AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/15/2024

The software at the center of debate over Chinese cyber threat inside the biggest ports in US

Cybersecurity risks associated with Chinese-made cranes at U.S. ports are not new, and recent White House action and hearings on Capitol Hill have escalated the claims about potentially serious national security vulnerabilities embedded in key infrastructure. But the Biden administration, lawmakers and ports management continue to differ in their views of the true nature of the threat. In a press briefing ahead of the recent executive order from President Joe Biden to strengthen the cybersecurity of America’s ports, Rear Adm. Jay Vann, commander of the U.S. Coast Guard Cyber Command, told reporters that 80% of the “ship-to-shore” cranes moving trade at U.S. ports are made in China and use Chinese software. He said that has led to concern that the cranes could be “vulnerable to exploitation” and used in Chinese surveillance. The Biden Administration estimates the number of People’s Republic of China (PRC) manufacturer cranes in the U.S. at 200.


TikTok is a step closer to being fully banned in the US

TikTok has been under close scrutiny in the US over the last few years, as politicians cited national security concerns over the mega-popular Chinese-owned platform. Now, the US House of Representatives has voted to pass a bill forcing TikTok parent company ByteDance to sell its US assets or be banned, Reuters reported. The bill, which was passed 352-65, will now be sent to the Senate for a vote. One US representative voted “present,” and 14 others (seven from the Republican Party and seven from the Democratic Party) declined to vote.


EU regulators pass the planet’s first sweeping AI regulations

The European Parliament has approved sweeping legislation to regulate artificial intelligence, nearly three years after the draft rules were first proposed. Officials reached an agreement on AI development in December. On Wednesday, members of the parliament approved the AI Act with 523 votes in favor and 46 against, There were 49 abstentions. The EU says the regulations seek to “protect fundamental rights, democracy, the rule of law and environmental sustainability from high-risk AI, while boosting innovation and establishing Europe as a leader in the field.” The act defines obligations for AI applications based on potential risks and impact.


Okta denies it was hacked again after data appears on hacking site

A hacker has shared a new database on an underground forum, claiming it contained data stolen from Okta – however the company begs to differ. In late October 2023, cybercriminals broke into Okta systems and stole client session cookies, potentially giving them access to those companies’ networks, and opening the doors to malware and ransomware attacks. Subsequent investigation showed that all of Okta’s customers were affected. Now, almost half a year later, a hacker with the alias “Ddarknotevil” posted a new database on a dark web forum, claiming it contained data on 3,800 Okta customers, BleepingComputer reported.


Meta sues ex infra VP for allegedly stealing top-secret datacenter blueprints

An ex-Meta veep has been sued by his former bosses for “brazenly disloyal and dishonest conduct” – and by that, they mean he allegedly stole confidential documents to help him build and recruit colleagues for an AI cloud startup. Over the course of his 12-year employment at the Facebook giant, Dipinder Singh Khurana – also known as T.S. Khurana – rose to the rank of vice-president of infrastructure. He left the mega-corp in June 2023 to take a position as senior veep of supply-chain operations at a startup still in stealth mode and not named in the lawsuit against him.



Related Posts