Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Artificial Intelligence (AI) has come a long way since John McCarthy first coined the term in 1955. Today, as AI technologies become deeply embedded in our daily lives, the potential they hold is immense – but so are the risks to safety, privacy, and fundamental human rights. Recognizing these concerns, the European Union (EU) took a proactive step in 2021 by proposing a regulatory framework aimed at governing AI.

Last week (19-July-2024), a significant IT outage occurred because CrowdStrike distributed a faulty update to its Falcon security software running on millions of computers using the Microsoft Windows operating system. This faulty update caused many of these computers to crash, which interrupted the operations of businesses across the globe.

It’s time to ‘Have Your Say’ on the future of cybersecurity regulations in the European Union. The draft implementing regulation for the NIS2 Directive is now open for public feedback through the ‘Have Your Say’ portal until July 25, 2024. This consultation period allows stakeholders to contribute to refining the regulation, with all feedback shaping the final regulations.

As a crucial member of your law firm’s IT team, you hold the responsibility of safeguarding highly sensitive client information – financial records, personal data, and privileged communications. While you might not be managing cases, you’re protecting the very foundation of client trust. However, this trust faces significant risk. Last year alone, 29% of law firms experienced a security breach, with the average cost per breach soaring to $4.47 million.

Time is of the essence, as the transposition deadline for the NIS2 Directive approaches on October 17, 2024, organizations across the EU must brace for its significant impact. This new Directive, updating and expanding its predecessor (NIS1), will dramatically increase the number of regulated entities. According to Ireland’s National Cyber Security Centre, the number of regulated entities is expected to rise from about 120 under NIS1 to an estimated 3,500 under NIS2.

Earlier this year, a Chinese company named Funnull acquired the polyfillio. Due to this acquisition, this code was used to redirect mobile visitors to scam sites. Over 100,000 websites using the previously popular Polyfill JS open-source project are vulnerable to attacks that redirect traffic to sports betting and pornography sites.

On June 25, 2024, Progress Software, the parent company of the MOVEit software suite, officially released details for two critical vulnerabilities identified in MOVEit Gateway and MOVEit Transfer, CVE-2024-5805 and CVE-2024-5806 respectively. MOVEit Transfer is a managed file transfer solution that supports the exchange of files and data between servers, systems and applications within and between organizations.

The explosive growth of TikTok in schools isn’t just a trend—it’s a cybersecurity ticking time bomb. From rampant exposure to harmful content to severe data privacy concerns, TikTok’s unchecked influence poses significant threats to the safety and well-being of students, as well as compromising the technical infrastructure and sensitive data of schools.

On May 28, 2024, Check Point released an advisory for CVE-2024-24919, a high priority bug which according to NIST NVD is categorized as “Exposure of Sensitive Information to an Unauthorized Actor”. The NVD has yet to assess a CVSS score for CVE-2024-24919 as of this writing. This vulnerability affects Check Point Security Gateway devices connected to the internet and configured with either IP-Sec VPN or Mobile Access software blades.