Information Security News
Ghost Ransomware Targets Orgs in 70+ Countries
Dark Reading by Elizabeth Montalbano
Ghost ransomware continues to pose a significant threat globally, now targeting organisations in over 70 countries. This ransomware variant is particularly insidious due to its ability to encrypt data swiftly and demand ransoms, leading to severe disruptions across multiple sectors. The widespread nature of these attacks highlights the critical need for international cooperation in cybersecurity efforts. Enhanced preventive measures, including robust threat detection systems and regular cybersecurity training, are essential to safeguard against such advanced threats. The global community must prioritise sharing intelligence and best practices to develop more effective defences against ransomware attacks like Ghost.
Read more
SEC Rebrands Cryptocurrency Unit to Focus on Emerging Technologies
Cyberscoop by Derek B. Johnson
The Securities and Exchange Commission (SEC) has rebranded its cryptocurrency oversight unit, now focusing on emerging technologies to better address the evolving landscape of digital finance. This strategic shift aims to enhance the regulatory framework to accommodate new challenges and opportunities presented by blockchain and fintech innovations. By prioritising these areas, the SEC seeks to protect investors from emerging risks without stifling innovation. The rebranding initiative is part of a broader effort to adapt to rapid technological advancements, ensuring that the regulatory approach is proactive rather than reactive, helping maintain market integrity and investor trust in an increasingly digital world.
Read more
Russian Groups Target Signal Messenger in Spy Campaign
Dark Reading by Jai Vijayan
In a revealing development, Russian cyber groups have intensified their espionage efforts by targeting Signal, a widely trusted encrypted messaging app. This campaign aims to compromise secure communications, underscoring the vulnerabilities even in reputedly secure platforms. Such activities highlight the ongoing challenges in safeguarding privacy and information security in the face of state-sponsored cyber operations. The focus on Signal reflects a strategic move by these groups to intercept sensitive communications, demonstrating a significant escalation in cyber espionage tactics. This situation calls for heightened security measures and increased vigilance among users of encrypted services to protect against such sophisticated intrusions.
Read more
Critical Flaws in Mongoose Library Expose MongoDB to Data Thieves, Code Execution
The Register by Connor Jones
Recent findings have unveiled critical vulnerabilities in the Mongoose library, which significantly impact MongoDB databases by exposing them to data theft and unauthorised code execution. These flaws highlight the susceptibility of widely-used database systems to sophisticated cyberattacks, underscoring the necessity for immediate and comprehensive security updates. The potential for attackers to exploit these vulnerabilities poses severe risks to data integrity and system stability, emphasising the importance of rigorous security protocols and regular software audits to identify and mitigate such threats promptly. This incident serves as a crucial reminder for developers and database administrators to stay vigilant and proactive in maintaining the security of their database infrastructures.
Read more
Atlassian Patches Critical Vulnerabilities in Confluence, Crowd
SecurityWeek by Ionut Arghire
Atlassian has recently addressed critical vulnerabilities in its Confluence and Crowd software that posed significant security risks, potentially allowing unauthorised access and data breaches. The vulnerabilities could enable attackers to exploit these platforms, accessing sensitive information or disrupting service operations. Atlassian’s swift response with patches underscores the critical importance of maintaining up-to-date systems to safeguard digital assets. This incident highlights the ongoing need for companies to implement rigorous security measures, conduct regular vulnerability assessments, and ensure that all software components are under continuous scrutiny to prevent exploitation.
Read more
Energy CISO: Agencies Can’t Implement Zero Trust Alone
Cyberscoop by Derek B. Johnson
A prominent Energy sector CISO has highlighted the complexities involved in implementing zero trust security architectures, asserting that agencies cannot achieve this alone. This approach necessitates extensive collaboration across various sectors and disciplines to share expertise, resources, and best practices. The CISO emphasises that zero trust is not just a technical solution but a comprehensive strategy that requires ongoing adjustments and shared responsibilities. Such collaboration is essential for developing a robust framework that effectively addresses the sophisticated and evolving cyber threats facing today’s digital infrastructures.
