The event opened with a keynote address by H.E. Dr. Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government, followed by a high-level panel discussion featuring H.E. Fatima Yousif Al Naqbi, Acting Assistant Undersecretary for the Support Services Sector at the Ministry of Finance, and the Ministry’s representative at Mohammed Bin Rashid Innovation Fund (MBRIF); Abeer Al Ameeri, Head of Partnerships and Programs at Sharjah Entrepreneurship Center (Sheraa); Maher Al Kaabi, Independent Board Member at Alserkal Group; Dr. Veselina Yankova, Program Chair of Innovation & Entrepreneurship at Higher Colleges of Technology (HCT), and Sonia Weymuller, Co-Founder and General Partner at VentureSouq.

The panel was moderated by Asmae Lemniei, Managing Director at Lean X Consulting, and offered a dynamic dialogue on The E71 model for building a thriving cybersecurity and AI innovation ecosystem, setting the tone for the sessions that followed. A major highlight of the event is the Unlock Pitch Competition, taking place in North Star. A select group of startups will pitch their innovative solutions live to a panel of investors, policymakers, and industry leaders. The competition aims to highlight promising ventures and accelerate growth opportunities through visibility and strategic engagement.

CyberE71’s presence at GISEC North Star reflects its commitment to nurturing cybersecurity tech talent and positioning the UAE as a regional leader in cybersecurity innovation. Through dynamic programming, investor engagement, and strategic partnerships, the event is bringing together the region’s brightest minds to co-create tomorrow’s cyber solutions.

Through working closely with Check Point, Fuse will foster a safer ecosystem for all users and developers, accelerating its goal of mainstreaming crypto payments for B2B and B2C applications. Check Point’s technology is capable of preventing malicious transactions in real-time, leveraging advanced AI-powered threat engines that draw from more than 30 years of global cyber intelligence. The collaboration with Check Point extends beyond smart contract-level audits. With real-time threat detection coming soon, the integration will offer comprehensive protection across the entire network, reinforcing Fuse’s commitment to safeguarding user funds and trust, while establishing new standards for blockchain security infrastructure

Fuse CEO Mark Smargon said, “Prevention is always better than a cure, particularly with crypto networks that serve as the backbone for global payments. With Check Point providing a dedicated security layer, we’re confident that we can not only deter hackers, who are becoming increasingly sophisticated, but pioneer a cybersecurity model that will become the gold standard for protecting web3 protocols.”

“We’re proud to partner with Fuse and bring Check Point’s real-time threat prevention to Web3. By applying our leading threat intelligence, we’re setting a new standard for blockchain security—protecting users, wallets, and dApps,” says Dan Danay, Head of Web 3.0 Security at Check Point Software Technologies. “Just as robust cybersecurity powered the rise of Web 2.0, real-time prevention will be key to Web3’s mainstream adoption.”

Fuse recently launched Ember Nodes with support from leading partners including Collider Ventures, Tectona, Spark, TRGC, and Blockchain Founders Fund. It attracted broad community support, giving users an opportunity to acquire nodes and participate in network governance and validation. Just as it pioneered network firewall technology for Web 2.0, Check Point is now supporting the evolution of Web 3.0 by tackling its most critical barrier—security. The Check Point partnership will support Fuse in its quest to become the preeminent web3 network for stablecoin payments. In the process, it will champion better blockchain security for all users across its ecosystem.

“In today’s rapidly evolving digital landscape, cyber resilience is not just an option—it’s a necessity,” said Fady Richmany, Regional Vice President & General Manager, Emerging Markets, CEE, CIS & META at Commvault. “At Commvault, we’re redefining how organizations move from continuous threats to continuous business. With AI-driven security, innovative solutions, strategic partnerships, and a cloud-first approach, we are empowering enterprises across EMEA’s Emerging Markets to stay ahead of cyber risks and build a future-ready defense. Join us in Dubai for Commvault SHIFT as we unveil the next era of cyber resilience.”

The SHIFT Dubai agenda will feature keynote sessions, a deep dive into the Commvault product roadmap, panel discussions, and expert insights from Microsoft, IDC, Core42, AWS, Pure Storage, and other industry leaders. Attendees will gain exclusive access to thought leadership and direct strategy on modern cyber resilience strategies, AI-driven security trends, how to maintain continuous business and understanding the concept of Minimum Viable Company.

