order.</p><p id="">‍</p><p id="">Data breaches have to be reported to the commissioner’s office when a company, group or government entity loses control of personal information that is likely to result in serious harm that cannot immediately be remediated.</p><p id="">‍</p><p id="">Commissioner Angelene Falk said organisations should be auditing the amounts of data they have on people as a key step in avoiding serious hacks. “This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”</p><p id="">‍</p><p id="">Her office’s report noted the increased number of incidents disclosed could also be a product of greater awareness that breaches have to be reported.</p><p id="">‍</p><p id="">The federal government has increased fines since the Optus and Medibank breaches last year and is considering banning paying ransoms or requiring them to be reported, to stop Australia being a honeypot for hackers.</p><p id="">‍</p>

<p id="">It’s hard to believe that there have only been 36 cybersecurity attacks reported against ASX-listed companies in the last decade, although it's suspected that many breaches go unreported.&nbsp;</p><p id="">‍</p><p id="">What is harder to believe, is that of these 36 attacks, only 11 properly reported the breach to the regulators before the media announced it. For the other 25, their share market investors heard of the breach over their morning coffee and not directly from the company in which they had invested. These 25 companies were likely in breach – and not just cyber breach.&nbsp;</p><p id="">‍</p><p id="">Research by Professor Alex Fino has shown that, in the wake of a successful cyber attack, a company’s market value drops by 5 per cent – working out to be an average loss of half a billion dollars. This would appear to be a material, and therefore disclosable, event to the market.&nbsp;</p><p id="">‍</p><p id="">In the past, failure to report a cyber breach prior to telling the media might have been treated as more of an ‘oops’ moment, and a slap on the wrist from the regulators. Not anymore.&nbsp;</p><p id="">‍</p><p id="">The <a href="https://asic.gov.au/about-asic/news-centre/find-a-media-release/2023-releases/23-029mr-federal-court-sanctions-getswift-with-record-continuous-disclosure-penalty/" id="">Federal Court</a> has handed down the largest ever penalty against a company for breaching continuous disclosure laws, ordering GetSwift Limited (former ASX:GSW) (GetSwift) (in liquidation) to pay a penalty of $15 million. </p><p id="">‍</p><p id="">The Court described GetSwift as a company that “became a market darling because it adopted an unlawful public-relations-driven approach to corporate disclosure instigated and driven by those wielding power within the company.”</p><p id="">‍</p><p id="">The recommended fines from ASIC were doubled by the Federal Court – signalling the seriousness of the repeated failures to disclose. Now, while the case of GetSwift involved 22 failures to disclose, with the increasing frequency and severity of cyberattacks, ASIC has made it clear that cyber will be an increasing area of focus. Disclosure is not their only point of focus either, in the wake of<em id=""> ASIC v RI Advice Group Pt Ltd</em> [2002] FCA 496.&nbsp;</p><p id="">‍</p><p id="">The recent announcements by the labor government foreshadows the proposed changes in government, earmarked in the recently published <strong id=""><em id="">Australian cyber security strategy 2023</em></strong>-<strong id=""><em id="">2030</em></strong> on the 27th February 2023. In this document, the Home Affairs and Cybersecurity Minister emphasised the need to increase Australia's number one position in cybersecurity. The discussion paper foreshadows the need for increased responsibility of company directors to provide early disclosure of cyber incidents.&nbsp;&nbsp;</p><p id="">‍</p><p id="">The Albanese government has acknowledged that Australia has fallen behind other nations, and has announced a state of readiness by government and the private sector to handle mass-scale cyberattacks. In the wake of the Medibank and Optus cyber incidents, it has forced the government to now address corporate and directors’ responsibilities.&nbsp;</p><p id=""><br></p><p id="">Experts within the private sector and in government foresee a review of the current legislation and implementation of the new CyberSecurity Act, drawing together cyber-specific obligations and standards across industry and government. They also make reference to whether further developments to the SOCI Act are justified.</p><p id="">‍</p><p id="">The head of Zirilio Security Operating Centre ZSOC, <strong id="">Tim Dole</strong>, said<em id=""> “It’s easy to understand in the chaotic hours following the discovery of a cyber security attack on your business, that the minutiae of who needs to be told, and when, might overlook the attention of the in-house legal team, executive, board, and comms team”.</em></p><p id="">‍</p><p id="">Unlike natural disasters, there are various strategies that can be put in place as a means to prepare the state of readiness and increase the quality of security posture in the organisations’ enterprise networks and data security systems.</p><p id="">‍</p><p id="">“It’s a matter of planning, preparation, and practice. Rehearsing and implementing periodical vulnerability assessments<strong id=""> </strong>will aid complete visibility into the enterprise network, including all networked devices and their associated operating systems, applications and vulnerabilities”, said De Boer.</p><p id="">Following the latest national cyber incidents in 2022, the Australian Cyber Security Centre (ASCS) has engaged with industry to assist. Boards and executives can access support and be guided in all aspects of the organisation, including the risk posture of an organisation. Experts in cyber providers now have a pivotal role in providing guidance to enterprise-wide efforts, stemming from the direction of the board, the chief executives, through to the heads of technology, and every single end-user in the organisation.&nbsp;</p><p id="">‍</p><p id="">The recent increase in cyber attacks has provided greater attention to state federal governments authorities, legal experts and cyber risk leaders developing clearer communication and presenting resources that will also enable improvement of directors’ duties and management of corporate disclosure responsibilities. </p><p id="">‍</p>

<p id="">The Minister for Home Affairs and for Cyber Security, The Hon Clare O’Neil, announced the Cyber Security Strategy 2023 spearheaded by the Board of advisors chaired by former Telstra CEO Andrew Penn AO, Mel Hupfeld AO DSC and Rachael Falk.&nbsp;</p><p id="">‍</p><p id="">The Minister released a discussion paper in which the advisory board will engage with industry, civil society and academia. This will have the aim to present recommendations for the steps for the current governments 2023 - 2030 Australian Cyber Security Strategy.&nbsp;&nbsp;</p><p id="">‍</p><p id="">The announcements by the minister encouraged all users of the internet to be involved in the cyber strategy discussion.</p><p id="">‍</p><p id=""><em id="">“Everyone has skin in the game when it comes to Australia’s cyber security. If you use the internet, have a smart device in your home, or have a perspective on what Australia’s cyber security should look like” </em>said the Minister for Home Affairs.</p><p id="">‍</p><p id="">The government has outlined its aims to gather greater industry insight in to establishing a framework to secure economy, critical infrastructure and establish Australia as a global cyber leader.</p><p id="">‍</p><p id="">According to the Australian Cyber Security Centre’s (ACSC) 2021-22 Threat Report, one incident is reported on average every 7 minutes with over 76,000 cybercrime reports in 2021-22.</p><p id="">‍</p><p id="">“The incident with Medibank really showed the government that there was no functional cyber incident response mechanism within the Australian government,” reported Senator O’Neil.</p><p id="">‍</p><p id="">In the latest interview by ABC News, the Cyber Security Minister outlined the determination by the Albanese Government to set a new 2023-2030 strategy conducting an engagement model with industry government agencies to review legislation.</p><p id="">‍</p><p id=""><em id="">“It will make sure that all that great work that's happening in government and out in the community will be properly, strategically managed to make sure that we're cyber safe as a country. And the second is to make sure that when cyber incidents do occur, as they will continue to occur, we can quickly get back up off the mat and make sure that we're cyber resilient,” </em>O’Niel said.</p><p id="">‍</p><p id="">The recent document released emphasised the potential consideration of a new CyberSecurity Act, drawing together cyber-specific legislative obligations and standards across industry and government. It also makes reference to whether further developments to the Security of Critical Infrastructure Act is justified.&nbsp;</p><p id="">‍</p><p id="">The rapidly changing cyberspace environment has brought urgency to the Albanese Government to act in readiness to new technology that is not yet fully mature in Australia. The request for expert opinions wishes to leverage Australian knowledge, specially looking at a number of emerging technologies, such as quantum communications technologies which will form key components in assisting in the formulation of designing and sustaining security in new technologies towards 2030.</p><p id="">‍</p><p id="">The Cyber Security Strategy Discussion request for responses will close 15 April 2023.&nbsp;</p><p id="">‍</p>

