Get A Quote
Written by Cyber Threat Intelligence Unit on 13 April 2023

U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches 

A new commercial spywares makes the headlines after being exposed for criminal use. Data protection stays a concerning issue for Chat GPT’s users, especially when it comes to industrial secrets. Interpol focused on Africa’s cybersecurity with an update on

U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches  

CISA released this week a Secure-by-design/Secure-by-default recommendation policy for a higher standard of product development with security from the design stage. The goal is to secure products and protect users.

The joint guidance published this Thursday by the U.S. security agencies along with cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand provides recommendations to software manufacturers to take ownership of the security outcomes, but also to hold their supplying technology manufacturers accountable for the security outcomes of their products.
Manufacturers are encouraged to adopt a strategic focus that prioritizes software security.

The authoring agencies developed three core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products.


Israeli Spyware QuaDreams unmasked

Last March, the Biden administration signed an executive order banning the government’s use of commercial spyware, after a series of controversy involving different Israel-based private sector offensive actors (PSOA).

This week, Microsoft and Citizen Lab published their findings on commercial spyware made by an Israel-based company QuaDream used to compromise high-value targets iPhones with a zero-click exploit named ENDOFDAYS. The zero-click exploit is undetectable, with an iCloud calendar invitations on iOS, automatically added to the victim’s agenda.

Operated from Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE), and Uzbekistan.Among, QuaDream’s spyware targeted journalists, politicians, or NGO workers across North America, Central Asia, Southeast Asia, Europe, and the Middle East.

Citizen Lab mentions: "We found that the spyware also contains a self-destruct feature that cleans up various traces left behind by the spyware itself". Among other things, the spyware can record audio and calls, take pictures, exfiltrate data, or access tracking. 


Samsung leaks confidential source code with ChatGPT

Engineers of Samsung’s semiconductor department used ChatGPT to help them on many occasions, like to fix problems with their source code. Doing so, they gave these trade secrets to Open AI, who owns the chatbot. The question over privacy concerns recently led Italy to block ChatGPT, investigating if it complies with the General Data Protection Regulation (GDPR), and more specifically private data collection, use and storage.

As the semiconductor sector is in the midst of fierce geopolitical competition, a leak like this one is costly in time and therefore in strategy for chip makers.


Interpol contribution to African cyberdefense

Interpol published in March its update on its African cyberthreat assessment report cyberthreat trends for 2023. The document is a summary of the different threats the Continent is facing at a moment when Africa is getting more connected,  facing the dark side of it, with global cyberthreats in the main room.

Cyberattacks lately rose in African countries , targeting critical infrastructure, financial institutions, relying on digital services, economies, and communities. This outlook provides better support for member countries in understanding cyberthreats at every level with in-depth analysis of latest cyberthreat landscape. 

To help fight against cybercrime in the African region, and because of huge disparities,  African countries need to pool resources, expertise, and develop basic legislative and legal frameworks to fight cybercrime. They must also share information to obtain the necessary intelligence on threat actors and treatment techniques to optimize protection.

Download the report here


Related Posts