Read more
UAE: Cyberattacks in Arabic Language on the Rise in Region, Says Top Cybersecurity Official
Khaleej Times by Waheed Abbas
According to a top UAE cybersecurity official, there has been a significant increase in cyberattacks conducted in Arabic across the region. This surge underscores the growing trend of localised cyber threats that exploit regional linguistic and cultural nuances. The official emphasises the need for tailored cybersecurity strategies that are responsive to the unique challenges posed by such targeted attacks. Enhancing capabilities in multilingual cybersecurity operations and developing region-specific defences are crucial for effectively countering these threats and protecting critical information infrastructures in the Middle East.
Read more
ASIO Boss Warns Australian Critical Infrastructure Systems ‘Routinely’ Mapped
itNews by Ry Crozier
The head of ASIO has sounded an alarming warning that Australian critical infrastructures are “routinely” surveyed and mapped by foreign entities, revealing a constant threat to national security across vital sectors like energy, telecommunications, and finance. This systematic surveillance highlights severe vulnerabilities that could be exploited in cyberattacks, potentially crippling Australia’s essential services. The revelation calls for an urgent reassessment of the nation’s cybersecurity strategies to safeguard against such intrusions, emphasising the need for strengthened defences and greater awareness of the tactics used by potential adversaries.
Read more
Tech Investment Firm Insight Partners Discloses Data Breach
Cybersecurity Dive by Rob Wright
Insight Partners, a prominent technology investment firm, recently disclosed a significant data breach, underscoring the persistent cyber threats facing the financial sector. This breach not only exposes sensitive investor data but also calls into question the firm’s data security measures, potentially impacting investor confidence and financial stability. The incident highlights the critical need for enhanced cybersecurity protocols and continuous monitoring within the investment community to protect against sophisticated, evolving threats that target financial assets.
Read more
Tech Investment Firm Insight Partners Discloses Data Breach
Cybersecurity Dive by Rob Wright
Insight Partners, a prominent technology investment firm, recently disclosed a significant data breach, underscoring the persistent cyber threats facing the financial sector. This breach not only exposes sensitive investor data but also calls into question the firm’s data security measures, potentially impacting investor confidence and financial stability. The incident highlights the critical need for enhanced cybersecurity protocols and continuous monitoring within the investment community to protect against sophisticated, evolving threats that target financial assets.
Read more
Australian Children Easily Bypass Social Media Age Limits, eSafety Shows
itNews
A recent investigation by Australia’s eSafety Commissioner has uncovered that children are easily bypassing social media age restrictions, raising significant concerns about their exposure to harmful content and interactions. This loophole in digital age verification systems undermines parental controls and highlights a broader issue of online safety for minors. The findings suggest a pressing need for social media platforms to implement more robust and effective age verification processes to ensure a safer online environment for young users, protecting them from early exposure to inappropriate content.
Read more
North Korea Stealing Cryptocurrency With JavaScript Implant
ISMG Data Breach Today by Prajeet Nair
North Korea’s cyber operatives have escalated their financial warfare tactics by deploying a sophisticated JavaScript implant to steal cryptocurrency. This tactic involves infiltrating cryptocurrency exchanges and individual wallets to siphon funds covertly, leveraging vulnerabilities in web applications. The strategy highlights North Korea’s adeptness in adapting to cybersecurity landscapes to bolster its economic sanctions-stricken regime. This ongoing threat underscores the urgent need for enhanced security measures in the burgeoning cryptocurrency market, urging stakeholders to prioritise advanced defensive technologies and rigorous compliance checks to safeguard assets.
Read more
The 50-Year-Old Law That Could Stop DOGE in Its Tracks—Maybe
Wired by Eric Geller
The legality of cryptocurrencies like DOGE is under threat from a 50-year-old U.S. law that could dramatically alter the landscape of digital currencies. This law, originally enacted to regulate traditional securities, may now apply to cryptocurrencies, raising substantial compliance and operational challenges for crypto entities. The potential enforcement could stymie innovation and hinder the growth of the digital economy, sparking a crucial debate among policymakers, legal experts, and industry stakeholders about the balance between regulation and innovation in the evolving financial technology sector.
