Connect with us

News

UAE Adopts Largest Legislative Reform in its History

Published

on

His Highness Sheikh Khalifa bin Zayed Al Nahyan, President of the UAE, has approved a wide-ranging reform of the country’s legal system, which aims to strengthen economic, investment, and commercial opportunities, in addition to maximizing social stability, security and ensuring the rights of both individuals and institutions.

The raft of new laws and legislative amendments came during the “Year of the 50th” and are intended to keep pace with the developmental achievements of the UAE and reflect the country’s future aspirations. Over 40 laws are included in the changes, which together represent the largest legal reform in the young nation’s 50-year history.

The amendments aim to develop the legislative structure in various sectors, including investment, trade, and industry, as well as a commercial company, regulation and protection of industrial property, copyright, trademarks, commercial register, electronic transactions, trust services, factoring, and residency, in addition to laws related to society and personal security including as the Crime and Punishment Law, the Online Security Law, and a law combating the production, sale, and use of narcotics and psychotropic substances.

The new legislative changes came after intensive coordination at both the local and federal levels, where teams comprising 540 specialists and experts from 50 federal and local authorities have worked together over the past five months in consultation with over 100 private sector organisations in order to reflect global best practice in the new legal provisions.

Electronic Transactions and Trust Services
The amendments to the Law on Electronic Transactions and Trust Services aim to keep pace with technological development and enhance ongoing digital transformation.

The law gives digital signatures the same weight as a handwritten signature, a step that obviates the need for a personal presence in order to seal transactions and supporting the globally-based completion of government transactions such as contracts and agreements using a digital signature, provided that the country where the transaction originates has adopted sophisticated authentication mechanism and trust services similar to the UAE standards.

The Law of Electronic Transactions and Trust Services facilitates a wide range of civil and commercial transactions, including marriage, personal status, notary, and real estate services such as renting, buying, selling, and amending contracts.

Industrial Property Rights
The law aims to protect industrial property and regulate the procedures for its registration, use, exploitation, and assignment, to ensure support for knowledge and innovation, and to enhance the UAE’s competitiveness in the field of industrial property rights while adopting best international practices and standards.

The UAE industrial property rights law is dedicated to patents, industrial designs, integrated circuits, non-disclosure agreements, and utility certificates.  It applies across the UAE (including free zones). The law is concerned with applications and details surrounding the eligibility for patents and utility certificates and provides details about the conditions for granting patents.

The law includes sections on compulsory licenses, addressing the rights of the license holder, the multiplicity of compulsory licenses, and the exception to the conditions of compulsory licensing by the court.

Copyrights and Neighbouring Rights
The amendments of the federal law concerning copyrights and neighboring rights maximises the contribution of creative industries in the UAE economy and provide protection to authors of the works and the holders of the neighboring rights, in case aggression against their rights occurs.

The amendments offer special benefits for people of determination in order to enhance their benefit and participation in this vital sector. The law covers all substantive issues pertaining to the author’s rights and neighboring rights, including the right to determine the first publication of the work, the right of writing the work in his name, and the right to protest against alteration of the work if the alteration leads to distortion of the author’s intent.

Trade Marks
The federal law concerning Trade Marks was amended with the aim of expanding the scope of protection. The amendments offer protection to three-dimensional trademarks, holograms, sound trademarks such as musical tones associated with a company and that distinguish its products, and smell trademarks such as creating a distinctive scent for the company or brand.

The updates also include registering geographical names of trademarks or products whose name is associated with the names of specific geographic regions, countries, or cities and are famous for producing this product, in order to enhance the UAE position in promoting its famous products like dates.

Among the changes in the abolition of the requirement to have a trade license to allow the registration of a trademark, and granting SME owners temporary protection to protect the trademark of their products during participation in exhibitions.

Commercial Register
The Commercial Register Law has been amended allowing local authorities in each emirate to retain the right to establish and manage their commercial records, including registration, data monitoring, and change.

A clearer scope for applying the law was also defined to include the registration of companies and economic institutions in all forms, whether commercial (companies) or professional, such as law firms, accountants, and others, to ensure the comprehensiveness of the data contained in the commercial registry for all economic establishments in the UAE.

