Welcome reader to your CybersecurityHQ report.

Headlines

The SEC has announced that the Intercontinental Exchange (ICE) — owner of the New York Stock Exchange and eight subsidiaries — must pay $10 million in penalties for failing to inform the regulator about a cyberattack in a timely manner. It’s tied to an incident in April 2021, when ICE was informed about a vulnerability in their VPN.

The SEC said, “ICE investigated and was immediately able to determine that a threat actor had inserted malicious code into a VPN device used to remotely access ICE’s corporate network… ICE personnel did not notify the legal and compliance officials at ICE’s subsidiaries of the intrusion for several days in violation of ICE’s own internal cyber incident reporting procedures.”

In September 2022, Optus suffered a massive data breach that included their customers’ home addresses, passports, and phone numbers; now, Australia’s media regulator is taking legal action. The Australian Communications and Media Authority is bringing action against the company for failing to protect its customers.

The Singapore Telecommunications-owned Optus, Australia’s second-largest telco, services 10 million customers in the country. That’s 40% of the population. Since the 2022 attack, it has been taking mitigation steps and cooperating with authorities. Since then, it also famously oversaw a service blackout that affected 10 million Australians.

US lawmakers advanced the ENFORCE Act (Enhancing National Frameworks for Overseas Critical Exports Act) Wednesday in an attempt to prevent AI technologies from reaching China. The house bill met with overwhelming and bipartisan support, winning 43 to 3.

Currently, the US Bureau of Industry and Security (BIS) approves and denies exports of dual-use items (like semiconductors). But up until now, it hasn’t had control over the export of AI systems. This bill would give the BIS that control.

Interesting Read

The rise of AI has also meant the rise of more chatbots, with this feature appearing on almost every commercial website in 2024. But experts warn that all those chatbots are almost certainly not secure. That’s the main thrust of Kevin Townsend’s latest article for SecurityWeek.

An even bigger problem is that they can easily be jailbroken. And because they almost all operate off of a major AI system (like ChatGPT 3.5), they are all susceptible to easy coaxing beyond any given guardrails.

Employment Tip: Broaden Your Scope

Stay updated with technology outside cybersecurity. Fields like AI, blockchain, and IoT can provide a broader perspective and improve your ability to anticipate and counteract emerging threats. Plus, it adds to your overall command of your expertise by allowing you to make connections to bigger themes and trends.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team