The UAE’s cyber market, projected to grow to $9.8 billion by 2028, highlights the nation’s commitment to innovation. However, 58% of UAE enterprises report their cybersecurity measures fail to match the scale of their digital acceleration. Commvault’s SHIFT Roadshow reinforces its mission to close this gap, empowering UAE businesses to future-proof data protection, streamline compliance, and neutralize threats in an era of relentless AI-powered attacks.

The newly discovered approach to exploitation can be applied to attacks on devices equipped with Intel Pentium, Celeron, and Atom processors from the Denverton, Apollo Lake, Gemini Lake, and Gemini Lake Refresh series. Production of these chips has ended, yet they remain in embedded systems, such as automotive electronics, and in ultra-mobile devices, including e-readers and mini-PCs. Intel was notified in accordance with the responsible disclosure policy but rejected the described problem and refused to take measures to eliminate or reduce the threat level.

The main exploitation vector involves supply chain attacks. Attackers can embed spyware at the assembly or repair stage without altering the hardware. “This approach requires no soldering or any other physical modification,” said Ermolov. “Local access is enough to retrieve the encryption key and inject malicious code into Intel CSME firmware. These implants often slip under the radar of Intel Boot Guard, virtualization-based security (VBS), and antivirus solutions. They can operate unnoticed, capture user data, lock devices, erase or encrypt files, and carry out other destructive actions.”

A secondary risk involves exploiting these formerly patched flaws to bypass DRM safeguards, which can grant unauthorized access to content from various streaming services. The newly identified method also circumvents some Amazon e-reader protections, allowing threat actors to copy data on devices powered by vulnerable Intel Atom processors. Attackers can also use these tactics to access data on encrypted storage devices like hard drives or SSDs. This approach can target laptops or tablets built on the at-risk processors.

The SSRF vulnerability, rated 6.5 on the CVSS 3.0 scale, affected versions 7.x through 8.0.x. When exploited, this vulnerability could hypothetically expose companies to attacks on internal networks, since it allowed an attacker to send arbitrary HTTP requests to external or internal resources on behalf of the server. To address the vulnerability, users should promptly update to Veeam Service Provider Console version 8.1.0.21377 or later.

According to the vendor, Veeam solutions are used by more than 550,000 customers from different countries, including 74% of Forbes Global 2000 companies. According to publicly available search engines, the list of the most active users of Veeam products is headed by the United States, Germany, and France, while UAE ranks 32nd. Veeam has the largest market share among global data replication and protection software vendors and has been named a leader in Gartner’s Magic Quadrant for Enterprise Backup and Recovery Software Solutions report for eight years in a row.

Veeam Service Provider Console could potentially be attacked directly from the web. As of January 2025, open-source data indicated that there were 2587 vulnerable systems worldwide. The majority of installations are in the United States (26%), Türkiye (20%), Germany and Great Britain (6% each), Canada and France (5% each).

“Before the patch was released, the vulnerability primarily posed a risk to large enterprise segment companies—the main users of Veeam Service Provider Console,” said Nikita Petrov, a Senior Penetration Testing Specialist in the Security Analysis Department, Positive Technologies. “Attackers could initiate a request from the server to a resource that is not accessible from the outside and gain the ability to interact with it. This would allow them to obtain information about the victim’s network infrastructure and thus simplify the implementation and subsequent development of attacks. For example, one possible consequence of the penetration could be the exploitation of vulnerabilities present in internal systems.”

This is not the first vulnerability in Veeam Software products that Positive Technologies experts have helped to fix. In 2022, Nikita Petrov discovered two security flaws at once in Veeam Backup & Replication, a popular backup system for automating backup and disaster recovery. Another flaw was discovered in Veeam Agent for Microsoft Windows, a Windows data backup software.

1. Cloud AI workloads aren’t immune to vulnerabilities: Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads.
2. Jenga-style cloud misconfigurations exist in managed AI services: 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk.
3. AI training data is susceptible to data poisoning, threatening to skew model results: 14% of organizations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket.
4. Amazon SageMaker notebook instances grant root access by default: As a result, 91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access, which could result in the potential modification of all files on it.

“When we talk about AI usage in the cloud, more than sensitive data is on the line. If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust,” said Liat Hayun, VP of Research and Product Management, Cloud Security, Tenable. “Cloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organizations to achieve responsible AI innovation.”

