Image: Shutterstock

North Korea's Supercharged State-Backed Cryptocurrency Theft

Mathew J. Schwartz • December 1, 2023

To service the perpetually cash-starved regime of North Korea, hackers will continue their relentless onslaught on cryptocurrency - and all users of it - with state backing to industrialize their hacking and money laundering capabilities, experts warn.

Cyberwarfare / Nation-State Attacks

SolarWinds Ruling: Why CISOs Need to be Aware of Fraud

Founder Sam Altman Back as OpenAI CEO Under Revamped Board

Cryptocurrency Fraud

Binance Exits US in Deal Settling Money Laundering Charges

Latest

Artificial Intelligence & Machine Learning

ISACA Generative AI Survey: Training Gaps, Focus on Security

Anna Delaney • December 1, 2023

According to a recent pulse poll from ISACA on generative AI, only 6% of respondents' organizations are providing training to all staff on AI, and more than half - 54% - say that no AI training is provided at all, even to teams directly affected by AI.

Cybercrime

TrickBot Developer Pleads Guilty in US Court

David Perera • December 1, 2023

A Russian national pleaded guilty in U.S. federal court for his role in developing TrickBot. Operators of the malware targeted hospitals and healthcare centers with ransomware attacks during the height of the novel coronavirus pandemic. Vladimir Dunaev faces up to 35 years in prison.

Artificial Intelligence & Machine Learning

ISMG Editors: What Did the Sam Altman-OpenAI Saga Teach Us?

Anna Delaney • December 1, 2023

In the latest weekly update, four editors at Information Security Media Group discuss Sam Altman and OpenAI's brief leadership nightmare, the state of generative AI one year after the general release of ChatGPT, and how police nabbed a suspected ransomware group ringleader in Ukraine.

Fraud Management & Cybercrime

Cactus Ransomware Using Qlik Bugs, DanaBot in Latest Attacks

Mihir Bagwe • December 1, 2023

Operators of a new ransomware strain dubbed Cactus are using critical vulnerabilities in a data analytics platform to gain access to corporate networks. Cactus ransomware operators are also getting an assist from deploying Danabot malware that is distributed through malvertising.

Standards, Regulations & Compliance

US Bipartisan Lawmakers Urge Crackdown on Chinese LiDAR

Chris Riotta • December 1, 2023

A bipartisan group of lawmakers urged the Biden administration to consider intensifying restrictions on semiconductor sales to Chinese companies in a bid to ensure that U.S. remote-sensing technology doesn't aid Beijing's national security efforts.

General Data Protection Regulation (GDPR)

British Lawmakers Push Ahead With Modifying UK GDPR

Akshaya Asokan • December 1, 2023

British Conservative lawmakers are pushing ahead with legislation modifying the U.K. codification of European privacy law despite objections from privacy advocates and concerns about the legislation's impact on European trade. Government backers say the bill will bolster the domestic AI industry.

Information Sharing

Okta Delays New Products, Projects 90 Days to Boost Security

Michael Novinson • November 30, 2023

Okta has paused product development and internal projects for 90 days to beef up its security architecture and operations for applications, hardware and third-party vendors. Okta will move to strengthen its cyber posture, including a security action plan and engaging with third-party cyber firms.

Governance & Risk Management

NIST Says Federal Agencies Struggling to Achieve Zero Trust

Chris Riotta • November 30, 2023

A National Institute of Standards and Technology official said agencies are facing a variety of challenges in implementing enterprisewide zero trust architectures, from a lack of insight into their network components to difficult decisions around legacy systems and costly procurement initiatives.

Cybercrime

Breach Roundup: Ukraine Hacks Russian Aviation Agency

Anviksha More • November 30, 2023

This week, Ukraine's intelligence service hacked Russian aviation agency, a cyberattack targeted Japan's space agency, Google addressed another zero-day, a French-led operation dismantled a Ukrainian ransomware group, and spyware targeted Serbian civil society.

Blockchain & Cryptocurrency

Cryptohack Roundup: KyberSwap Hacker Demands Control

Mihir Bagwe • November 30, 2023

This week, a KyberSwap hacker demanded total control, the U.S. Treasury called for additional tools to sanction crypto baddies, the Aerodrome and Velodrome DeFi platforms' front ends were hacked, a scam-as-a-service wallet drainer shut down, Indexed Finance thwarted hijacking attempts, and more.

Governance & Risk Management

Good Governance: 'It's All Hygiene'

Steve King • November 30, 2023

In the constant struggle to manage the other five pillars - identify, protect, detect, respond and recover - security leaders often do not have governance at top of mind, said Netography CEO Martin Roesch, but he added, "Good governance is the root of having good security."

Government

Experts Urge Congress to Establish Clear SBOM Guidance

Chris Riotta • November 29, 2023

Procurement experts testified to the House Subcommittee on Cybersecurity, Information Technology, and Government Innovation on Wednesday that government requirements leave too many unanswered questions and ambiguities for federal agencies when it comes to implementing SBOMs.