Read more
Clinical Trial Database Exposes 1.6M Records to Web
ISMG Data Breach Today by Marianne Kolbasuk McGee
A massive data breach in a clinical trial database has exposed over 1.6 million patient records, revealing a critical vulnerability in the healthcare sector’s data management systems. This breach compromised sensitive health information, including medical histories and personal identifiers, which could have severe consequences for patient privacy and trust in medical research institutions. The incident underscores the urgent need for robust cybersecurity measures in the healthcare industry, emphasising the necessity of implementing more stringent access controls, regular security audits, and comprehensive data encryption to protect patient information from such vulnerabilities.
Read more
Thousands Rescued from Illegal Scam Compounds in Myanmar as Thailand Launches Huge Crackdown
The Guardian by Leila Goldstein
In a pivotal international law enforcement operation, thousands have been rescued from illegal scam operations based in Myanmar, with simultaneous crackdowns in Thailand. These actions shed light on the severe issue of digital exploitation and the global extent of cybercrime, where vulnerable individuals are deceived by fraudulent job offers and coerced into cyber scams. These incidents reveal the urgent need for enhanced international cooperation and stronger cybersecurity measures to address the cross-border nature of digital fraud and human trafficking effectively. Strengthening global legal and security frameworks is crucial to dismantling these networks and ensuring justice.
Read more
Attackers Exploit Palo Alto Zero-Day Authentication Bypass
ISMG Data Breach Today by Mathew J. Schwartz
A newly discovered zero-day vulnerability in Palo Alto’s network security devices is being actively exploited, allowing attackers to bypass authentication protocols. This critical flaw exposes enterprise networks to unauthorised access and potential data theft, highlighting the escalating challenges in securing network infrastructure against sophisticated cyber threats. The rapid identification and disclosure of this exploit underscore the need for constant vigilance and prompt patching practices in the cybersecurity community to mitigate risks and protect sensitive information.
Read more
Warning: Tunnel of Love Leads to Scams
Dark Reading by Kristina Beek
A recent surge in scams originating from so-called “Tunnel of Love” online dating schemes has cybersecurity experts on high alert. These scams, which often start on legitimate dating platforms, lure individuals into fraudulent romantic engagements to extort money. The tactics include catfishing, where scammers use fake profiles to form emotional connections with victims. This trend underscores the importance of cybersecurity awareness in personal interactions online, urging users to verify identities and be skeptical of too-good-to-be-true romantic propositions.
Read more
If You Dread a Microsoft Teams Invite, Just Wait Until It Turns Out to Be a Russian Phish
The Register by Jessica Lyons
In a concerning development, cybercriminals are using fake Microsoft Teams invitations, purportedly from Russian sources, to conduct sophisticated phishing attacks. These scams exploit the platform’s credibility to deceive users into clicking malicious links that compromise their credentials and install malware. This method highlights a disturbing trend of using popular corporate communication tools to facilitate cyber crimes, reflecting a strategic pivot by attackers to exploit trust and routine in daily business operations. Organisations are urged to intensify their email and communication security protocols and educate their staff about the dangers of unsolicited invitations, particularly those mimicking legitimate business tools.
Read more
Musk-Linked Group Offered $5M for Proof of Voter Fraud – And Came Up with Nothing
The Guardian by Brendan Fischer and Emma Steiner
Despite a $5 million bounty offered by a group linked to Elon Musk for proof of voter fraud, recent investigations have come up empty-handed. This lack of evidence highlights the challenges in substantiating claims of electoral misconduct, which often circulate widely on social media and other platforms. The episode serves as a case study in the potential for misinformation to influence public opinion and the importance of critical scrutiny in the evaluation of such claims. As election integrity continues to be a hot-button issue, this scenario underscores the need for transparent and rigorous verification processes to maintain trust in democratic systems.
