Less Regulation, DOGE, 2.7B IoT breach, OpenAI 20M, Nvidia security, Salt Typhoon

Notice: FY2024 is coming in Feb 2025.

Highlights

🇺🇸 1. Less AI regulation pushed.

⚠️ 2. DOGE.gov insecure.

🚨 3. IoT breach: 2.7B records.

🕵️ 4. OpenAI: 20M credentials for sale. 

🛡️ 5. NVIDIA: AI cybersecurity platform.

Available: Q4, 2024 Book Report

Deep Dive:

🇺🇸 1.Less AI Regulation at Paris Summit [TIME, POLITICO]

• US & UK didn't sign declaration.

• US VP Vance advocated opportunity.

• President Macron pushed pro-business.

• E.U. regulations received strong criticism.

• UK: AI safety → AI security institute.

Immediate Mitigation: Be aware that international AI regulatory landscapes are diverging. Consider potential impacts on your org.

⚠️ 2.Anyone Can Push Updates to the DOGE.gov [404 Media]

• Website insecure.

• Database editable by anyone.

• Doge.gov built on Cloudflare Pages.

• Not hosted on government servers.

• Pulled from a Cloudflare Pages website.

Mitigation: Ensure that sensitive data is not accessible to unauthorized users.

🚨 3.IoT Data Breach Billions Records [Infosecurity Magazine]

• Database size: 1.17 Terabytes.

• Compromised Wi-Fi, passwords and IPs.

• Linked to Mars Hydro & LG-LED.

• 57% of IoT devices are vulnerable.

• Attackers used "nearest neighbor" exploits.

Mitigation: Audit IoT device security, enforce strong passwords, segment networks, and patch vulnerabilities quickly.

🕵️ 4.OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials [SecurityWeek, TechRadar]

• Hacker claimed 20M OpenAI credentials.

• OpenAI found no compromise.

• Data likely from infostealer malware.

• Over 4M bots collected in 2024.

• Related auth0.openai.com

Immediate Mitigation: Enable MFA, reinforce password security training.

🛡️5.NVIDIA Cybersecurity AI [NVIDIA Blog]

• Integrates BlueField-3 DPUs & Morpheus AI.

• Partners: Armis, Check Point, CrowdStrike, Deloitte, WWT.

• Real-time threat detection for infrastructure.

• Functions as virtual security overlay.

• Protects energy, utilities and manufacturing.

Immediate Mitigation: For NVIDIA customers, evaluate and implement the Cybersecurity AI platform for enhanced threat detection in critical infrastructure.

6. (bonus) Salt Typhoon is exploiting Cisco Routers [WIRED]

• Salt Typhoon still hacking telecoms.

• Breached five telecoms & ISPs globally.

• Exploited Cisco routers' web interfaces.

• Targeted 1000 devices installed.

• Sanctions don't cause course change.

Immediate Mitigation: Ensure that sensitive data is not accessible with a backup plan.

How upcoming Trump senior AI policy advisor thinks

How David Sachs thinks about AI & Crypto

California Takes the Lead on AI Regulation