The UK Parliament’s Joint Committee on the National Security Strategy has issued a worrying report on the state of ransomware in the country. It criticized the government’s failure to tackle the issue, suggesting this lack of action puts the nation at risk of a catastrophic ransomware attack. The report calls for a change of responsibility from the Home Office to the Cabinet Office and National Cyber Security Centre, and advocates for increased funding to the latter to better assist entities under attack.
Microsoft’s Threat Intelligence team reported a rise in threat actors utilizing OAuth applications to automate attacks, with accounts that lack multifactor-authentication frequently targeted. The company recommends enabling MFA to make initial compromise more difficult.
Apple has updated its policy pertaining to the disclosure of push notification records to law enforcement, now requiring a judge’s order. This places Apple on par with Google’s existing requirement for judicial approval for such records.
Google’s next-gen LLMs, Gemini, will soon be deployed to enterprises. This move features the launch of Gemini Pro for enterprises, offering a free opportunity for existing cloud customers to build apps on top of the model. A public release of the more powerful Gemini Ultra model is slated for next year.
A new coalition named the ‘Coalition for Open Digital Ecosystems’ was formed by various tech companies to manage the implementation of current and upcoming EU regulatory frameworks via open platforms. The founding members comprise Google, Meta, Qualcomm, Lenovo, Honor, Motorola, Nothing, and Opera.
Ukraine’s defense intelligence directorate claimed to have disrupted Russia’s state tax service infrastructure, compromising and corrupting databases and backups. There has been no confirmation of these attacks from the Russian tax authority or state media.
Lastly, threat actors have reportedly begun using public proof-of-concept code to exploit a recently-patched vulnerability in the Apache Struts web app framework. The small number of impacted IP addresses suggests the Struts remains widely used.