Read more
Critical PostgreSQL Bug Tied to Zero-Day Attack on US Treasury
The Register by Connor Jones
A zero-day attack on the U.S. Treasury has been linked to a critical vulnerability in PostgreSQL, an open-source database system. This exploit allowed unauthorised data access and manipulation, exposing sensitive governmental financial data. The breach not only raises concerns about the security of critical national infrastructure but also calls into question the adequacy of current cybersecurity measures in protecting such essential systems. The incident has prompted an urgent review of security protocols and the implementation of more robust defense mechanisms to prevent future breaches.
Read more
Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
SecurityWeek by Ionut Arghire
The Salt Typhoon cyber-attack campaign has been exploiting old vulnerabilities in Cisco equipment to launch sophisticated attacks on global telecom providers. By leveraging these dated security flaws, attackers are gaining unauthorised access to network systems, highlighting significant lapses in patch management and risk assessment in the telecom sector. This series of attacks underscores the critical need for ongoing maintenance, timely updates, and comprehensive security audits to shield essential communications infrastructure from evolving cyber threats.
Read more
2 Charged Over Alleged New IRA Terrorism Activity Linked to Cops’ Spilled Data
The Register by Connor Jones
Two individuals have been charged in relation to terrorist activities linked to the New IRA, following a breach where sensitive police data was exposed. This incident not only compromised law enforcement integrity but also demonstrated the severe risks of data leakage in exacerbating political violence. The breach has heightened concerns about data security within public institutions and the potential for such information to fuel unlawful activities, prompting a call for tighter security measures and more stringent data handling protocols to prevent misuse of sensitive information.
Read more
Chinese Spies Suspected of ‘Moonlighting’ as Tawdry Ransomware Crooks
The Register by Jessica Lyons
Recent intelligence reports indicate that Chinese spies are suspected of engaging in ransomware attacks, ostensibly ‘moonlighting’ to supplement state espionage activities with lucrative cybercrime. These allegations suggest a troubling convergence of state-sponsored espionage and criminal financial gain, raising significant cybersecurity concerns on a global scale. The involvement of state actors in ransomware attacks complicates international cybersecurity dynamics, demanding a reassessment of threat models and a bolstered defensive posture among nations and corporations to address these sophisticated hybrid threats effectively.
Read more
whoAMI Attacks Give Hackers Code Execution on Amazon EC2 Instances
BleepingComputer by Bill Toulas
The discovery of the whoAMI exploit on Amazon’s EC2 service has revealed a critical vulnerability allowing hackers to execute arbitrary code on affected instances. This exploit, by bypassing traditional security measures, grants attackers potentially unfettered access to the cloud-based resources, posing severe risks to data integrity and system functionality. The breach underscores the necessity for continuous vigilance, regular security assessments, and immediate patch implementations in cloud services to protect against such sophisticated threats that compromise user data and undermine trust in cloud infrastructure.
Read more
EU’s Disinformation Code Moves Closer to Becoming DSA Benchmark
TechCrunch by Natasha Lomas
The European Union is taking significant steps to combat the spread of online disinformation by proposing to incorporate its voluntary Disinformation Code directly into the Digital Services Act (DSA). This legislative move aims to impose stricter legal obligations on major tech platforms, requiring them to actively and effectively control the dissemination of false information. By transitioning from a voluntary to a mandatory framework, the EU seeks to strengthen the accountability of digital platforms in maintaining information integrity, ensuring a more resilient digital environment against the pervasive challenge of disinformation.
Read more
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords
Cyber Security News by Guru Baran
In one of the largest security breaches to date, over 2.7 billion records from numerous IoT devices were compromised, exposing critical data including Wi-Fi passwords and device functionalities. This massive breach not only highlights the vulnerabilities inherent in IoT devices but also underscores the challenges of securing interconnected systems. The exposed data can potentially enable unauthorised access to personal and corporate networks, illustrating the urgent need for robust security protocols and real-time threat monitoring to protect against sophisticated cyber-attacks targeting IoT ecosystems.
