AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/01/2024

Senate bill pushes cyber mandates for medical industry in wake of Change Healthcare debacle

Hospitals and other healthcare businesses would be required to adopt minimum cybersecurity standards and face annual audits under new legislation introduced by two prominent senators on Thursday. The Health Infrastructure Security and Accountability Act, announced by Sens. Ron Wyden (D-OR) and Mark Warner (D-VA), would  provide $1.3 billion for the Department of Health and Human Services (HHS) to support hospitals and create “serious accountability” for companies that fail to meet cybersecurity standards.

Critical flaw in NVIDIA Container Toolkit allows full host takeover

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. The security issue is tracked as CVE-2024-0132 and allows an adversary to perform container escape attacks and gain full access to the host system, where they could execute commands or exfiltrate sensitive information. The particular library comes pre-installed in many AI-focused platforms and virtual machine images and is the standard tool for GPU access when NVIDIA hardware is involved.

 

Man charged for selling forged license keys for network switches

The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. Benjamin Paley, 75, a resident of Plymouth in Minnesota, and co-owner of IT company GEN8 Services, has been indicted in the U.S. for his participation in an international conspiracy to traffic counterfeit networking devices. According to an announcement by the U.S. Department of Justice (DoJ), Benjamin Paley, 75, along with co-conspirators Wade Huber and David Rosenblatt, ran a scheme between 2014 and 2022 to sell counterfeit software license keys for Brocade switches.

 

T-Mobile pays $31.5 million FCC settlement over 4 data breaches

The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers. This agreement resolves the FCC Enforcement Bureau investigations into several cybersecurity incidents and resulting data breaches that impacted T-Mobile’s customers in 20212022, and 2023 (an API incident and a sales application breach). As part of the settlement, the telecom carrier must invest $15.75 million in cybersecurity enhancements and pay the U.S. Treasury an additional $15.75 million civil penalty.

 

Elaborate Deepfake Operation Takes a Meeting With US Senator

Earlier this month, Senator Ben Cardin (D-Md.), who serves as the Democratic chair of the Senate Foreign Relations Committee, was targeted in an advanced deepfake operation that managed to in part succeed in duping the politician. The operation was centered around Cardin’s professional association with Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs. Cardin’s office reportedly received an email from someone they believed to be Kuleba, who Cardin already knew from past meetings. Kuleba and Cardin met via Zoom through what seemed to be a live audio-video connection “that was consistent in appearance and sound to past encounters,” according to a notice issued by the Senator’s security office.

Related Posts