<p id="">CyberMaxx, Inc., a tech-enabled cybersecurity services company, announced on the 29th of February that it has&nbsp; <a href="https://www.accesswire.com/741059/CyberMaxx-Announces-Acquisition-of-CipherTechs-to-Provide-Advanced-Cybersecurity-Solutions" id="">acquired</a>&nbsp; of CipherTechs LLC. </p><p id="">‍</p><p id="">CyberMaxx and CipherTech have joined forces to deliver a full range of cyber security solutions including offensive, defensive, digital forensics/incident response, and governance, risk &amp; compliance security services. Additionally, CyberMaxx announced the appointment of Brian Ahern to CEO.</p><p id="">‍</p><p id="">"CyberMaxx and CipherTechs have been around for more than two decades and have each built an incredible team and industry-leading offerings," said Brian Ahern, CEO of CyberMaxx. </p><p id="">‍</p><p id="">"Many companies today offer offensive or defensive solutions, but few have the full breadth we've brought together under a single umbrella. Bringing CipherTechs into the CyberMaxx family was a natural fit and strengthens our ability to proactively find vulnerabilities to create a strong defence for our customers. Taking a ‘hacker mindset' provides the greatest protection for our customers and shapes our full spectrum of offerings."</p><p id="">‍</p>

<p id="">HUB Cyber Security, based in Israel, a specialist developer of Confidential Computing cybersecurity solutions, has <a href="https://www.globenewswire.com/news-release/2023/03/01/2617784/0/en/HUB-Cyber-Security-Ltd-a-Developer-of-Con%EF%AC%81dential-Computing-Cybersecurity-Solutions-and-Services-Successfully-Closes-Its-Business-Combination-with-Mount-Rainier-Acquisition-Corp.html" id="">combined</a> officially with Mount Rainier Acquisition Corp, and begun trading on the stock market today. </p><p id="">‍</p><p id="">The combined enterprise is operating as Hub Cyber Security Ltd. “We are extremely pleased to complete this transaction and become a public company traded on the NASDAQ. HUB has grown rapidly, and we believe this transformative step will support our initiatives to capitalise on the large, and fast growing market for more efficient and effective cybersecurity solutions. </p><p id="">‍</p><p id="">Our goal is to continue to develop and implement advanced Confidential Computing and other cybersecurity technologies for our current and future customers in both government and private industries. </p><p id="">‍</p><p id="">Access to larger capital markets is expected to enable HUB to accelerate its growth plans both in technology development and customer adoption, while building more value for our public shareholders," said Uzi Moskovitch, Chief Executive of HUB.</p>

<p id="">Cisco announced intentions this past weekend to acquire Valtix, a company specialising in multi-cloud environment security, TechCrunch <a href="https://techcrunch.com/2023/02/27/cisco-to-acquire-startup-valtix-to-beef-up-its-multi-cloud-network-security/" id="">wrote</a> Monday. </p><p id="">‍</p><p id="">The terms of the deal were not shared. Cisco was already an existing investor in the company since 2020, which the outlet notes has allowed for them to see day-to-day operations and the product in depth.&nbsp;</p><p id="">‍</p><p id="">"As a strategic investor in Valtix since 2020, Cisco supports Valtix’s commitment to simplify network security, protecting workloads no matter which cloud they are created or consumed in,” said Cisco security business group SVP and Chief Product Officer, Raj Chopra, in a blog post announcing the deal. </p><p id="">‍</p><p id="">“With their cloud-native, easy-to-use control plane, they enable customers with common policy and enforcements of networking across all major public cloud environments.”</p><p id="">‍</p>

<p id="">Services Australia said it has “actioned” several security-related vulnerabilities found in an identity exchange it operates for the government’s digital identity system, including one rated 'high risk'.</p><p id="">‍</p><p id="">The vulnerabilities were uncovered in periodic security assessments commissioned by the agency, but only <a href="https://www.oaic.gov.au/privacy/privacy-assessments/handling-personal-information-services-australias-role-as-the-identity-exchange" id="">disclosed by the Office of the Australian Information Commissioner (OAIC)</a> last week.</p><p id="">‍</p><p id="">The exact nature of the vulnerabilities isn’t discussed, but they are broadly described as “ICT security-related” and relate to how the identity exchange handles personal information.</p><p id="">‍</p><p id="">There also isn’t an exact number of vulnerabilities published, although one was considered to present a “high risk” to privacy - demanding “immediate” attention, based on OAIC definitions - while “several” were considered to pose a medium risk.</p><p id="">‍</p><p id="">Because the OAIC report is based on field activity from this time last year, the remediation status of the vulnerabilities wasn’t immediately clear.</p><p id="">‍</p><p id=""><br></p><p id="">It's possible there was a year-long gap between the OAIC learning of the vulnerabilities and publishing a report, to follow responsible disclosure principles.</p><p id="">‍</p><p id="">Asked by <em id="">iTnews</em> whether the vulnerabilities had been remediated or mitigated, a Services Australia spokesperson said they had been “actioned” and that the exchange is safe to use.</p><p id="">‍</p><p id="">“All the medium to high risks from the security assessments referred to in the report have been actioned since the OAIC began its review 12 months ago,” the spokesperson told <em id="">iTnews.</em></p><p id="">‍</p><p id="">“Maintaining the security of all our systems, including the ID exchange, and the protection of people’s personal information remains a top priority and we have contemporary protections and processes in place.&nbsp;</p><p id="">‍</p><p id="">“The ID exchange remains secure and people can continue to use their Digital ID to securely sign in to government online services.”</p><p id="">‍</p><p id="">‍</p><h2 id="">"Not fully implemented"</h2><p id="">‍</p><p id="">When the OAIC went looking in February 2022, it found recommendations from penetration tests and annual Infosec Registered Assessors Program (IRAP) assessments that had not been “fully implemented” by the agency.</p><p id="">‍</p><p id="">An IRAP assessment, in particular, “recommended that Services Australia develop a detailed implementation plan and schedule for all critical and high-risk vulnerabilities that have been identified,” the OAIC noted.</p><p id="">‍</p><p id="">The watchdog recommended Services Australia “take steps to appropriately manage the medium and high risks identified in its regular information security assessments.”</p><p id="">‍</p><p id="">Services Australia accepted the recommendation and said in the report that it is “taking a coordinated approach, involving experts across various ICT and cyber security teams, to continue to appropriately implement the recommendations from previous ICT assessments.”</p><p id="">‍</p><p id="">The agency added its central cyber security division is working to improve the way it monitors and manages vulnerability remediation by the internal ‘owners’ of key business systems.</p><p id="">‍</p><p id="">Services Australia’s spokesperson did not address a question from <em id="">iTnews</em> about the apparent gaps in vulnerability tracking and remediation identified by the OAIC, and the status of addressing them.</p><p id="">‍</p><p id="">The spokesperson said that “regular security assessments are part of a suite of protections and an essential part of keeping our systems secure – this is an ongoing process.”</p><p id="">‍</p><p id="">“Any emerging risks from subsequent assessments are being prioritised and actioned accordingly,” the spokesperson said.</p><p id="">‍</p><h3 id="">‍</h3><h2 id="">Data breach response plan untested</h2><p id="">‍</p><p id="">The OAIC also found the data breach response plan for the identity exchange had never been tested, and did not contain specifics on who to contact for incident response.</p><p id="">‍</p><p id="">“Failing to test its data breach response plan in relation to the identity exchange creates a medium privacy risk as it may reduce Services Australia’s ability to identify risks and gaps in the plan and respond quickly to a data breach,” the privacy watchdog found.</p><p id="">‍</p><p id="">“This may include the risk that the failure to clearly indicate the response team and their responsibilities may mean that staff may not know of, or follow, Services Australia’s data breach response plan.”</p><p id="">‍</p><p id="">In response, Services Australia committed to run a test of the response plan in the first quarter of 2023.</p><p id="">‍</p><p id="">‍</p><h2 id="">Other key findings</h2><p id="">‍</p><p id="">The privacy assessment identified some other “medium” risks, including an un-updated privacy policy - since corrected; a lack of measurable goals and targets for privacy-related improvements, and lack of documentation detailing the separation of Services Australia and digital identity system (DIS) functions.</p><p id="">‍</p><p id="">“There is a medium risk that the separation of Services Australia’s DIS functions will not be properly enforced and any privacy issues regarding the identity exchange will not be managed appropriately and consistently,” the privacy watchdog said.</p><p id="">‍</p><p id="">“For example, it may increase the risk of personal information collected for the identity exchange being used or disclosed for a secondary purpose.”</p><p id="">‍</p><p id="">The agency said it would address the latter two issues by the end of next month.</p><p id="">‍</p><p id="">‍</p><h2 id="">Switchboard</h2><p id="">‍</p><p id="">The digital identity exchange is <a href="https://www.buyict.gov.au/sp?id=platform_details&sys_id=dbb64509db9e2c1031d7413b3a9619e9" id="">one component</a> of the broader digital identity system (DIS) run by the government.</p><p id="">‍</p><p id="">The exchange “acts like a switchboard, transferring information, with [user] consent, between relying parties, identity providers and attribute service providers, in a way which is secure and respects [user] privacy”, documentation for the DIS <a href="https://www.digitalidentity.gov.au/system-partners" id="">states</a>.&nbsp;</p><p id="">‍</p><p id="">The DIS is intended to act as a way to authenticate to government services, initially both federal and state or territory.</p><p id="">‍</p><p id="">So far, users can only create a digital identity to access government services using the government’s own myGovID, but it is envisioned that other identity providers will also be added in the future.</p><p id="">‍</p>

