AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/14/2024

Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them 

Apple and Google announced on Monday that iPhone and Android users will start seeing alerts when it’s possible that an unknown Bluetooth device is being used to track them. The two companies have developed an industry standard called “Detecting Unwanted Location Trackers.” Starting Monday, Apple is introducing the capability in iOS 17.5 and Google is launching it on Android 6.0+ devices. Users will now get an “[Item] Found Moving With You” alert on their device if an unknown Bluetooth tracking device is seen moving with them, regardless of the platform the device is paired with.  


‘Cyberattack’ shutters Christie’s website days before $840M art mega-auction 

Christie’s website remains offline as of Monday after a “technology security issue” shut it down Thursday night – just days before the venerable auction house planned to flog $840 million of art. As of Friday morning and still today, Christie’s redirects visitors to a temporary website, reportedly due to a cyberattack. It’s not thought, at the moment, that any customer data has been stolen. The temporary site right now has the following message on it: We apologize that our full website is currently offline. We are looking to resolve this as soon as possible and regret any inconvenience. 

A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities 

When the activities of Russian hacker groups are exposed in a major public report and tied to a government agency—such as the Russian military’s Sandworm unit, which has targeted Ukrainian electrical utilities to trigger three blackouts over the past decade, or the Russian foreign intelligence service’s APT29, which is believed to have carried out the notorious SolarWinds supply chain attack—they tend to slink into the shadows and lay low until their next operation. 


Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about 

At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended RSAC in 2023. Generative AI as we know it today was only a few months old then. Everyone wanted to talk about it, but no one was quite sure of the impact it would have on cybersecurity. 


Feds beware: New studies demonstrate key AI shortcomings 

It’s no secret that artificial intelligence is almost everywhere these days. And while some groups are worried about potentially devastating consequences if the technology continues to advance too quickly, most government agencies are pretty comfortable adopting AI for more practical purposes, employing it in ways that can help advance agency missions. And the federal government has plenty of guidelines in place for using AI. For example, the AI Accountability Framework for Federal Agencies provides guidance for agencies that are building, selecting or implementing AI systems. According to GAO and the educational institutions that helped to draft the framework, the most responsible uses of AI in government should be centered around four complimentary principals. They include governance, data, performance and monitoring. 

Related Posts