CyberSecurity Knuggets
Oct 22, 2024
The European Union has updated its product liability law to cover software and associated risks, like security flaws and planned obsolescence. This means companies that sell or want to sell in the EU will have to make significant changes to how they are currently doing business if they have failed to invest in proper software development and cybersecurity practices. The new directive extends liability to vendors for software that contains security flaws, and those flaws lead to any damage to consumers. It also classifies the lack of a software update mechanism to be a product defect and makes the vendor liable. Additionally, the directive extends liability to vendors who use any type of planned obsolescence system to artificially reduce the life span of their products.
In other news, there have been several breaches, hacks, and security incidents, including the Radiant Capital crypto-heist, Nidec ransomware attack, and Cisco breach. Microsoft has also lost almost a month of security logs for multiple cloud products, affecting services like Microsoft Entra, Microsoft Sentinel, and Azure Virtual Desktop. Additionally, there have been reports of wiper attacks in Israel and the Pravosodye IT system at Russian courts being down after a Ukrainian data wiper attack.
Furthermore, the US Defense Department is looking to acquire AI deepfake technology capable of creating believable internet personas. This raises concerns about the potential misuse of such technology for malicious purposes. Additionally, vulnerabilities and security research have been highlighted, including new vulnerabilities impacting SD card readers in laptops and a new side-channel attack on AMD and Intel CPUs.
Overall, the cybersecurity landscape is continually evolving, with new threats and vulnerabilities emerging. Immediate attention is required to address the potential risks posed by these developments, especially in light of the new EU directive and the increasing sophistication of cyber threats.
Stay Well!