<p id="">California-headquartered technology company <a href="https://cts.businesswire.com/ct/CT?id=smartlink&url=http%3A%2F%2Fwww.keysight.com&esheet=53341346&newsitemid=20230223005662&lan=en-US&anchor=Keysight+Technologies%2C+Inc.&index=1&md5=b5b3354ed38f54bb8179ce34709dd0cb" id="">Keysight Technologies, Inc.</a> (NYSE: KEYS), &nbsp;a leading technology company that delivers advanced design and validation solutions to help accelerate innovation to connect and secure the world,&nbsp; <a href="https://www.businesswire.com/news/home/20230223005662/en/" id="">announced its acquisition</a> it has acquired of design data management provider Cliosoft.&nbsp;</p><p id="">‍</p><p id="">&nbsp;Cliosoft and will be adding the company’s line of hardware design data and intellectual property (IP) management software tools to its portfolio of electronic design automation (EDA) solutions.</p><p id="">‍</p><p id="">Keysight says that with the acquisition comes the addition of Cliosoft's hardware design data and intellectual property (IP) management software to Keysight's existing portfolio.&nbsp;</p><p id="">‍</p><p id="">“One of our top business priorities is creating digital, connected workflows from design to test that accelerate customers’ digital transformation. We see a tremendous opportunity in the PDM space to leverage Cliosoft’s current capabilities combined with our design-test solutions expertise," said Niels Faché, Vice President and General Manager of Keysight EDA.&nbsp;</p><p id="">‍</p><p id="">"Adding PDM solutions to the portfolio is a natural progression of our open EDA interoperability strategy to deliver best-in-class tools and workflows in support of increasingly complicated product development lifecycles. Cliosoft offers proven software tools that enable product teams to perform data analytics and accelerate time to insight. The result of faster insight and greater reuse is improved productivity in the verification phase and shorter overall development cycles.”</p><p id="">‍</p>

<p id="">The head of the Central Intelligence Agency told the Munich Security Conference on Saturday that Russia was putting a lot of work into disrupting the agency’s intelligence collection efforts — but without significant success.</p><p id="">‍</p><p id="">CIA Director William Burns, speaking alongside Michael Turner, the chair of the House Intelligence Committee, said the United States “providing usable intelligence” to Ukraine has been one of the most important contributions “besides weapons” that the U.S. has made to the country’s defense.</p><p id="">‍</p><p id="">Turner said that prior to the start of the invasion “we’d taken our eye off the ball with Russia,” and praised director Burns for leading the efforts to “pull together new information and analytical scrutiny” to get the U.S. intelligence community into shape.</p><p id="">‍</p><p id="">Burns acknowledged that the Biden administration had been concerned during the early days of the invasion that providing too much intelligence to Ukraine could have been seen as “provocative” by Russia, but that it quickly became apparent the withholding of information “was inhibiting the Ukrainian ability to be successful.”</p><p id="">‍</p><p id="">The administration’s initial rules about sharing intelligence were “way too restrictive,” said Burns, who added that the CIA believed Ukraine should know the actual physical locations of Russian troops. When these rules were changed “it enabled us to provide tactical intelligence which had an impact on the battlefield,” he added.</p><p id="">‍</p><p id="">“It’s a constant challenge to continue to use intelligence and share it wisely and quickly to keep Putin on the back foot, but that’s something we’re deeply committed to,” the director added.</p><p id="">‍</p><p id="">Harvard political scientist Graham Allison, who chaired the panel, said that he thought it was fair for Putin to describe the U.S. providing intelligence on targets for Ukraine as an act of hostility, and asked whether Russia had been successful in countering the agency’s collection efforts.</p><p id="">‍</p><p id="">Burns responded that the CIA was “not seeing any loss of capabilities” but “seeing a lot of effort from Russia to close down intel visibility.”</p><p id="">‍</p><p id="">“The intelligence sharing that we engage in — and it’s a two-way street, we’ve learned a lot from our NATO partners, we learn a lot from the Ukrainians as well — has been the essential cement in the coalition that the president has organized,” said Burns.</p><p id="">‍</p>

