At a glance.
- CISA discusses Log4j with critical infrastructure stakeholders.
- Israel's cybersecurity sector reacts to NSO Group scandal.
- UK considers more stringent online safety regulations.
- New UAE data protection law.
CISA will discuss Log4j with critical infrastructure stakeholders.
In response to the discovery of a zero-day vulnerability in the ubiquitous Log4j logging library, CyberScoop reports that the US Cybersecurity and Infrastructure Security Agency (CISA) has scheduled a call with critical infrastructure stakeholders to discuss mitigation efforts. CISA director Jen Easterly explains, “We are proactively reaching out to entities whose networks may be vulnerable and are leveraging our scanning and intrusion detection tools to help government and industry partners identify exposure to or exploitation of the vulnerability.” CISA issued an alert Friday advising federal and civilian organizations to patch against the bug immediately, as Log4j is an open-source logging utility used to track software activity in leading applications like Minecraft, Apple iCloud, and Twitter.
Israel's cybersecurity sector reacts to NSO Group scandal.
Israeli surveillance tech company NSO Group, which landed on the US government’s blacklist after its controversial Pegasus spyware was found to be used against civilians worldwide, is reportedly considering shutting down the Pegasus operation and selling the company. The Times of Israel explains that two potential US buyers have emerged with an offer to help the company transition to offering only defensive services. Though NSO has not confirmed this report, the move would not be surprising, given the difficult position in which NSO found itself after the Pegasus revelations. Not only is NSO about $500 million in debt, but the company is also being sued by Apple for targeting its users. Apple is seeking a permanent injunction to prevent the company from using any Apple products. Haaretz reports Israeli officials are concerned that this is just the start, and that the US might use this momentum to take down the entire Israeli cybersecurity sector. With NSO blacklisted, there are fears its researchers, some of the best in the field, might take their expertise and privileged knowledge to foreign firms.
Parliament pushes to tighten online safety regulations in drafted UK bill,
A new parliamentary report aims to add stricter standards and bigger fines to the UK’s proposed Online Safety Bill. BBC News explains that the bill aimed at regulating UK social media and tech companies is already seen as groundbreaking in its efforts to regulate the “wild west” of the internet. As Computing reports, the joint committee overseeing the bill would like it to cover more offenses, like content promoting self-harm and fraudulent advertising. The committee also aims to grant the Office of Communications the ability to hold platforms responsible for protecting users from racist content and to shield minors from potentially abusive situations, and to give OfCom the power to investigate, audit, and impose fines on companies found in violation. Members of Parliament have stated their recommendations aim to put power back in the hands of parliament and the regulator by creating mandatory codes that set expectations of the companies and end the era of catastrophic disregard for the harmful outcomes of their business practices.”
UAE to implement new data protection law.
The United Arab Emirates will be following Saudi Arabia in passing the Federal Decree-Law No (45) of 2021 Regarding the Protection of Personal Data (PPD), a data protection law that effectively mirrors the EU’s General Data Protection Regulation (GDPR). The PPD will be accompanied by a collection of Executive Regulations likely to be published in March 2022, and organizations will have an additional six months to reach compliance. JD Supra offers advice on how companies can begin preparing now for the new law, and highlights how the PPD resembles the GDPR.