The latest enhancements in KATA 7.0 address key customer challenges by delivering full visibility across IT infrastructure, advanced defense against sophisticated threats, and a streamlined, resource-efficient security solution. The update introduces network telemetry export from Kaspersky Endpoint Security for Windows and Linux, adding one more additional source of network data collection to copy of SPAN traffic, which improves visibility and threat detection.

The introduction of new asset management, network map, and network session table modules, provides SOC analysts with enhanced tools for monitoring and managing network security through graphical representations, advanced filtering, and interactive features. These additions create a complete network inventory and management system. The updated platform also strengthens internal traffic monitoring with new NDR IDS rules for east-west traffic analysis, improving the detection of lateral movement, data exfiltration and other malicious attempts that could previously have gone unnoticed.

Additionally, new risk and anomaly detection capabilities identify hidden threats and potential security vulnerabilities before they escalate into breaches, helping organizations proactively manage cybersecurity risks. As KATA offers comprehensive security at both the network and endpoint levels, its Endpoint Detection and Response technology, EDR Expert, has also undergone significant updates in version 7.0. The variety of collected telemetry types has been expanded, providing enhanced visibility into an event at endpoints.

Threat hunting search capabilities have also been improved, with search now available across all the events attributes. This enables more effective threat detection and creates more accurate exceptions to minimize false positives. Sigma-rules support has also added with this update meaning it is now possible to find threats according to the condition contained in the Sigma rule in historical data or new events collected from the endpoints.

“With the launch of KATA 7.0, we are reinforcing our commitment to providing enterprises with a fully integrated security solution capable of detecting and mitigating complex threats across both network and endpoint levels,” said Alexander Rumyantsev, Senior Product Manager Cloud & Network Security at Kaspersky. “These enhanced NDR capabilities, expanded visibility, and real-time intelligence empower organizations to detect and mitigate threats more effectively than ever before.”

The vulnerability, which is registered as BDU:2024-06211 with a CVSS 3.0 score of 8.4, affects the following D-Link models: DIR-878, DIR-882, DIR-2640-US, DIR-1960-US, DIR-2660-US, DIR-3040-US, DIR-3060-US, DIR-867-US, DIR-882-US, DIR-882/RE, DIR-882-CA, and DIR-882-US/RE. At the time of the research, vulnerable routers could be discovered using search engines in the United States, Canada, Sweden, China, Indonesia, and Taiwan.

According to the manufacturer, these models are no longer supported. D-Link recommends retiring the outdated devices and replacing them with supported devices that receive firmware updates. “If this vulnerability is successfully exploited, a malicious user authorized in the router’s web interface can compromise the entire device and gain access to all traffic passing through it,” says Vladimir Razov, Web Application Security Analyst at PT SWARM, the offensive security department at Positive Technologies.

As a temporary measure to mitigate the threat, Vladimir Razov recommends using OpenWrt (an open-source embedded operating system based on the Linux kernel and designed specifically for routers) or changing the login credentials for accessing the router’s web interface. Previously, Positive Technologies helped address vulnerabilities in Zyxel routers and other Zyxel devices. Positive Technologies also enhanced its PT Industrial Security Incident Manager (PT ISIM) with an additional expertise pack, enabling cybersecurity teams to detect attempts to exploit vulnerabilities in MikroTik routers and Cisco switches.

Ramadan is synonymous with goodwill and charitable donations, making it a prime target for malicious actors. Cybercriminals are leveraging religious sentiments to trick unsuspecting donors and investors into fraudulent schemes, draining digital wallets, and stealing sensitive financial information. CloudSEK’s latest research has uncovered a surge in scams using social engineering tactics to exploit trust. One of the most concerning trends is the emergence of ‘Ramadan AI’, a deceptive platform falsely promising crypto rewards to those who engage in faith-based activities.