<p id="">More than <a href="https://www.securitymagazine.com/articles/97046-over-22-billion-records-exposed-in-2021" id="">4,100 publicly disclosed data breaches occurred in 2022</a> equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by <a href="https://www.securitymagazine.com/articles/97046-over-22-billion-records-exposed-in-2021" id="">as much as five percent</a>.</p><p id="">‍</p><p id="">According to Zirilio, a Cybersecuritiy leader which operates a Security operations centre that assists Australian enterprise and government agencies registered in 2022 unprecedented cyber threat activity. In May and June 2022 Zirilo&nbsp; published threat warnings, in parallel to the announcements from Cyber security authorities across allied nations UK New Zealand and UNited states threat index in Australia was about to reach historic levels. Unfortunately, the expert predictions came true.</p><p id="">‍</p><p id="">“Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system,” the advisory began.</p><p id="">‍</p><p id="">In this article, looking through the “Cyber Threat hourglass” of 2022, we reveal which data breaches and leaks and the phishing, malware and cyber attacks ranked among our top Global most-read cyber security news stories.</p><p id="">‍</p><p id="">Read on to hear about data breaches at Revolut, Medibank Twitter, Optus,&nbsp; Uber and Rockstar, and let us know if you were impacted by any of the incidents covered in the comment section below.&nbsp;</p><p id="">‍</p><p id="">‍</p><h2 id="">Twitter confirms data from 5.4 million accounts was stolen</h2><p id="">‍</p><p id="">In July 2022, a hacker that went by the alias ‘devil’ posted on hacking forum BreachForums that they had the data of 5.4 million Twitter accounts for sale.</p><p id="">‍</p><p id="">The stolen data included email addresses and phone numbers from “celebrities, companies, randoms, OGs”. ‘OGs’ refers to Twitter handles that are either short, comprising of one or two letters, or a word that is desirable as a screen name, for example, a first name with no misspelling, numbers or punctuation. The hacker ’devil’ said they would not be accepting offers “lower than [$30,000]” for the database.&nbsp;</p><p id="">‍</p><p id="">The data breach was the result of a vulnerability on Twitter that was discovered in January 2022.</p><p id="">‍</p><p id=""><strong id="">Learn more about </strong><a href="https://www.cshub.com/attacks/news/54-million-twitter-accounts-reportedly-on-sale-in-hacking-forum" id=""><strong id="">the vulnerability that led to the data breach here</strong></a><strong id="">.</strong></p><p id="">‍</p><p id=""><strong id="">We have our own Twitter story</strong></p><p id="">‍</p><p id="">‍</p><h2 id="">Hacker allegedly hits both Uber and Rockstar</h2><p id=""><br></p><p id="">Between September 15–19, 2022, a hacker allegedly hit both rideshare company Uber and video game company Rockstar.</p><p id="">‍</p><p id="">On September 15, Uber’s internal servers were accessed following after a contractor’s device was infected with malware and their login details were sold on the dark web. The hacker accessed several other employee accounts, which then gave them access to a number of internal tools. The hacker then posted a message to a company-wide Slack channel and reconfigured Uber’s Open DNS to display a graphic image to employees on some internal sites.</p><p id="">‍</p><p id="">The hack into Rockstar Games, developer of the Grand Theft Auto (GTA) game series, was discovered on September 19, 2022. A user called teapotuberhacker posted on Grand Theft Auto game series fan site GTAForums: “Here are 90 footage/clips from GTA 6. It’s possible I could leak more data soon, GTA 5 and 6 source code and assets, GTA 6 testing build.”&nbsp;</p><p id="">‍</p><p id="">In the post’s comments, the hacker claimed they had “downloaded [the gameplay videos] from Slack” via hacking into channel used for communicating about the game.</p><p id="">‍</p><p id="">Rockstar Games made a statement via Twitter that said the company had suffered a “network intrusion” which had allowed an unauthorized third party to "illegally access and download confidential information form [its] systems”, including the leaked GTA 6 footage.</p><p id="">‍</p><p id="">‍</p><h2 id="">9.7 million peoples’ information stolen in Medibank data leak</h2><p id=""><br></p><p id="">On October 13, 2022, Australian healthcare and insurance provider Medibank detected some “unusual activity” on its internal systems. The company was then contacted on October 17 by the malicious party, who aimed to “negotiate with the [healthcare] company regarding their alleged removal of customer data”. However, Medibank publicly refused to bend to the hacker’s demands.</p><p id="">‍</p><p id="">Medibank revealed the true extent of the hack on November 7, announcing that the malicious actor had gained unauthorized access to and stole the data for 9.7 million past and present customers. The information included confidential and personally identifying information on medical procedures including codes associated with diagnosis and procedures given.</p><p id="">‍</p><p id="">Following Medibank’s continued refusal to pay a ransom, the hacker released files containing customer data called "good-list" and "naughty-list" on November 9, 2022.</p><p id="">‍</p><p id="">The so-called “naughty-list” reportedly included details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders.&nbsp;</p><p id="">‍</p><p id="">On November 10, they posted a file labelled “abortions” to a site backed by Russian ransomware group REvil, which apparently contained information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.</p><p id="">‍</p><p id="">‍</p><h2 id="">Hacker attempts to sell data of 500 million WhatsApp users on dark web</h2><p id="">‍</p><p id="">On November 16, 2022, a hacker posted a dataset to BreachForums containing what they claimed to be up-to-date personal information of 487 million WhatsApp users from 84 countries.&nbsp;&nbsp;</p><p id="">‍</p><p id="">In the post, the alleged hacker said those who bought the datasets would receive “very recent mobile numbers” of WhatsApp users. According to the bad actor, among the 487 million records are the details for 32 million US users, 11 million UK users and six million German users.&nbsp;</p><p id="">‍</p><p id="">The hacker did not explain how such a large amount of user data had been collected, saying only that they had “used their strategy” to obtain it.</p><p id="">‍</p><p id="">Learn more about the data breach <a href="https://www.cshub.com/attacks/news/hacker-attempts-to-sell-data-of-500m-whatsapp-users-on-dark-web" id="">in this November post</a>.</p><p id="">‍</p><p id="">‍</p><h2 id="">Personal and medical data for 11 million people accessed in Optus data breach&nbsp;&nbsp;</h2><p id="">‍</p><p id="">Australian telecommunication company Optus suffered a devastating data breach on September 22, 2022 that has led to the details of 11 million customers being accessed.&nbsp;</p><p id="">‍</p><p id="">The information accessed included customers’ names, dates of birth, phone numbers, email and home addresses, driver’s license and/or passport numbers and Medicare ID numbers.&nbsp;</p><p id="">‍</p><p id="">Files containing this confidential information were posted on a hacking forum after Optus refused to pay a ransom demanded by the hacker. Victims of the breach also said that they were contacted by the supposed hacker demanding they pay AU$2,000 (US$1,300) or their data would be sold to other malicious parties.</p><p id="">‍</p><p id="">Find out more about <a href="https://www.cshub.com/attacks/news/iotw-everything-we-know-about-the-optus-data-breach" id="">how the Optus data breach occurred</a> in this September post.</p><p id="">‍</p><p id="">‍</p><h2 id="">More than 1.2 million credit card numbers leaked on hacking forum</h2><p id="">‍</p><p id="">Carding marketplaces are dark web sites where users trade stolen credit card details for financial fraud, usually involving large sums of money. On October 12, 2022, carding marketplace BidenCash released the details of 1.2 million credit cards for free.&nbsp;</p><p id="">‍</p><p id="">A file posted on the site contained the information on credit cards expiring between 2023 and 2026, in addition to other details needed to make online transactions.</p><p id="">‍</p><p id="">BidenCash had previously leaked the details of thousands of credit cards in June 2022 as a way to promote the site. As the carding marketplace had been forced to launch new URLs three months later in September after suffering a series of DDoS attacks, some cyber security experts suggested this new release of details could be another attempt at advertising.&nbsp;&nbsp;</p><p id="">‍</p><p id="">Discover <a href="https://www.cshub.com/attacks/news/over-12-million-credit-card-numbers-leaked-on-hacking-forum" id="">how BidenCash gained access to 1.2 million credit card details</a> in our October coverage.</p><p id="">‍</p><p id="">‍</p><h2 id="">Twitter accused of covering up data breach that affects millions</h2><p id="">‍</p><p id="">On November 23, 2022, Los Angeles-based cyber security expert Chad Loder tweeted a warning about a data breach at social media site Twitter that had allegedly affected “millions” across the US and EU. Loder claimed the data breach occurred “no earlier than 2021” and “has not been reported before”. Twitter had previously confirmed a data breach that affected millions of user accounts in July 2022, <a href="https://www.cshub.com/attacks/articles/the-biggest-data-breaches-and-leaks-of-2022#:~:text=7.%20Twitter%20confirms,accounts%20for%20sale." id="">as seen in point seven of this article</a>.&nbsp;</p><p id="">‍</p><p id="">Loder stated, however, that this “cannot” be the same breach as the one they reported on unless the company “lied” about the July breach. According to Loder, the data from the November breach is “not the same data” as that seen in the July breach, as it is in a “completely different format” and has “different affected accounts”. </p><p id="">‍</p><p id="">Loder said they believed that the breach occurred due to malicious actors exploiting the same vulnerability as the hack reported in July.</p><p id="">‍</p>

<p id="">Hackers have devised a way to bypass ChatGPT’s restrictions and are using it to sell services that allow people to create malware and phishing emails, researchers said on Wednesday.</p><p id="">‍</p><p id="">Hackers have found a simple way to bypass those restrictions and are using it to sell illicit services in an underground crime forum, researchers from security firm Check Point Research reported. </p><p id="">‍</p><p id="">The technique works by using the ChatGPT application programming interface rather than the web-based interface. ChatGPT makes the API available to developers so they can integrate the AI bot into their applications. It turns out the API version doesn’t enforce restrictions on malicious content.</p><p id="">‍</p>