Read more
Elon Musk’s DOGE Leaks Classified Govt Information to Entire World, Intel Officers Blame ’25-Year-Old Programmers…’
Hindustan Times by Shweta Kukreti
In a surprising turn of events, Elon Musk’s involvement with the cryptocurrency DOGE has led to unintended leaks of classified government information through blockchain vulnerabilities. This incident has prompted intense scrutiny from intelligence officials who blame the oversight on inexperienced programmers handling sensitive data. The breach raises serious questions about the security measures and regulatory oversight necessary in the rapidly evolving digital currency space, highlighting the risks of combining cutting-edge technology with critical data without stringent security checks.
Read more
ANALYSIS
Network Security Tool Defects Are Endemic, Eroding Enterprise Defense
Cybersecurity Dive by Matt Kapko
Recent analysis reveals that defects in network security tools are not just common but endemic, posing significant threats to enterprise defences. This troubling trend suggests that the very tools enterprises rely on to protect their digital assets are often themselves vulnerable to exploitation. The situation calls for a heightened focus on the integrity and robustness of cybersecurity products, advocating for rigorous testing, transparent vulnerability disclosures, and continuous updates to stay ahead of attackers who exploit these weaknesses to breach corporate networks.
Read more
The Pangu Team—iOS Jailbreak and Vulnerability Research Giant: A Member of i-SOON’s Exploit-Sharing Network
Natto Thoughts (Substack: Eugenio Benincasa)
The Pangu Team, renowned for their breakthroughs in iOS jailbreaking, is intricately linked with the i-SOON exploit-sharing network, revealing a complex web of interactions between security researchers and the shadowy world of cyber exploit trading. This involvement illustrates how tools designed for security testing can be repurposed into weapons in cyber warfare, challenging the ethical boundaries of cybersecurity practices. The disclosure of such connections calls for a balanced approach in security research, advocating for responsible disclosure and regulatory oversight to prevent misuse of security exploits that could otherwise enhance cyber resilience.
Read more
The Psychological Warfare of Weakening Encryption
PrivID (Substack)
The deliberate weakening of encryption protocols is emerging as a sophisticated form of psychological warfare in cyber operations, aimed at diminishing trust in digital systems and sowing doubt among users about the privacy and security of their online data. This tactic extends beyond technical sabotage, affecting the psychological comfort that encryption provides to users of digital services. The broader implications for privacy rights and national security are profound, necessitating a vigorous defense of strong encryption standards to maintain confidence in digital infrastructure and protect against both cyber threats and manipulative tactics that aim to undermine societal trust.
Read more
Ransomware: The $270 Billion Beast Shaping Cybersecurity—Insights from Cyentia’s Latest Report
Tripwire by Kirsten Doyle
According to a recent report by Cyentia, the global cost of ransomware is projected to reach $270 billion by 2024, signifying its dramatic impact on businesses worldwide. This figure reflects not only the direct costs associated with paying ransoms but also the extensive operational disruptions, loss of customer trust, and long-term reputation damage. The study highlights the increasing sophistication of ransomware attacks and the crucial need for organisations to invest in proactive defense strategies, comprehensive backup solutions, and employee training to mitigate the risk of these costly cyber threats.
Read more
Cybersecurity Pros Are Preparing for a New Adversary: AI Agents
Fortune by Christian Vasquez
The emergence of artificial intelligence as a significant threat in cybersecurity marks a pivotal shift in the digital threat landscape. AI-driven attacks are becoming increasingly sophisticated, capable of learning and adapting to defensive measures, making them especially challenging to detect and neutralise. This new era of cyber threats calls for an urgent reevaluation of current security protocols. Cybersecurity professionals must integrate advanced AI technologies into their defensive strategies, developing systems that not only detect but also predict potential attacks using AI. Emphasising innovation in AI-driven security solutions will be critical to defend against these evolving threats, ensuring that defensive measures are as dynamic and adaptable as the AI agents they are designed to combat.