The commercial register is an official log held by the Ministry of Economy containing details of all businesses operating in the UAE.

Factoring and Transfer of Civil Accounts Receivable
The law is the first federal regulation in the United Arab Emirates dealing specifically with factoring and the assignment of receivables, it provides a new regulatory framework that sets out the legal requirements for assignments and transfers of receivables, validity and perfection requirements, as well as the rules for determining priority amongst competing claims over assigned receivables.

Factoring, a financing arrangement that enables a business to sell its receivables, aims at further supporting the business environment and SME’s. Factoring is a type of financial transaction in which a business sells its invoices to a factoring company.

The law organizes factoring legal requirements including the assignment of receivables and perfection. The new law applies broadly to any assignment of receivables made as part of commercial or civil transactions.

Commercial Companies
The law allows investors and entrepreneurs to establish and fully own onshore companies in all sectors, excluding a small number of reserved “strategic activities”. The amendment aims at boosting the country’s competitive advantage as a part of a wider UAE government agenda to economic diversification towards an innovation-led and knowledge-based economy.

The new Commercial Companies Law aims to increase foreign direct investment (FDI) and reaffirms the UAE’s standing as a leading business hub regionally and globally.

The law was issued to introduce certain amendments concerning Commercial Companies: it specifies the companies that are exempted from the provisions thereof, as well as corporate governance and strategic activities.

The law further details the approvals and licenses required by companies in order to undertake commercial activities within the UAE; in addition to the company’s name, contract, incorporation procedures, and conditions for increasing and decreasing the capital.

The law also clarifies the responsibilities of the board of directors, executive management, the authorities of the general assembly, the prerequisites for issuing bonds and instruments, acquisitions and the administrative penalties imposed on a person deemed to be in breach of its provisions.

Higher Education Law
The law aims to regulate the licensing of higher education institutions in the UAE, it sets the legislative framework to approve curricula, ensure effective governance and management of higher education institutions, improve the quality and competitiveness of higher education in the country, and encourage scientific research in educational institutions.

Provisions of the law apply to all higher education institutions in the country, with the exception of those operating in free zones, the law covers all levels of higher education, including diploma, higher diploma, bachelor, postgraduate diplomas, master’s degrees, and doctorate.

As per the law, the Ministry of Education is tasked with licensing and accreditation of all higher education institutions, in addition to evaluating performance, quality of educational outputs, classification, and monitoring.

Crime and Punishment Law
The UAE has ratified a new and updated Federal Crime and Punishment Law, a move intended to further develop and refine the legislative system of the United Arab Emirates.  The new legislation offers enhanced protections for women and domestic servants, strengthens public safety and security provisions and eases restrictions on extra-marital relationships and it will be fully enacted starting from January 2nd, 2022.

The new law includes the amendment and revision of a number of areas of legislation, including new criminal penalties for public disorder offenses and the de-criminalization of a number of behaviors.

The new law also prohibits the consumption of alcoholic beverages in a public place or in unlicensed locations. The law also prohibits the sale, provision or incitement, or inducement to consume alcoholic beverages to any person below 21 years of age.

The new law stipulates life imprisonment for the crime of rape or non-consensual intercourse and if the victim is under the age of 18, disabled, or otherwise rendered in a condition unable to offer resistance can be extended to capital punishment.

The new law also addresses the crime of indecent assault with imprisonment or a fine of no less than ten thousand dirhams regardless of the victim’s gender. If the use of force or threat is employed in the course of the crime, the penalty shall be imprisonment for a period of no less than (5) five years and not exceeding (20) twenty years.

The penalty will rise to a prison term of no less than (10) ten years and not exceeding (25) twenty-five years if the victim is aged under 18, disabled, or otherwise rendered in a condition unable to offer resistance. Also, the more severe penalty applies if the crime takes place in a place of work, study, shelter, or care.

The law also punishes with imprisonment for a period of no less than six months, consensual extra-marital intercourse with a person aged over 18 years, noting that a criminal case for this crime is only instituted on the basis of a complaint from the husband or guardian. In all cases, the husband or guardian has the right to waive the complaint, and the waiver entails the expiration of the criminal case or the suspension of the execution of the penalty, as the case may be.

