March 2024 - Latest Cyber Security News
Each month we post a round-up of cyber security news that we find insightful and contributes to a more full understanding of the world of cyber security.
European Parliament Passes Artificial Intelligence Act
The European Parliament passed its Artificial Intelligence law which is designed to:
Ensure that general purpose artificial intelligence has safeguards and is required to meet transparency requirements
Limit the ability for law enforcement to use AI-powered biometric identification systems
Prevent AI social scoring as well as the use of AI to manipulate user vulnerabilities
Create a system to file complaints against organizations leveraging or offering AI and receive meaningful explanations
Wondering why this matters if you’re not in the European Union (EU)? The EU is often at the vanguard of putting strong privacy and security protections in place to protect its citizens. Following the EU putting security and privacy protections in place, we’ve seen a pattern of non-EU governments at the national, state, and local levels establish similar measures to protect their own citizens. [Source]
We’ve also seen other governments, such as the United Nations, the US, and UK, adopt similar agreements and resolutions in recent weeks. [Source]
US Water Systems Under Cyber Attack
The US government released an advisory to the nation’s governors about Chinese government cyber attacks on US critical infrastructure, including water supply and treatment systems. The report details efforts by the hackers to position themselves on IT systems associated with critical infrastructure in preparation for disruptive or destructive attacks during a potential conflict between the US and China.
Despite being so important for our health and society, the IT systems that operate critical infrastructure tend to be very insecure. The Chinese government hackers have specifically targeted critical infrastructure associated with communications, energy, transportation systems as well as water and wastewater systems. [Source]
Hackers Use Your Home and Small Office (SOHO) Routers To Conduct Attacks
For years, hackers have targeted internet router devices used in homes and small offices. These routers are themselves computers that are often running long-forgotten or out-of-date software riddled with vulnerabilities and configured insecurely by default. Most people don’t take the time to check the security settings and conduct updates as routers are typically a set-and-forget type of device.
Officials with the FBI recently announced that they conducted an operation to remove Russian and Chinese government malware from these home/small office routers across the world. While it’s great that the FBI was able to remove this malware, we recommend making sure that your router is updated and securely configured. [Source]
