Ukraine telco down, Sullivan advocates for CISOs, GAO on AI
Cyber attack shuts down Ukrainian telco?
Yesterday Kyivstar, Ukraine’s largest telco, disclosed a cyberattack. This saw customers experiencing network outages. While Kyivstar characterized this as a “large-scale technical failure” it maintained it did not impact customer data. Sources say Ukraine’s state cybersecurity agency began investigating the incident and that the decision to shutdown services came in consultation with state security services. The outage also impacted services at PrivatBank, Ukraine’s largest state-owned bank. The identity of the attacker remains unknown, but it’s hard not to suspect some sort of Russian involvement, given its ongoing invasion of Ukraine.?
Former Uber CISO advocates for CISO protections
In the keynote address at Black Hat Europe, former Uber CISO Joe Sullivan shared details about the 2016 data breach overseen under his watch at the company. Outside of the details of that incident, Sullivan said he now gets approached by potential first time CISOs asking if they should take on the risk. He recommends CISO applicants talk with a company’s general counsel and CEO to understand breach disclosures, and create a personal incident response plan to consider how they would personally survive a damaging breach.?
GAO report on government AI usage
Like many other private organizations, the US government isn’t being shy about jumping on the AI bandwagon. But a 2020 executive order requires agencies to release public annual inventories about current and planned AI deployments. The Government Accountability Office looked into how agencies met these requirements. It found out of 23 agencies obligated to submit inventories, only 20 did, but only five “provided comprehensive information” across use cases. Overall the GAO found agencies disclosed 888 use cases, with roughly half focused on science applications. NASA led all agencies with 375 AI use cases. The report also notes large inconsistencies with how agencies report these use cases to various government offices.?
(FedScoop)
Jury rules Google holds app store monopoly
In Epic Games’ lawsuit against the search giant, a jury ruled that the Google Play store and Play Billing service form an illegal monopoly. In 2020 Epic Games sued both Apple and Google for their app store policies. In 2021 Epic largely lost its legal battle with Apple. It’s not clear what this will immediately mean for Google. The company said it plans to appeal the ruling, saying it faces competition from Apple. Judge James Donato will decide any appropriate remedies. Notably, Epic did not seek monetary damages in the case, rather great freedom on Android to spin up rival app stores and payment platforms.?
领英推荐
Huge thanks to our sponsor, Barricade Cyber Solutions
Texas TikTok ban upheld
U.S. District Judge Robert Pitman rejected a lawsuit seeking to block the state’s ban of the popular video app on devices of state employees. The Knight First Amendment Institute at Columbia University filed the lawsuit in July, saying the law would impede research that related to TikTok. The judge rejected the suit, calling the state’s law a “reasonable restriction” and noting that faculty could access the app on personal devices. Texas is not alone in the ban, over 30 states and many federal agencies banned the app on government devices.?
(Reuters)
Nvidia walking a line with China
Sales of any kind of advanced chips to China remains a hot button issue with the US government, chips for AI workloads in particular. As the largest AI chipmaker, this puts Nvidia into the government’s focus. In a recent interview with Reuters, US Commerce Secretary Gina Rainmondo clarified that Nvidia “can, will and should sell AI chips to China” but specified these for general commercial applications. Rainmondo said any chips that would enable China to train “frontier models” would remain banned. Rainmondo also said Nvidia remains a productive partner with Commerce in complying to policy, and will not seek to produce chips that fall just under any “cutline” hardware caps established by the administration.?
(Reuters)
Crypto thefts likely to decline in 2023
Last year, threat actors stole roughly $4 billion worth of cryptocurrency. That’s likely to drop significantly this year, estimated at around $1.7 billion so far according to the financial crime analysts TRM Labs. These losses remain largely centered on large-scale attacks. Roughly 70% of all stolen funds in 2023 came from the 10 biggest attacks. That largely tracks with last year, it’s just that attacks against the Ronin Bridge and other high profile targets netted much larger losses. Overall analysts estimate infrastructure attacks accounted for 60% of losses in 2023.?
FBI guidance on SEC disclosures
The US Federal Bureau of Investigations issued clarifications on when companies may delay notifying the Securities and Exchange Commission of material breaches. It stated the Justice Department may issue a 30-day delay for notifications due to national security or public safety reasons. In extraordinary situations, this can push out further, but any delay over 120 days must com from an order from the SEC directly. The FBI will receive and process delay requests on behalf of the Justice Department. Companies must still disclose these breaches to the FBI or CISA directly, and delays in reporting material breaches to the agency will cause automatic denial of delay requests.?