The new law effectively decriminalizes consensual relationships out of wedlock, providing that any child conceived as a result of the relationship is acknowledged and will be cared for. Any couple conceiving a child out of wedlock will be required to marry or singly or jointly acknowledge the child and provide identification papers and travel documents in accordance with the laws of the country of which either is a national, considering the applicable laws of that nation. Failing this, a criminal case would introduce a prison term of two years for both correspondents.

One of the most important provisions newly introduced by the Crime and Punishment Law is that the law be applied to anyone who commits, or participates in, a premeditated murder that occurs against a citizen of the United Arab Emirates even if the crime takes place outside the country.

Online Security Law
The law regarding cyber-crimes and combatting online harassment, bullying, and ‘fake news’ will become effective January 2nd, 2022, it is one of the first comprehensive legal frameworks in the region to address concerns raised by online technologies and their applications and abuse.

The law aims to enhance community protection from online crimes committed through the use of networks and information technology platforms, protecting public sector websites and databases, combatting the spread of rumors and ‘fake news’, safeguarding against electronic fraud, and preserving personal privacy and rights.

The new law addresses online false advertising or promotions, including unlicensed trading in crypto-currencies and medical products and supplements.

The law contains provisions related to fake news and misleading information, using online tools, networks, and platforms to broadcast, publish, republish, circulate or recirculate fake news, including false and misleading information, false reports purporting to originate from official sources or that falsely misrepresent official announcements.

The law gives courts powers to confiscate devices, software, content or other means used in the pursuit of a crime, in addition to the deletion of such information.

Data Protection Law
The Personal Data Protection Law constitutes an integrated framework to ensure the confidentiality of the information and protect the privacy of community members by providing proper governance for optimal data management and protection, in addition to defining the rights and duties of all concerned parties.

The provisions of the law are applicable to the processing of personal data, whether all or part of it through electronic systems, inside or outside the country.

The law prohibits the processing of personal data without the consent of its owner, with the exception of some cases in which the processing is necessary to protect the public interest, or that the processing is related to the personal data that has become available and known to all by an act of the data owner, or that the processing is necessary to carry out any of the legal procedures and rights.

The law defines the controls for the processing of personal data and the general obligations of companies that have personal data and defines their obligations to secure personal data and maintain its confidentiality and privacy.

It also defines the rights and cases in which the owner has the right to request correction of inaccurate personal data, restrict or stop the processing of personal data. The law sets out the requirements for the cross-border transfer and sharing of personal data for processing purposes.

UAE Data Office
The law establishing the UAE Data Office aims at ensuring the full protection of personal data. The office, which will be affiliated with the Cabinet, is responsible for a wide range of tasks that include proposing and preparing policies and legislations related to data protection, proposing and approving the standards for monitoring the application of federal legislation regulating this field, preparing and approving systems for complaints and grievances, and issuing the necessary guidelines and instructions for the implementation of data protection legislation.

Market Research

Trellix Predicts Heightened Hacktivism and Geopolitical Cyberattacks in 2023

Published

on

Trellix has released its annual threat predictions report for 2023. Forecasts from the Trellix Advanced Research Center anticipate spikes in geopolitically motivated attacks across Asia and Europe, hacktivism fueled by tensions from opposing political parties, and vulnerabilities in core software supply chains. “Analysing current trends is necessary but being predictive in cybersecurity is vital. While organizations focus on near-term threats, we advise all to look beyond the horizon to ensure a proactive posture,” said John Fokker, Head of Threat Intelligence, Trellix. “Global political events and the adoption of new technology will breed novel threats from more innovative threat actors.”