<p id="">Justin Bassi is executive director of the Australian Strategic Policy Institute. Bec Shrimpton is director of The Sydney Dialogue, the institute's annual technology policy summit.</p><p id="">‍</p><p id="">This article explores the perspective of past and present changing dynamics within government posture regarding authoritarian regimes that maliciously use critical tech manipulating markets in the private sector. The ambitions by the superpowers to establish Geo-political supremacy is driving National Security interest above social values. This leads to the misuse of critical technology, absence of standard rules based systems that could&nbsp; encourage knowledge economy by exchanging science and Innovation.&nbsp;</p><p id="">‍</p><p id="">These unfavourable open conditions stifle generations of innovators to expand the possibilities for society. Instead they must contend with the threats of a potentially malicious cyberspace filled with hybrid threats and cyber security politics.&nbsp;</p><p id="">‍</p><p id="">This is the new reality, which dominates the crossroads of east and western powers that is currently shaping the lexicon of foreign relations across the globe.&nbsp;&nbsp;</p><p id="">‍</p><p id="">The article also shares some inroad between regions across Europe, U.S and Asia opening dialogue and finding&nbsp; agreements towards sharing and protecting intellectual protection and collaborating in research.&nbsp;</p><p id="">‍</p><p id="">The Cold War was a competition over technology and a global contest over conflicting values.</p><p id="">‍</p><p id="">Recognizing the intersection between the two, the West invested not just in getting ahead in decisive fields such as nuclear and space technologies but also in establishing rules, norms and standards based on its values. The results can be seen in standard-setting foundations such as the International Atomic Energy Agency and the five major United Nations space treaties.</p><p id="">‍</p><p id="">The challenge for organisations which aim to work towards global standards recognition forums and treaties, is the approach of emerging regional powers as well as the superpower creating their own conditions which contest the aspiration of the common objectives. One major issue with the pursuit of geopolitical supremacy is the lack of standard rules-based systems. The absence of such systems enables countries to exploit technology for their own interests and undermines global cooperation. For instance, the use of offensive cyber operations by governments to achieve strategic and political objectives often goes unchecked, leading to a lack of accountability and transparency.</p><p id="">‍</p><p id="">Furthermore, the focus on national security interests can also lead to a lack of exchange of science and innovation. Countries that prioritise their own interests may be less willing to share scientific and technological knowledge, hindering progress and creating barriers to innovation. This can result in a missed opportunity to foster a knowledge economy, where scientific and technological advancement can drive economic growth and development.</p><p id="">‍</p><p id="">The misuse of technology has significant implications for society. For example, the use of artificial intelligence to develop autonomous weapons systems can lead to unintended consequences and undermine ethical values. The development of quantum computing, which has the potential to significantly advance scientific research and technological capabilities, can also be misused for destructive purposes.</p><p id="">‍</p><p id="">Liberal democracies and open economies had won the day, and so we mistakenly assumed that rules, standards and democratic values for new technologies to come would take care of themselves. After all, these features were by then baked into the strategic and economic world order, including the tech sectors that the West dominated, weren't they?</p><p id="">‍</p><p id="">If so, nobody told the authoritarian world, which was given a virtual monopoly on seizing the strategic advantages of technology while the West clung to the idea that governments should stay out of the private sector's way when it came to innovation.</p><p id="">‍</p><p id="">While then-U.S. President Bill Clinton summed up the Western view in 2000 with his quip that controlling the internet was like "nailing Jell-O to a wall," China and Russia set about turning a threat into an opportunity.</p><p id="">Ten years later, as the West incorrectly judged that the Arab Spring had proved that the anarchy of social media could not be contained, China and Russia saw the potential to increase both domestic control and their reach into other nations. Today, we see their fundamentally different vision for technology realised in their enhanced oppression and censorship at home, their export of capabilities that expand authoritarianism globally and their exertion of influence in other countries' domestic politics.</p><p id="">‍</p><p id="">‍</p><p id="">It is time for the global community to act. Standards and norms based on values that protect essential human rights such as privacy and freedom from persecution urgently need to be built anew for the 21st century through an international effort, which should be led by democratic nations.</p><p id="">‍</p><p id="">‍</p><p id="">The West has been gradually waking up. Around five years ago, the potential of 5G telecommunications networks to power societies and economies forced Western governments to treat them as a national security issue and to start rethinking the geostrategic implications of critical technologies.</p><p id="">‍</p><p id="">Dual-use technologies such as facial and gait recognition, which can be used legitimately by police to solve crimes but can also be used by authoritarian states to oppress minorities such as the Uyghurs of western China, have prompted renewed debate about the ethical use of technology.</p><p id="">‍</p><p id="">‍</p><p id="">Some individual countries have begun to take, or at least discuss, action, including by restricting or prohibiting certain Chinese technology platforms or apps to prevent data-harvesting, malign influence or overdependence on unreliable partners.</p><p id="">‍</p><p id="">But these are global issues that cannot be dealt with nation by nation. Relying on domestic action in the digital and artificial intelligence age is like playing a game of whack-a-mole on an irreparably leaky boat. It is not much use for Australia, Europe or the U.S. to develop domestic standards that do not apply or cannot be applied to China, Iran, North Korea or Russia.</p><p id="">‍</p><p id="">‍</p><p id="">For example, we need to improve the global tech landscape so that regimes that use critical technologies in malign ways cannot import them, are obstructed from selling their own versions to other authoritarians, and cannot create monopolies on which the rest of us become dependent.</p><p id="">‍</p><p id="">Why, for instance, should bleeding edge technology companies which produce the very latest innovations and are based in open democratic societies be able to operate in authoritarian surveillance states that have domestic laws and national interests at complete odds with the companies' homelands?</p><p id="">‍</p><p id="">‍</p><p id="">Do tech companies, scientists and innovators understand that by working in and with authoritarian countries, they are placing at risk the very society and system that enabled their success in the first place?</p><p id="">‍</p><p id="">‍</p><p id="">Above all, we need agreed standards and norms on healthy uses of technology -- ones that enhance welfare and prosperity and preserve human dignity and freedom.</p><p id="">‍</p><p id="">There was some welcome news last month in U.S. National Security Adviser Jake Sullivan's announcement that the U.S. and European Union had struck an agreement on working together on research to drive responsible advances in AI.</p><p id="">Yet at the same time, we are seeing partnerships form between Iran, China and Russia on drone technology while U.S. electric vehicle leader Tesla sets up shop in the heartland of slave labour in Xinjiang, China.</p><p id="">‍</p><p id="">Governments, corporations, technology CEOs and innovators, strategists and experts must work harder together to establish strategies to harness the good that technology offers while mitigating the risks through forums such as the Australian Strategic Policy Institute's new annual technology policy summit, The Sydney Dialogue.</p><p id="">‍</p><p id="">‍</p><p id="">There is a key opportunity this year. With Japan chairing the Group of Seven, the issue of tech standards, and their importance to economic security, will likely be front and centre in discussions.</p><p id="">‍</p><p id="">‍</p><p id="">India, along with countries such as Australia and South Korea, which want responsible standards, should be invited by Japan to be G-7 observers. Policy settings could then be taken to the Group of 20 by a strong group of nations while that forum is chaired by India.</p><p id="">‍</p><p id="">Furthermore, recognising the timing of the reopening phase of China and rest of the pacific, will generate forward looking momentum; towards new initiatives and open forums establishing&nbsp; multilateral treaties amongst challenging powers across the Indo-Pacific. It is essential to be consistent and to encourage countries like China and North Korea to participate and share in the knowledge economy by exchanging science and innovation. This requires the establishment of standard rules-based systems and treaties that can stimulate open sharing and avoid a technology arms race for regional Pacific supremacy or global domination.</p><p id="">‍</p><p id="">We cannot lose any more time. Already, key players, from startups and tech giants to authoritarian regimes, are applying technology without agreed rules or making them up as they go.</p><p id="">‍</p><p id="">Technology is shaping the future of humankind and, once again, technological competition is reflecting an opposing set of values and interests. Collective global action is necessary and needs to begin with dialogue.</p><p id="">‍</p><p id="">Governments, the tech sector and civil society must find ways to make progress on standards, rules and norms so that choice, freedom and security are not collateral damage in the technology race.</p><p id="">‍</p>

<h2 id="">Mergers and acquisitions.</h2><p id="">‍</p><p id="">New Hampshire-based cybersecurity, cloud, and managed services provider GreenPages Technology Solutions has <a href="https://www.globenewswire.com/news-release/2023/02/07/2603476/0/en/GreenPages-Technology-Solutions-Acquires-Arcas-Risk-Management.html" id="">announced</a> their acquisition of Massachusetts-based cybersecurity consulting firm Arcas Risk Management. “We’re excited to welcome the talented Arcas team to GreenPages,” said Chief Executive of GreenPages, Ron Dupler. “The digital era is rife with opportunity for our clients—but also teeming with increasingly advanced threats. Modern CIOs and CISOs know that cybersecurity must be a board-level business strategy steeped in zero trust that spans the entire organization.” Added Dupler, “Together with Arcas, our best-in-class cybersecurity experts will help clients further reduce their attack surface across their operating environments and protect corporate data against threats.”</p><p id=""><br></p><p id="">App development and infrastructure software company Progress has <a href="https://www.globenewswire.com/news-release/2023/02/07/2603162/0/en/Progress-Completes-Acquisition-of-MarkLogic.html" id="">acquired</a> California-based data management company MarkLogic. “MarkLogic presents a unique opportunity for Progress customers. By expanding our data capabilities, our customers gain more agility as to how and where they can leverage their data,” said John Ainsworth, Executive Vice President, General Manager, Application and Data Platform, Progress. “At the same time, MarkLogic customers gain access to a global leader with a proven track record in the software infrastructure space."</p><p id="">‍</p><p id="">‍</p><h2 id="">Investments and exits.</h2><p id="">‍</p><p id="">Industrial control system cybersecurity company Opscura has <a href="https://www.businesswire.com/news/home/20230207005341/en/Industrial-Cybersecurity-Innovator-Opscura-Receives-9.4M-in-Series-A-Funding-as-Critical-Operations-Transform" id="">raised</a> $9.4M in Series A funding, led by Anzu Partners, with participation from Dreamit and Mundi Ventures. This marks the launch of a new brand, new management, and product upgrades for the company formerly known as Spain's Enigmedia. “It’s time to take on the most pressing national cybersecurity problems and move the entire ICS ecosystem forward,” said David Hatchell, CEO at Opscura. “Together with our partners and talented technical teams, Opscura can help customers move beyond device visibility to protect our critical industrial assets and data.”</p><p id="">‍</p><p id="">Californian software supply chain security management company Lineaje has <a href="https://www.businesswire.com/news/home/20230207005224/en/Elite-Roster-of-Cybersecurity-Investors-Backs-Lineaje-to-Deliver-Industry-first-Supply-Chain-Security-Solution" id="">announced</a> the closure of a $7 million seed funding round, led by Tenable Ventures. The funding comes at the same time as the company's announcement of their partnership with Persistent Systems, as well as the launch of their new SB0M360 supply chain management solution.</p><h2 id="">‍</h2>