Read more
The Pacific Needs Greater Cyber Resilience as Malicious Actors Break into Networks
ASPI The Strategist by Blake Johnson, Fitriani and Jocelinn Kang
The strategic importance of cybersecurity in the Pacific region is becoming increasingly apparent as malicious actors target vulnerable network systems. A collaborative effort among nations in the Pacific, supported by policy recommendations from think tanks like ASPI, is crucial for building a robust cyber defense mechanism that can withstand the growing threats. This initiative aims to enhance regional cyber resilience by sharing resources, intelligence, and best practices, fostering a cooperative environment that bolsters security against cyber threats and promotes sustainable digital growth.
Read more
Roundtable: Is DOGE Flouting Cybersecurity for US Data?
Dark Reading by Becky Bracken
A recent roundtable discussion by cybersecurity experts has raised serious concerns about whether the cryptocurrency DOGE is compromising U.S. data security. The debate centres on DOGE’s handling of sensitive information and compliance with cybersecurity norms, which appears increasingly lax or overlooked in the rush to capitalise on the crypto boom. Experts argue that without stringent regulatory oversight and adherence to robust cybersecurity protocols, DOGE could inadvertently expose user data to cyber threats, potentially leading to significant breaches of personal and national security. This roundtable has sparked a broader conversation about the need for enhanced regulatory frameworks for cryptocurrencies to ensure they do not become a liability to national security.
Read more
Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Dark Reading by Robert Lemos
The proliferation of open source AI models presents a dual-edged sword for cybersecurity. While these models promote innovation and accessibility in technology, they also open doors for malicious use, such as embedding hidden vulnerabilities or malicious code. The widespread availability of powerful AI tools enables cybercriminals to harness advanced technologies to orchestrate attacks with increased precision and stealth. This scenario demands a heightened awareness and proactive approach from cybersecurity communities to rigorously evaluate and secure open source AI projects, ensuring that these tools are used to fortify security defences rather than undermine them.
Read more
4 Ways to Bring Cybersecurity into Your Community
Security Intelligence by Jennifer Gregory
Amidst rising digital threats, the importance of integrating cybersecurity awareness and practices into community settings has never been more crucial. Effective community engagement strategies, such as local workshops, school programs, and public awareness campaigns, can play a pivotal role in building a more informed public capable of recognising and responding to cyber threats. This grassroots approach not only enhances individual resilience but also strengthens the collective security posture of communities, making it harder for cyber threats to penetrate at a local level.
Read more
STATISTICS & INSIGHTS
Highlights from Last Week’s Cybersecurity Research by evisec – CRD #17
CyAN Member and evisec CEO Henry Röigas
Highlights from the latest cybersecurity research sources by evisec:
• There are positive signs from crypto transaction data: ransomware payments are down. “The data shows that even though more ransomware events occurred in H2 2024 (measured by the number of victims listed on leak sites), fewer organizations – less than half – chose to pay.”
• MITRE ATT&CK analysis reveals that, “93% of malicious actions in 2024 leveraged the top ten MITRE ATT&CK techniques. This finding clearly reinforces the need for security teams to prioritize defenses against the most prevalent threats.”
• Old CVEs dominate OT security incidents: “Manufacturing remains the most targeted and compromised industry, accounting for nearly 90% of network-internal exploit attempts observed by the company.” Adding that, “continued reliance on legacy systems in OT networks is a key enabler of these exploitations.”
For more insights, explore the latest Cybersecurity Research Digest.
Read more
CyAN Members: Op Eds, Articles, etc:
The Augmented CISO: How AI is Transforming Cybersecurity Compliance
CyAN Blog by CyAN Member, Gilles Chevillon
Gilles Chevillon expertly explores the transformative impact of AI on the role of Chief Information Security Officers (CISOs). As AI integrates into cybersecurity, it revolutionises compliance frameworks by automating risk assessments and enforcing regulatory standards. Chevillon emphasises the balance CISOs must maintain: leveraging AI to enhance security postures while addressing challenges such as ensuring ethical AI use, maintaining accountability, and preventing biases in automated systems. His analysis stresses the necessity for CISOs to adapt to these technological advancements to stay ahead in cybersecurity management.
