AI Threats to Authentication Lead 2024 Fraud Trends

Suparna Goswami • December 8, 2023

In the future, deepfake technology will have a significant impact on newer forms of authentication such as voice and facial recognition and pose new challenges to defenders, said Ofer Friedman, chief business development officer at AU10TIX, an Israel-headquartered identity verification company.

Standards, Regulations & Compliance

US Sanctions North Korean Cyber Unit After Satellite Launch

Latest

Endpoint Security

BlackBerry Cancels IPO, Separates Cybersec and IoT Units

David Perera • December 11, 2023

BlackBerry reversed plans for an equity carve-out of its internet of things business in a Monday announcement of plans to instead make its cybersecurity and IoT units independently operated entities. The Canadian firm also selected company insider John Giamatteo as its new CEO.

Black Hat

Open-Source Oversight: Security Gaps in IoT and OT Devices

Anna Delaney • December 11, 2023

Previous studies on IoT and OT devices have primarily focused on internal components, neglecting open-source components that are crucial for internet and network connectivity, according to Stanislav Dashevskyi and Francesco La Spina, security researchers at Forescout Technologies.

Fraud Management & Cybercrime

Ransomware Group Offline: Have Police Seized Alphv/BlackCat?

Mathew J. Schwartz • December 11, 2023

Cybercrime underground chatter suggests ransomware group BlackCat - aka Alphv - is being disrupted by law enforcement. Experts warn that disruptions too often remain short-lived, as operators reboot under different names and affiliates go independent or work with a bevy of rival services.

Artificial Intelligence & Machine Learning

Europe Reaches Deal on AI Act, Marking a Regulatory First

David Perera • December 8, 2023

EU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "the importance of its role as global standard setter,” said Thierry Breton.

Information Sharing

ISMG Editors: Call for Cooperation at Black Hat Europe 2023

Anna Delaney • December 8, 2023

In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of ex-Uber CISO Joe Sullivan.

Cybercrime

Ukrainian, Polish Authorities Latest Phishing Wave Targets

Mihir Bagwe • December 8, 2023

A threat actor with a history of sending Trojan-laced phishing emails targeted Ukrainian and Polish authorities with emails with the subject lines "judicial claims" and "debts," Ukrainian cyber defenders said Thursday. CERT-UA tracks the threat actor as UAC-0050.

Next-Generation Technologies & Secure Development

'Krasue' Linux RAT Targets Organizations in Thailand

Prajeet Nair • December 8, 2023

Hackers targeted telecommunications companies in Thailand with a Linux remote access Trojan designed to attack different versions of the open-source kernel, researchers say. Dubbed "Krasue," the malware poses a "severe risk to critical systems and sensitive data," says Group-IB researchers.

Artificial Intelligence & Machine Learning

UK Market Regulator Reviews Microsoft's Interest in OpenAI

David Perera • December 8, 2023

The British antitrust authority is conducting a preliminary review of Microsoft's interest in OpenAI. The agency will examine whether the companies' partnership means Microsoft has material influence or whether it in effect controls more than half of OpenAI voting rights.

Artificial Intelligence & Machine Learning

How a CEO Runs a Company in Wartime

Steve King • December 8, 2023

Yossi Appleboum, CEO of Sepio Systems in Israel, discusses the international support for Israel in the Israel-Hamas war and what his employees are doing to support the war effort, how the war is affecting Sepio Systems' performance and how generative AI can be "not a tool but a member of your team."

Cybercrime

Breach Roundup: Meta Debuts Messenger End-to-End Encryption

Anviksha More • December 7, 2023

This week, Meta debuted end-to-end encryption on Messenger, AeroBlade cyberespionage targeted U.S. aerospace, Trojan-Proxy threatened cracked apps, Tipalti investigated a ransomware attack, a Pennsylvania hospital faced lawsuits, Nissan probed a cyber incident and the U.S. FCC teamed up with states.

Training & Security Leadership

Microsoft CISO, Deputy CISO Reassigned in Management Shakeup

Cal Harrison • December 7, 2023

Microsoft has demoted its CISO after 14 years on the job, reassigned its deputy CISO and named Igor Tsyganskiy - a former CTO at Bridgewater Associates who just joined Microsoft four months ago as chief strategy officer - as its new chief information security officer.

Cyberwarfare / Nation-State Attacks

UK and US Accuse Russian FSB of 'Hack and Leak' Operation

David Perera • December 7, 2023

The U.K. government accused Russia's domestic intelligence agency of running a yearslong campaign to interfere in British politics. U.S. federal prosecutors unsealed a criminal indictment against two FSB agents, accursing them of phishing campaigns against national security government employees.