New report from Elliptic finds a major spike in cross-chain crypto laundering to $7 billion in the past year. North Korea's state-backed Lazarus group is a major driver, responsible for about 13% ($900 million) alone.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
While financial services firms are approaching cloud security similarly to other industries and share the same concerns, they are being held to more stringent compliance regulations for privacy and data protection. They are also at higher risk for threats waged by opportunistic, money-motivated cybercriminals and nation-state hacktivists.
The long-running Qakbot malware botnet was disrupted by international law enforcement action in August, but its operators appear to still have some capability and are continuing to run spam email campaigns that attempt to pass ransomware.
Proposed EU Cyber Resilience Act includes a vulnerability disclosure requirement that would have all manufacturers report to the government within 24 hours of first discovered exploitation. In most cases, this would mean disclosing before the vulnerability has been mitigated.
MGM's ransomware attack in September is expected to have $100 million negative impact for Q3 due to cleanup costs and lost business. The company believes that its cybersecurity insurance will cover nearly all of the ransomware attack's associated costs.
Generative AI has the potential to strengthen cybersecurity defenses and enhance cyber threat intelligence significantly, but each tool’s ability to handle the job depends on vendors’ ability to overcome inherent limitations.
Cybercriminals inserted malicious ads into Microsoft Bing Search AI chatbot to trick unsuspecting users into downloading trojanized software from spoofed domains.
AI can become a transformative force in meeting today’s compliance and security needs for GRC teams, provided organizations create a happy path that ensures data isn’t leaked and empowers developers to use AI safely.
A security vulnerability that was initially documented as a Chrome bug is likely part of the attack chain employed by NSO Group's Pegasus spyware, and has been revised as a critical libwebp flaw in a new CVE ID filed by Google.
State-backed Chinese hackers can modify Cisco routers without being detected and install custom firmware that allows for persistent access, according to a new joint cybersecurity advisory published by CISA and both US and Japanese law enforcement agencies.