Read more
Behind the Posts: How I Identify My Top 10 Cyber Threat Groups Each Week
CyAN Member, Dan Elliott
Dan Elliot offers a comprehensive analysis of the methodologies used to identify and rank the top ten cyber threat groups each week. He delves into the integration of advanced analytics, real-time intelligence, and the strategic gathering of cybercrime data. Elliot highlights how this robust approach aids in understanding the evolving tactics and motivations of threat actors, from state-sponsored units to independent ransomware gangs. The process, underpinned by collaborative international intelligence sharing and cutting-edge technology, is crucial for anticipating and mitigating cyber threats effectively. His insights emphasise the importance of adaptability and proactive defense in cybersecurity strategies.
Read more
Cybersecurity Developments in the Caribbean: Regional Collaboration and Strategic Growth
CyAN Blog by Dale Connell
Dale Connell explores the crucial cybersecurity challenges and advancements within the Caribbean. He discusses the importance of regional collaboration to enhance cyber defences against increasing threats that target key economic sectors. Through policy reforms and capacity building, Connell emphasises the need for a robust framework that supports public-private partnerships and leverages international expertise. His narrative advocates for strategic investments in cybersecurity education and infrastructure to fortify the Caribbean against cyber-attacks and ensure regional digital resilience.
Read more
Navigating the New Digital Landscape: EU’s Bold Move Against Disinformation
Kim Chandler McDonald
Kim Chandler McDonald provides an in-depth analysis of the European Union’s approach to combating disinformation through the Digital Services Act. She evaluates how new regulations aim to enforce stricter content moderation without compromising free speech. McDonald discusses the delicate balance required to manage disinformation while protecting democratic freedoms and the operational challenges tech companies face under these new laws. Her critique highlights the need for transparency and adaptability in policy-making to effectively address the complexities of online misinformation in a rapidly evolving digital environment.
Read more
CyAN Members: News
• CyAN Members Shakil Khan and Prabhat Pathak are speaking on the Cloud DevOps, Security Compliance & Operational Excellence in the Age of AI panel at SaaS.Connect 2025 on February 23 at the PSG Convention Center, Coimbatore, India. They’ll be exploring:
- AI-powered DevOps automation
- Security considerations for AI workloads
- Compliance frameworks for AI systems
- Infrastructure optimisation for ML/AI
- MLOps and ModelOps best practices
- Zero-trust security in AI environments
Register here to join them and explore how leading organisations are building secure, compliant, and operationally excellent AI infrastructure.
• CyAN Member Edward Farrell, CEO of Mercury Information Security Services, is leading a session on Introduction to Threat Modelling at CyberCon Canberra 2025! This year’s theme, Transform to Evolve, highlights the need for cybersecurity professionals to adapt and innovate in a rapidly changing digital world.
Join Edward and other top cybersecurity leaders shaping Australia’s cyber agenda: Register here.
• We are thrilled to announce the election of the new board members for CyAN! Congratulations to:
- J-C Le Toquin (President)
- Kim Chandler McDonald (Vice President)
- Saba Bagheri (Director of APAC)
- Matthieu Camus (Treasurer)
- Bharat Raigangar (Growth Advisor – MEA & India)
- Inssata Diomande-Ricourt (Africa Advisor)
- John Morgan Salomon (Communications Chief)
- Greg Dzsinich (Board Member)
Each of these individuals brings a wealth of expertise and a fresh perspective that will undoubtedly contribute to shaping the future of CyAN. We look forward to their leadership and innovative ideas to continue our mission of enhancing cybersecurity and digital safety across the globe. Join us in celebrating their election and supporting them in their new roles!
Upcoming CyAN Global Events:
• Breaking the Cycle: Combating Online IBSA for a Safer Digital Experience (Webinar) – March 6th (EST 6AM, CET 12PM, AEST 10PM)
Register here
• CyAN APAC: The Geopolitical Impacts of Cyber Threats: From Espionage to Influence
Keynote by Dan Elliot, March 12, Peoplebank, Sydney
Register here