AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/26/2023

Security Failures At TikTok’s Virginia Data Centers: Unescorted Visitors, Mystery Flash Drives And Illicit Crypto Mining 

For years, TikTok has told lawmakers that the private data of its U.S. users is secured — and safe from potential influence or exfiltration — in a cluster of data centers located in Northern Virginia. But interviews with seven current and former employees and more than 60 documents, photos and videos from the data centers reveal that the centers have faced security vulnerabilities ranging from unmarked flash drives plugged into servers to unescorted visitors to boxes of hard drives left unattended in hallways. Sources suggest that these challenges are the result of TikTok trying to grow its data storage capacity very quickly, and sometimes cutting corners along the way. 

 

Menaced by miscreants, critical infrastructure needs a good ETHOS 

A group of some of the largest operational technology companies are using this year’s RSA Conference as an opportunity to launch an open source early-threat-warning system designed for OT and industrial control systems (ICS) environments. Dubbed ETHOS (that’s Emerging THreat Open Sharing), the information-sharing platform is being designed to function in as open and vendor-neutral a manner as possible – even allowing individuals to contribute, not just large corporations with an advanced security posture. The idea being that those in ETHOS can help out others by giving them details and other know-how to improve the defenses of their networks. 

 

Iran-linked hackers broke into election results website in 2020, general says 

Hackers working for Iran broke into a U.S. city’s website ahead of the 2020 election with the possible intention of altering the unofficial vote counts shown on election day, a senior military cyber official said Monday. The alleged incident, which has not been previously reported, is distinct from other allegations of Iranian election interference attempts that U.S. officials announced in the days before that election. The U.S. removed the hackers before they could do any harm. 

 

U.S. Deploys More Cyber Forces Abroad to Help Fight Hackers 

The United States is sending more of its cyber forces abroad to help foreign governments fight hackers, a top U.S. military official said at the RSA cybersecurity conference in San Francisco. In the last three years, the U.S. military’s Cyber National Mission Force (CNMF) has conducted 47 such “hunt forward” defensive operations across 20 countries at the invitation of those nations, U.S. Army Major General William Hartman said on Monday. “The demand for that only increases, and they are not all the same,” Hartman, CNMF’s commander, said of the missions, speaking on the sidelines of the conference. 

 

OpenAI previews business plan for ChatGPT, launches new privacy controls 

OpenAI says that it plans to introduce a new subscription tier for ChatGPT, its viral AI-powered chatbot, tailored to the needs of enterprise customers. Called ChatGPT Business, OpenAI describes the forthcoming offering as “for professionals who need more control over their data as well as enterprises seeking to manage their end users.” “ChatGPT Business will follow our API’s data usage policies, which means that end users’ data won’t be used to train our models by default,” OpenAI wrote in a blog post published today. “We plan to make ChatGPT Business available in the coming months.” 

Related Posts