The Trellix Advanced Research Center brings together hundreds of the world’s most skilled security analysts and researchers to serve the global threat intelligence community and organizations with the latest threat indicators and insights collected from Trellix’s extensive sensor network. Trellix Advanced Research Center forecasts the following threats in 2023:

  • Geopolitics and grey-zone conflict. Geopolitical factors will continue to be a high motivation for misinformation campaigns and cyberattacks timed with kinetic military activity.
  • Hacktivism takes center stage. As groups of loosely organized individuals fueled by propaganda align for a common cause, they will ramp up their use of cyber tools to voice their anger and cause disruption across the globe.
  • Skeletons in the software closet will multiply. Both threat actors and security researchers will heighten their study of underlying software frameworks and libraries resulting in an increase in breaches related to software supply chain issues.
  • Increasing activity by teen cybercriminals. Teens and young adults will engage at increasing levels in cybercrime – everything from large-scale attacks on enterprises and governments to low-level crimes that target family, friends, peers, and strangers.
  • Declining accuracy of code-based attribution. The outsourcing of malware creation and operation, diversification of malware development, and use of leaked source code will make attribution of cyberthreats to specific threat actors increasingly challenging.
  • Imminent global cyberthreat to critical infrastructure as cyberwarfare evolves. A significant rise in advanced cyberactors causing disruptions to critical infrastructure in vulnerable targets will be observed.
  • With more collaboration comes more phishing. Weaponised phishing attacks will increase across commonly used business communication services and apps, like Microsoft Teams, Slack, and others.
  • “Alexa, start mining bitcoins.”The advanced capabilities of consumer and enterprise IoT devices will be leveraged by hackers to mine cryptocurrencies.
  • Space hacking: only going up from here. The compromise of satellites and other space assets will increase and become more public in 2023.
  • Here’s my number, so call me, maybe. There will be a huge jump in reverse vishing – or voice phishing – attacks, with fewer tech-aware users being the primary target.
  • Attacks against the Windows domain will scale. More domain privilege escalation vulnerabilities will be discovered as well as more real-world attacks against Microsoft Windows with the explicit goal of complete network takeover.

“We started 2022 with an industry-wide vulnerability in Log4J, which was closely followed by cyber and physical war targeting Ukraine. We’re closing the year observing hacktivists taking matters into their own hands, new actors in operation, and a changed but increasingly active ransomware landscape. As stress continues to weigh on the global economy, as we head into the new year, organizations should expect increased activity from threat actors looking to advance their own agenda – whether for political or financial gain,” commented Vibin Shaju, VP EMEA, Solutions Engineering, Trellix. “To outwit and outpace bad actors and advance defenses proactively, security must be always-on and always learning.”

Continue Reading

Market Research

North Korea-Linked Group Launches Dolphin Backdoor: ESET Research

Published

on

ESET researchers analyzed a previously unreported sophisticated backdoor used by the ScarCruft APT group. The backdoor, which ESET named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices, exfiltrating files of interest, keylogging, taking screenshots, and stealing credentials from browsers. Its functionality is reserved for selected targets, to which the backdoor is deployed after the initial compromise using less advanced malware. Dolphin abuses cloud storage services — specifically Google Drive — for Command and Control communication.

ScarCruft, also known as APT37 or Reaper, is an espionage group that has been operating since at least 2012. It primarily focuses on South Korea, but other Asian countries have also been targeted. ScarCruft seems to be interested mainly in government and military organizations, and companies in various industries linked to the interests of North Korea.

“After being deployed on selected targets, it searches the drives of compromised systems for interesting files and exfiltrates them to Google Drive. One unusual capability found in prior versions of the backdoor is the ability to modify the settings of victims’ Google and Gmail accounts to lower their security, presumably to maintain Gmail account access for the threat actors,” says ESET researcher Filip Jurčacko, who analyzed the Dolphin backdoor.

In 2021, ScarCruft conducted a watering-hole attack on a South Korean online newspaper focused on North Korea. The attack consisted of multiple components, including an Internet Explorer exploit and shellcode leading to a backdoor named BLUELIGHT.

“In the previous reports, the BLUELIGHT backdoor was described as the attack’s final payload. However, when analyzing the attack, we discovered through ESET telemetry a second, more sophisticated backdoor deployed on selected victims via this first backdoor. We named this backdoor Dolphin based on a PDB path found in the executable,” explains Jurčacko.

Since the initial discovery of Dolphin in April 2021, ESET researchers have observed multiple versions of the backdoor, in which the threat actors improved the backdoor’s capabilities and made attempts to evade detection.