Key findings from CloudSEK’s investigation:

• Fake Ramadan Crypto Giveaways: Fraudulent websites are enticing users with the promise of free cryptocurrency in exchange for connecting their wallets, ultimately leading to fund theft through malicious smart contracts.
• Manipulation Through Religious Sentiments: Scammers have introduced “Earn While You Worship” programs, encouraging users to participate in religious acts such as prayer and Quran recitation in exchange for digital currency, creating a dangerous gateway for financial exploitation.
• Deceptive Social Media Tactics: Over 15 newly created accounts on X (formerly Twitter) have been promoting dubious Ramadan-themed tokens ($RMDN, $RAMADAN, $SABR, and $DOZERAMZAN), misleading users into buying volatile and potentially fraudulent investments.
• Fraudulent E-Commerce Websites: Cybercriminals are operating fake online stores, particularly targeting Ramadan shoppers with deep discounts on cultural attire. Victims often receive counterfeit goods—or nothing at all.
• Zakat and Charity Scams: Fake donation campaigns, falsely claiming to represent legitimate Islamic charities, are tricking generous individuals into transferring funds to fraudulent accounts.
• Fake Mobile Data Giveaways: Over 50 newly registered domains with “.top” and “.xyz” TLDs have been associated with fraudulent Ramadan data giveaway campaigns, primarily targeting telecom users in the Philippines and the Middle East.

“These scams are not just isolated incidents; they represent a massive, coordinated effort by cybercriminals to exploit religious generosity on a global scale. The sheer volume of fraudulent crypto projects, fake charities, and deceptive e-commerce operations detected this Ramadan highlights a deeply concerning trend. With over 50 fake domains identified, we urge users to exercise extreme caution when making donations or investing in Ramadan-themed tokens,” Noel Varghese, Threat Researcher, CloudSEK.

CloudSEK warns that these scams not only pose a financial risk but also damage trust in genuine charitable efforts. The report underscores the urgent need for heightened awareness, stronger regulations, and responsible digital behavior to prevent unsuspecting individuals from falling victim to these schemes.

How to stay safe:

• Verify Charitable Organizations: Only donate to established charities by checking their official websites and verifying their credentials before making contributions.
• Be Wary of Unrealistic Offers: If an investment or giveaway appears too good to be true, it likely is. Avoid offers promising large crypto rewards with minimal effort.
• Protect Your Crypto Assets: Never connect your crypto wallet to unverified platforms or share sensitive information, such as private keys or seed phrases.
• Scrutinize Social Media Promotions: Avoid engaging with newly created accounts aggressively promoting crypto giveaways and investment schemes, particularly those leveraging religious themes.

While 55% of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience. This imbalance, combined with the convergence of IT and OT environments, creates new vulnerabilities adversaries are exploiting at an alarming rate.

Key Findings from the report:

• Critical Infrastructure Under Attack: Over the past year, more than 50% of organizations experienced at least one security incident involving ICS/OT systems. Among the top vulnerabilities exploited were internet-accessible devices (33%) and transient devices (27%), often used to bypass traditional defenses.
• Budget Gaps Leave ICS/OT at Risk: Despite growing recognition of OT cybersecurity as a priority, only 27% of organizations place budgetary control under CISOs or CSOs. Without dedicated leadership, budget allocation often overlooks critical ICS/OT-specific needs, exposing infrastructure to evolving threats.
• IT as a Primary Attack Vector: The report identifies IT compromises as the most common entry point, responsible for 58% of ICS/OT incidents. This highlights the urgent need for integrated security strategies that address cross-domain vulnerabilities.
• Insufficient Budgets for ICS/OT Security: Many organizations continue to underfund ICS/OT-specific protections. Less than half allocate only 25% of their cybersecurity budgets to safeguarding critical infrastructure, leaving systems exposed to attacks.

The 2025 ICS/OT Cybersecurity Budget Report stresses the need for organizations to rethink their cybersecurity strategies:

• Allocating proper budgets to ICS/OT defenses: devices and endpoints
• Strengthening defenses against cross-domain attacks
• Ensuring cybersecurity leadership oversees budget decisions to align spending with operational risk

Dean Parsons, Principal Instructor and CEO and Principal Consultant of ICS Defense Force stated, “The evolving threat landscape in ICS/OT demands more than just deploying the five ICS Cybersecurity critical controls. Effective critical infrastructure defense requires a strategic investment in ICS/OT-specific security training, ensuring that those responsible for monitoring ICS controls have a deep understanding of control system networks. One of the most concerning findings in the report is that while cybersecurity budgets have increased, much of the investment remains focused only on traditional business support systems such as IT, leaving ICS/OT environments, the business itself, dangerously under-protected. After all, in an ICS organization, the ICS is the business. Organizations that fail to reevaluate their threats to their ICS environments leave critical infrastructure vulnerable to increasingly sophisticated attacks. Protecting these engineering systems isn’t optional—it’s essential for operational resilience and national security.”