<p id="">The United States and the United Kingdom on Thursday jointly sanctioned seven Russian government-linked hackers who were linked to ransomware attacks against critical infrastructure in the U.S., U.K. and Ukraine.</p><p id=""><br></p><p id="">The sanctions are the latest commitments by Western nations to crack down on Russian hacking operations, which have surged in the past year as a result of the Russian invasion of Ukraine and heightened tensions with the West.</p><p id=""><br></p><p id=""><strong id="">Cyber Warfare used as a political weapon:</strong> In addition, <a href="https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/" id="">Trickbot was linked by IBM last year</a> to cyberattacks in 2022 tied to the war aimed at both the Ukrainian government and private sector groups and, according to the Treasury Department, have also allegedly targeted the U.S. government and U.S. companies.</p><p id="">‍</p><p id="">“The United States and the U.K. are leaders in the global fight against cybercrime and are committed to using all available tools to defend against cyber threats,” Secretary of State Antony Blinken said in a statement Thursday. “As Russia’s illegal war against Ukraine continues, cooperation with our allies and partners is more critical than ever to protect our national security.”</p><p id="">‍</p><p id="">Russian Cyber crimes against the united Kingdom British is becoming is a National security concern</p><p id="">‍</p><p id="">The U.K.’s National Crime Agency identified almost 150 British victims of ransomware linked to Russian cybercriminal groups. And the action taken Thursday is part of an effort to shut down ransomware attacks aimed at the U.K., which are <a href="https://www.gov.uk/government/news/uk-cracks-down-on-ransomware-actors" id="">classified there as a “tier 1 national security threat.”</a></p><p id="">‍</p><p id="">On Thursday London time British Foreign Secretary James Cleverly announced in a statement that “by sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account.”</p><p id="">‍</p><p id="">Past disruption efforts have shown little impact on cyber criminal activity.&nbsp; This was demonstrated when Cyber criminal group Trickbot, continued their activities despite <a href="https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/" id="">Microsoft taking action in 2020</a> ahead of the U.S. presidential election to disrupt the group through actions including suspending IP addresses. Whether the new sanctions will be able to permanently damage the group remains unclear.</p><p id="">‍</p><p id="">British Foreign Secretary James Cleverly said in a statement Thursday that “by sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account.”</p><p id="">‍</p>

<p id="">KLAS named Imprivata, Medigate by Claroty, Fortified Health Security, and more as Best in KLAS in the healthcare cybersecurity and privacy space in 2023.</p><p id="">‍</p><p id="">Duo, Imprivata, and Medigate by Claroty, were among the variety of vendors that achieved “Best in KLAS” status in the newly released 2023 Best in KLAS: Software &amp; Services report.</p><p id="">‍</p><p id="">“Best in KLAS is awarded only in those software and services market segments that have the broadest operational and clinical impact on healthcare organizations,” KLAS stated in an accompanying press release.</p><p id="">‍</p>

<p id="">LONDON/WASHINGTON, Feb 7 (Reuters) - A global ransomware outbreak has scrambled servers belonging to Florida's Supreme Court and several universities in the United States and Central Europe, according to a Reuters analysis of ransom notes posted online to stricken servers.</p><p id="">‍</p><p id="">Those organisations are among more than 3,800 victims of a fast-spreading digital extortion campaign that locked up thousands of servers in Europe over the weekend, according to figures tallied by Ransomwhere, a crowdsourced platform that tracks digital extortion attempts and online ransom payments and whose figures are drawn from internet scans.</p><p id="">‍</p><p id="">Ransomware is among the internet's most potent scourges. Although this particular extortion campaign was not sophisticated, it drew warnings from national cyber watchdogs in part because of the speed of its spread.</p><p id="">‍</p><p id="">Ransomwhere did not name individual victims, but Reuters was able to identify some by looking up internet protocol address data tied to the affected servers via widely used internet scanning tools such as Shodan.</p><p id="">‍</p><p id="">Ransomwhere said the cybercriminals appear to have extorted only $88,000, a modest haul by the standard of multimillion-dollar ransoms regularly demanded by some hacking gangs.</p><p id="">‍</p><p id="">One cybersecurity expert said the outbreak - thought to have exploited a two-year-old vulnerability in VMWare Inc (VMW.N) software - was typical of automated attacks on servers and databases that have been carried out by hackers for years.</p><p id="">‍</p><p id="">VMWare has urged customers to upgrade to the latest versions of its software.</p><p id="">‍</p><p id="">"This is nothing unusual," said Patrice Auffret, founder of French internet scanning company Onyphe. "The difference is the scale."</p><p id="">‍</p><p id="">Also uncommon is the highly visible nature of the outbreak, which began earlier this month. Because internet-facing servers were affected, researchers and tracking services like Ransomwhere or Onyphe could easily follow the criminals' trail.</p><p id="">‍</p><p id="">Digital safety officials in Italy said on Monday that there was no evidence pointing to "aggression by a state or hostile state-like entity."</p><p id="">‍</p><p id="">Samuli Kononen, an information security specialist at the Finnish National Cyber Security Centre, said the attack was likely carried out by a criminal gang, although he added that it was not particularly sophisticated as many victims had managed to salvage their data without paying a ransom.</p><p id="">‍</p><p id="">"More experienced ransomware groups usually don't make that kind of mistake," he said.</p><p id="">‍</p>

<p id="">As cyber threats continue to evolve, it is essential for Chief Information Security Officers (CISOs) to stay updated on the latest hacking techniques and trends. In 2023, the threat landscape is expected to become even more sophisticated, making it crucial for CISOs to understand the tactics used by hackers and take proactive measures to protect their organizations.</p><p id="">‍</p><p id="">So what are the strategic and practical ways hacking has changed today compared to five, ten and even twenty years ago? There are several significant trends to highlight that look set to dominate the cybersecurity conversation in 2023.</p><p id="">‍</p><p id="">‍</p><h2 id="">Ransomware Attacks Will Continue to Increase:</h2><p id="">‍</p><p id="">Ransomware attacks are expected to continue increasing in 2023, with more sophisticated techniques being used by hackers. </p><p id="">‍</p><p id="">Ransomware attacks are particularly dangerous as they can cause significant financial and reputational damage to organizations. </p><p id="">‍</p><p id="">CISOs need to ensure that their organizations have the necessary security measures in place to prevent such attacks from occurring, including regularly backing up critical data, implementing multi-factor authentication, and training employees on how to recognize and respond to phishing emails.</p><p id="">‍</p><p id="">‍</p><h2 id="">A Lower Barrier to Entry</h2><p id="">‍</p><p id="">In the past, threat actors needed highly developed skill sets honed over many years. Hacking, especially targeting high-level organizations with valuable assets, wasn’t something just anyone could do — the bar was set high.</p><p id="">‍</p><p id="">Today, with the emergence and growth of DIY hacking kits and services — available in places like the dark web — even fairly low-skilled cyber criminals can inflict damage and successfully commit crimes. This is concerning news because it means the pool of potential attackers is soaring.</p><p id="">‍</p><p id="">‍</p><h2 id="">Taking Advantage of the Shift to Remote Work</h2><p id="">‍</p><p id="">Although the COVID-19 pandemic is now receding, many effects still linger. One of the most notable is the sustained shift to remote working patterns. While more remote work options come with great employee benefits such as work-life balance and productivity, this style of working also carries inherent security risks.</p><p id="">‍</p><p id="">With millions of companies now operating either partially or fully remote, along with escalating levels of cloud adoption, security teams have the challenging task of defending sensitive information and assets. Employees access all this data from a wide range of locations — including unsafe wireless networks and even public places.</p><p id="">‍</p><p id="">‍</p><h2 id="">AI-Powered Attacks Will Become More Prevalent:</h2><p id="">‍</p><p id="">In 2023, we can expect to see more AI-powered attacks, which use machine learning algorithms to identify and exploit vulnerabilities in an organisation's network. </p><p id="">‍</p><p id="">These attacks can be particularly challenging to detect and prevent, as they can quickly adapt to changing security measures. CISOs need to ensure that their organisations are using AI-based security solutions to detect and respond to such attacks proactively.</p><p id="">‍</p><p id="">‍</p><h2 id="">Supply Chain Attacks Will Be a Significant Threat:</h2><p id="">‍</p><p id="">Supply chain attacks, where hackers target the suppliers and vendors of an organisation, are expected to become more prevalent in 2023. </p><p id="">‍</p><p id="">These attacks can be particularly challenging to detect as they often occur through legitimate channels, making it challenging to differentiate between genuine and malicious activity. CISOs need to ensure that their organisations have robust supply chain risk management processes in place, including regular security assessments and third-party vendor management.</p><p id="">‍</p><h2 id="">Cybercrime-as-a-Service Will Be More Accessible:</h2><p id="">‍</p><p id="">Cybercrime-as-a-service (CaaS) is expected to become more accessible in 2023, with more underground marketplaces offering hacking services to anyone willing to pay. This will make it easier for less technically skilled individuals to launch cyber-attacks, increasing the overall risk landscape. CISOs need to ensure that their organizations have strong cybersecurity policies in place, including strict access controls and regular security awareness training for employees.</p><p id="">‍</p><p id="">‍</p><h2 id="">Blockchain Technology Will Be Used for Cybercrime:</h2><p id="">‍</p><p id="">While blockchain technology is often associated with security, it can also be used for cybercrime. </p><p id="">‍</p><p id="">In 2023, we can expect to see more hackers using blockchain technology to evade detection and cover their tracks. CISOs need to ensure that their organisations are using advanced cybersecurity solutions that can detect and respond to such attacks proactively.</p><p id="">‍</p><p id="">As we move in to&nbsp; 2023 and beyond, companies look certain to continue along this path, emphasising security responsibility for everyone in the organisation, not just security teams.</p><p id="">‍</p><p id="">CISOs need to stay updated on the latest hacking trends and tactics to protect their organisations from cyber threats. </p><p id="">‍</p><p id="">By understanding the threat landscape and taking proactive measures, including implementing AI-based security solutions and robust supply chain risk management processes, CISOs can reduce the risk of cyber-attacks and safeguard their organisation's critical data and assets..</p><p id="">‍</p>