While the BLUELIGHT backdoor performs basic reconnaissance and evaluation of the compromised machine after exploitation, Dolphin is more sophisticated and manually deployed only against selected victims. Both backdoors are capable of exfiltrating files from a path specified in a command, but Dolphin also actively searches drives and automatically exfiltrates files with interesting extensions.

The backdoor collects basic information about the targeted machine, including the operating system version, malware version, list of installed security products, username, and computer name. By default, Dolphin searches all fixed (HDD) and non-fixed drives (USBs), creates directory listings, and exfiltrates files by extension. Dolphin also searches portable devices, such as smartphones, via the Windows Portable Device API. The backdoor also steals credentials from browsers, and is capable of keylogging and taking screenshots. Finally, it stages this data in encrypted ZIP archives before uploading it to Google Drive.

Continue Reading

Market Research

Kingston Reiterates the Role of Encrypted Hardware in Mobile Healthcare Data Security

Published

on

Kingston Technology Europe has emphasised the importance of hardware-based encryption in strengthening mobile healthcare data protection efforts across the globe. The company made the statement as data breaches remain one of the biggest digital threats within the healthcare industry, thereby raising the need for stronger data security protocols and stringent compliance with relevant policies.

The average total cost of a healthcare data breach worldwide rose by almost $1 million to reach $10.10 million in 2022, according to IBM Security analysis of research data compiled by Ponemon Institute. Healthcare breach costs have been the most expensive industry for 12 consecutive years, increasing by 41.6% since the 2020 report.

Kingston maintained that hardware encryption can help bridge gaps by providing a fortified layer of data protection through an encryption process designed to be unbreakable or hard to intercept. Whether stored or transported, the medical data saved in encrypted hardware devices such as USBs can be accessed only through authentication codes set by authorised individuals.

The encryption feature is also separate from any PC, mobile phone, or network systems to keep the data out of reach in the event cybercriminal breaks into the gadgets or online networks. Security is also assured even if the encrypted device ends up being misplaced, lost, or stolen. “Encrypted drives such as IronKey encrypted USBs are made to keep the data from falling into the wrong hands. Many are equipped with top-notch features that can also detect and respond to physical tampering and provide automatic data protection upon drive removal for added peace of mind,” said Antoine Harb, the Team Leader for Middle East and North Africa at Kingston Technology.

“Such capabilities are vital given that human error is considered one of the common causes of data breaches. One recent example took place in Japan where a worker reportedly lost a memory stick that contained the personal data of all residents of a Japanese city after a night out. The data had been encrypted and password-protected, preventing unauthorized access, Hardware-based encryption not only offers strong and reliable protection but is also a practical and easy-to-use approach to safeguarding private healthcare-related information,” added Harb.

According to Harb, it offers out-of-the-box cybersecurity measures minus the need for regular updates like those required in the software-based encryption processes. “Cybercrimes are on the rise worldwide, resulting in astronomical financial and reputational costs. In the Middle East, IBM Security reported that the region had the second highest average total data breach cost reaching $7.46 million in 2022 from $6.93 million last year,” the company said.

Among other factors, the Middle Eastern countries’ financial and economic status has been cited as one of the main reasons behind the online network attacks. In the Gulf region, the attacks on Dubai-based NHS Moorfield Hospital and GlobeMed Saudi were considered one of the top breaches in the UAE and Saudi Arabia, respectively.

Calls for improved data security levels are, therefore, mounting. Across the globe, laws, and regulations, including the General Data Protection Regulation, have already been enforced for a higher level of data privacy and security. In the UAE, the government has also imposed strict compliance of healthcare providers with its Health Data Law. “We can only expect that online network intrusions will grow and become even more sophisticated and bold as the world transitions to an ultra-connected society. Implementing or using encrypted devices is an important cybersecurity protocol that both individuals and corporations can adopt for stronger and easier-to-use data protection. Understanding one’s needs and, in the case of healthcare providers, knowing the importance of protecting the patients’ private mobile data, among others, play an important role in choosing the right encrypted hardware,” Harb added.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.