<p id="">February 08, 2023 - While the number of total third-party breaches slightly dipped in 2022, the attacks impacted nearly twice as many victims, wreaking havoc on the healthcare industry more than any other sector, Black Kite’sThird-Party Breach Report found.</p><p id="">‍</p><p id="">Researchers compiled their findings from a subset of data focused on 63 individual third-party incidents, which created a ripple effect of breaches throughout 2022.</p><p id="">‍</p><p id="">Almost 63 attacks on vendors caused third-party breaches impacting almost 300 data breach victims. The level of breach impact increased in the last year as there were 4.73 affected companies per vendor in 2022 compared to 2.46 companies per vendor in 2021.</p><p id="">‍</p><p id="">‍</p><h2 id="">Digging Deeper</h2><p id="">‍</p><ul id=""><li id="">Rise in Third-Party Data Breaches Requires Updated Risk Management Approach</li><li id="">Healthcare CISOs Form Health3PT Council to Improve Third-Party Risk Management</li><li id="">How An Independent Practice Recovered From a Third-Party Ransomware Attack</li></ul><p id="">‍</p><p id="">“One could easily speculate that hackers are conducting smarter attacks, aiming for more initiatives that garner a higher number of victims from a single strike,” the report stated.</p><p id="">‍</p><p id="">“It is of no surprise that over time, the threat actor community has learned to make the most of each attack, hence pivoting to more profitable business models. Ransomware, in particular, RaaS (ransomware as a service,) are business models that have ramped up over the last few years.With the impact of third-party breaches doubling this year, understanding even a vendor's basic cyber posture is an important part of the equation.”.</p><p id="">‍</p><p id="">Researchers linked the increased number of victims to the domino effect that occurs when one third-party breach poses a risk to other connected vendors, a notion also known as cascading risk. Specifically, the researcher described the term as the “chain of causality that emerges when risk and accumulated vulnerabilities connect to increase the chance of attack.”</p><p id="">‍</p>

<p id="">TOKYO -- After years of fierce competition in Southeast Asia, Chinese online retailers are gearing up to tap more mature markets in North America and Europe.</p><p id="">‍</p><p id="">Alibaba Group Holding launched a new platform, Miravia, in Spain in December to target middle- and high-income earners, while its AliExpress is struggling to gain traction in the U.S. Rival Pinduoduo is reportedly preparing to launch its Temu e-commerce site in Canada and Spain, following its entry into the American market last September.</p><p id="">‍</p><p id="">Even ByteDance-owned TikTok is getting in on the action: The short-video platform rolled out its TikTok Shop in the U.S. late last year and is also reportedly looking to launch in Spain soon.</p><p id="">‍</p><p id="">The timing of such moves might come as a surprise given the current geopolitical climate. U.S.-China tensions, particularly over tech, are running high, and TikTok specifically has been the target of intense scrutiny from Washington over data security issues.</p><p id="">‍</p><p id="">The presence of entrenched leaders like Amazon in the U.S. and fashion giant Inditex in Spain is another potential hurdle for Chinese challengers. But industry insiders and analysts say there are reasons the strategy makes sense.</p><p id="">‍</p><p id="">Alex Zhang is senior vice president at Xingyun Group, a Shenzhen-based startup that helps Chinese businesses sell directly to overseas consumers. Zhang said the slowing user growth at home is spurring Chinese online retailers to accelerate their overseas push -- and they have taken note of the considerable number of Chinese sellers on Amazon.</p><p id="">‍</p><p id="">Amazon accounts for 37.8% of total e-commerce sales in the U.S., with Walmart a distant second, according to a report by eMarketer in June last year. The e-commerce giant closed about 3,000 Chinese online merchant accounts in 2021 over fake reviews, and some other Chinese sellers started to leave the platform afterward. These merchants may find a new home on marketplaces like Temu or fashion brand Shein, according to Zhang.</p><p id="">‍</p>

<p id="">The Cybersecurity and Infrastructure Security Agency has published a process for recovering files for organizations affected by the ESXiArgs ransomware, which has wreaked havoc on organizations across the world since last Friday.&nbsp;</p><p id="">‍</p><p id="">On its <a href="https://github.com/cisagov/ESXiArgs-Recover" id="">GitHub page</a> Tuesday evening, CISA said victims should evaluate the script before using it to try to recover access to affected files. The script is based on work by two Turkish developers who posted <a href="https://enes.dev/" id="">a step-by-step tutorial</a> earlier this week.</p><p id="">‍</p><p id="">The ransomware exploits a 2-year-old vulnerability affecting VMWare EXSi servers — CVE-2021-21974 — and has already encrypted files at <a href="https://cert.at/de/aktuelles/2023/2/massive-vmware-esxi-verschlusselungs-welle" id="">more than 3,800 organizations</a> across the United States, France, Italy and more. The company issued a patch in 2021. ESXi servers are used to access several operating systems through one server.</p><p id="">‍</p><p id="">Reuters reported on Tuesday that Florida’s Supreme Court, the Georgia Institute of Technology, Rice University and several schools in Hungary and Slovakia were some of the ransomware’s victims.&nbsp;</p><p id="">‍</p><p id="">CISA specifically pointed to the work of <a href="https://twitter.com/enes_dev" id="">Enes Sönmez</a> and <a href="https://twitter.com/_ebuzeyd" id="">Ahmet Aykaç</a>, two developers for the Turkish food retail and distribution company Yöre Group.</p><p id="">‍</p><p id="">The script works “by reconstructing virtual machine metadata from virtual disks that were not encrypted by the malware,” CISA said.</p><p id="">‍</p><p id="">CISA went on to warn that it “does not assume liability for damage caused by this script.”</p><p id="">‍</p><p id="">The FBI and CISA also <a href="https://www.cisa.gov/uscert/ncas/alerts/aa23-039a" id="">issued a joint alert</a> about blocking the ransomware and responding to attacks.</p><p id="">‍</p><p id="">European cybersecurity authorities began warning of “massive active network exploitation” on Friday. <a href="https://www.csirt.gov.it/contenuti/rilevato-lo-sfruttamento-massivo-della-cve-202121974-in-vmware-esxi-al01-230204-csirt-ita" id="">Italy’s National Cybersecurity Agency (ACN)</a> joined <a href="https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/" id="">France’s computer emergency response team (CERT-FR)</a> and <a href="https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-vmwaren-tuotteissa-paivita-heti" id="">Finland’s Kyberturvallisuuskeskus (Cybersecurity Center)</a> in issuing warnings over the weekend about the campaign.</p><p id="">‍</p><p id="">References:</p><p id="">‍</p><p id=""><a href="https://www.csirt.gov.it/contenuti/rilevato-lo-sfruttamento-massivo-della-cve-202121974-in-vmware-esxi-al01-230204-csirt-ita" id="">National Cybersecurity Agency (ACN)</a></p><p id="">‍</p><p id=""><a href="https://www.cert.ssi.gouv.fr/" id="">General Secretariat for Defense and National Security of the Republic of France</a></p><p id="">‍</p>

<p id="">ChatGPT is a large language model developed by OpenAI. It is designed to understand and respond to natural language input from users, and I can provide information, answer questions, and engage in conversation on a wide range of topics .</p><p id="">‍</p><p id="">CNC staff tested and probed with questions to the AI engine, for Open AI to explain, the recent phenomenon of hackers using the ChatGPT by cyber criminal and scammer.The results, was “eyebrow raising experience”&nbsp; The AI’s response was a clear recognition, that Malicious intent can bypass well designed computer language that had intentions to create benefits to society. </p><p id="">‍</p><p id="">Furthermore, it provided alternative hacking ideas, </p><p id="">‍</p><p id="">“.<em id="">.there are some instances where hackers may attempt to use AI language models like myself to aid in their attacks. One such technique is called "GPT-3 phishing," which involves using an AI language model like myself to generate convincing phishing emails that are more likely to trick users into giving up sensitive information. Hackers may also use AI language models to generate automated responses to social engineering attacks, making it easier to scam unsuspecting victims.”</em></p><p id="">‍</p><p id="">‍</p><h2 id="">Leading Security Vendor - Test The Platform &amp; Scan The Dark Web</h2><p id="">‍</p><p id="">There have been many discussions and research on how cybercriminals are leveraging the OpenAI platform, specifically ChatGPT, to generate malicious content such as phishing emails and malware. Proof of such a threat already exists: ChatGPT successfully conducted a full infection flow, creating a convincing spear-phishing email and running a reverse shell, which even accepts commands in English.</p><p id="">‍</p><p id="">‍</p><h2 id="">Check Point Researchers Examine The Hackers Activities On ChatGPT&nbsp;</h2><p id="">‍</p><p id="">CPR researchers recently found an instance of cybercriminals using ChatGPT to “improve” the code of a basic Infostealer malware from 2019. Although the code is not complicated or difficult to create, ChatGPT improve</p><p id="">&nbsp;</p><p id="">Hackers have found a simple way to bypass those restrictions and are using it to sell illicit services in an underground crime forum, researchers from security firm Check Point Research(CPR), reported. The technique works by using the application programming interface for one of OpenAI's GPT-3&nbsp; models known as text-davinci-003, instead of ChatGPT, which is a variant of the GPT-3 models that's specifically designed for chatbot applications. </p><p id="">‍</p><p id="">OpenAI makes the text-davinci-003 API and other model APIs available to developers so they can integrate the AI bot into their applications. It turns out the API versions don’t enforce restrictions on malicious content.</p><p id="">‍</p><p id="">‍</p><h2 id="">Barriers To Malicious Content Creation</h2><p id="">‍</p><p id="">As part of its content policy, OpenAI created barriers and restrictions to stop malicious content creation on its platform. </p><p id="">‍</p><p id="">Several restrictions have been set within ChatGPT’s user interface to prevent the abuse of the models. For example, if you ask ChatGPT to write a phishing email impersonating a bank or create malware, it will not generate it.</p><p id="">‍</p><p id="">‍</p><h2 id="">Bypassing Limitations To Create Malicious Content</h2><p id="">‍</p><p id="">However, CPR is reporting that cyber criminals are working their way around ChatGPT’s restrictions and there is an active chatter in the underground forums disclosing how to use OpenAI API to bypass ChatGPT 's barriers and limitations.&nbsp; This is done mostly by creating Telegram bots that use the API. These bots are advertised in hacking forums to increase their exposure.</p><p id="">‍</p><p id="">“The current version of OpenAI's API is used by external applications (for example, the integration of OpenAI’s GPT-3 model to Telegram channels) and has very few if any anti-abuse measures in place,” the researchers wrote. “As a result, it allows malicious content creation, such as phishing emails and malware code, without the limitations or barriers that ChatGPT has set on their user interface.”</p><p id="">‍</p><p id="">Check Point researchers tested text-davinci-003 API how well it worked. The result: a phishing email and a script that steals PDF documents from an infected computer and sends them to an attacker through FTP.</p><p id="">‍</p><p id="">The generation of malware and phishing emails is only one way that ChatGPT and its other GPT-variants are opening a Pandora’s box that could bombard the world with harmful content. The increasing concern is the unsafe or unethical uses are the invasion of privacy and the generation of misinformation or school assignments. </p><p id="">‍</p><p id="">Conversely, the same ability to generate damaging, unethical, or illicit content can be used by defenders to develop ways to detect and block it, but the jury is still out whether the benign uses will be able to keep pace with criminal activity.</p><p id="">‍</p>

<p id="">Traffic to ChatGPT owner OpenAI has exploded by 3,572%, from 18.3 million to 672 million visits after ChatGPT’s release at the end of November.</p><p id="">‍</p><p id="">Analysis of SimilarWeb data reveals 672 million users visited the viral AI chatbot in January 2023. Visits have exploded to over 36 times the amount since ChatGPT’s release at the end of November 2022, going from 18.3 million to 672 million in just two months as the new language model continues to make headlines. ChatGPT drives over 92% of total website traffic.</p><p id="">‍</p><p id="">Other main countries that have visitors to the site are France, Canada, and Germany.</p><p id="">‍</p><p id="">"SimilarWeb traffic shows that OpenAI is quickly becoming one of the biggest websites in the world after going viral," a digital adoption spokesperson said.</p><p id="">‍</p><p id="">"While ChatGPT has been tipped as the 'next Google', we know that Google is creating a rival chatbot, Bard, to fend off any competition, which is rumoured to be announced in the coming days," it added.</p><p id="">‍</p><p id="">As of now, OpenAI is the number one technology website in the Computers Electronics and Technology category, overtaking Zoom, AOL and AT&amp;T, the study mentioned.</p><p id="">‍</p><p id="">ChatGPT can generate articles, essays, jokes, poetry and job applications in response to text prompts. OpenAI, a private company backed by Microsoft, made it available to the public for free in late November.</p><p id="">‍</p><p id="">OpenAI also developed the AI-powered image generator Dall-E and is at the forefront of generative AI, or technology trained on vast amounts of text and images that can create content from a simple text prompt.</p><p id="">‍</p><p id="">On Thursday, OpenAI announced a $20 monthly subscription, initially for users in the United States only. It would provide a more stable and faster service as well as the opportunity to try new features first, the company said.</p><p id="">‍</p><p id="">OpenAI has received substantial investments over the years from a variety of sources, including leading tech companies like Microsoft and Amazon, as well as venture capital firms such as Khosla Ventures and Founders Fund. In July 2021, OpenAI announced that it had raised $100 million in a funding round led by Greg Brockman, the company's CEO, with participation from a number of other investors.</p><p id="">‍</p><p id="">Analysts believe the viral launch of ChatGPT will give OpenAI a first-mover advantage against other AI companies. The growing usage, while imposing substantial computing cost on OpenAI, has also provided valuable feedback to help train the chatbot’s responses.</p><p id="">‍</p><p id="">In January, Microsoft announced another multibillion-dollar investment in OpenAI in the form of cash and provision of cloud computing.&nbsp;</p><p id="">‍</p><p id="">It said the deal with OpenAI would involve deploying the company’s artificial intelligence models across Microsoft products, which include the Bing search engine and its office software such as Word, PowerPoint and Outlook.</p><p id="">‍</p><p id="">In February Microsoft launched a premium version of its Teams product backed by ChatGPT, offering AI-powered extras such as automatically generated meeting notes. The tool also divides recaps of meetings into sections, based on the meeting transcript.</p><p id="">‍</p><p id="">There are currently 24 million average daily visits to OpenAI.com due to ChatGPT.</p><p id="">‍</p><p id="">Globally, ChatGPT is the fastest-growing app currently, according to investment bank UBS, which reported the chatbot reached 100 million monthly active users by January.</p><p id="">‍</p>

<p id="">The military did not detect previous flights of Chinese spy balloons over the U.S. that took place during the Trump administration, a top general said Monday, due to a “gap” in the Defense Department’s ability to track certain airborne objects.</p><p id="">‍</p><p id="">Gen. Glen VanHerck, head of North American Aerospace Defense Command, cited the issue as the reason that at least three spy balloon flights were not briefed to senior Trump officials at the time.</p><p id="">‍</p><p id="">Gen. Glen VanHerck, head of North American Aerospace Defense Command, cited the issue as the reason that at least three spy balloon flights were not briefed to senior Trump officials at the time.</p><p id="">‍</p><p id="">“So those balloons, so every day as a NORAD commander it’s my responsibility to detect threats to North America,” he told reporters at the Pentagon. “I will tell you that we did not detect those threats. And that’s a domain awareness gap that we have to figure out. But I don’t want to go into further detail.”</p><p id="">‍</p><p id="">He added that the intelligence community later determined the flights had occurred using “additional means of collection.”</p><p id="">‍</p><p id="">The Defense Department first brought up the Trump-era flights on Saturday, not long after an F-22 fighter shot down a Chinese spy balloon off the coast of South Carolina. Republicans had for several days blamed the Biden administration for its handling of the incident, but a senior DoD official on Saturday noted that flights had also occurred during the previous administration.</p><p id="">‍</p>