The U.S. Department of the Treasury on Nov. 30, 2023, sanctioned the Kimsuky North Korean cyberespionage threat actor. (Image: Shutterstock)

US Sanctions North Korean Cyber Unit After Satellite Launch

Chris Riotta • November 30, 2023

The United States on Thursday sanctioned North Korean cyberespionage threat actor Kimsuky, known for its social engineering campaigns against targets it suspects of holding intelligence on geopolitical events and negotiations affecting the Hermit Kingdom.

Artificial Intelligence & Machine Learning

Generative AI Technology Leads AWS Agenda at re:Invent 2023

►

Finance & Banking

How Generative AI Will Reshape the Financial Services Sector

Governance & Risk Management

SolarWinds Ruling: Why CISOs Need to be Aware of Fraud

OpenAI CEO Emmett Shear Tries to Right Ship Amid Mass Exodus

Latest

Information Sharing

Okta Delays New Products, Projects 90 Days to Boost Security

Michael Novinson • November 30, 2023

Okta has paused product development and internal projects for 90 days to beef up its security architecture and operations for applications, hardware and third-party vendors. Okta will move to strengthen its cyber posture, including a security action plan and engaging with third-party cyber firms.

Governance & Risk Management

NIST Says Federal Agencies Struggling to Achieve Zero Trust

Chris Riotta • November 30, 2023

A National Institute of Standards and Technology official said agencies are facing a variety of challenges in implementing enterprisewide zero trust architectures, from a lack of insight into their network components to difficult decisions around legacy systems and costly procurement initiatives.

Cybercrime

Breach Roundup: Ukraine Hacks Russian Aviation Agency

Anviksha More • November 30, 2023

This week, Ukraine's intelligence service hacked Russian aviation agency, a cyberattack targeted Japan's space agency, Google addressed another zero-day, a French-led operation dismantled a Ukrainian ransomware group, and spyware targeted Serbian civil society.

Blockchain & Cryptocurrency

Cryptohack Roundup: KyberSwap Hacker Demands Control

Mihir Bagwe • November 30, 2023

This week, a KyberSwap hacker demanded total control, the U.S. Treasury called for additional tools to sanction crypto baddies, the Aerodrome and Velodrome DeFi platforms' front ends were hacked, a scam-as-a-service wallet drainer shut down, Indexed Finance thwarted hijacking attempts, and more.

Governance & Risk Management

Good Governance: 'It's All Hygiene'

Steve King • November 30, 2023

In the constant struggle to manage the other five pillars - identify, protect, detect, respond and recover - security leaders often do not have governance at top of mind, said Netography CEO Martin Roesch, but he added, "Good governance is the root of having good security."

Government

Experts Urge Congress to Establish Clear SBOM Guidance

Chris Riotta • November 29, 2023

Procurement experts testified to the House Subcommittee on Cybersecurity, Information Technology, and Government Innovation on Wednesday that government requirements leave too many unanswered questions and ambiguities for federal agencies when it comes to implementing SBOMs.

Governance & Risk Management

BlueVoyant Raises $140M, Buys Resilience Firm Conquest Cyber

Michael Novinson • November 29, 2023

BlueVoyant purchased a risk management vendor led by an Army veteran to expand its SaaS footprint with U.S. government and defense industrial organizations. Buying Conquest Cyber will allow BlueVoyant to provide cyber risk maturity and compliance assessments to both federal and commercial customers.

Blockchain & Cryptocurrency

US Sanctions, Seizes Sinbad Cryptomixer

David Perera • November 29, 2023

The U.S. federal government Wednesday added cryptocurrency mixer Sinbad.io to a growing blacklist of virtual asset platforms under sanctions that prevent Americans from doing business with them. The FBI seized the Sinbad website in an international operation.

Cloud Security

Attackers Actively Target Critical ownCloud Vulnerability

Mathew J. Schwartz • November 29, 2023

Security researchers say attackers are actively attempting to exploit a critical vulnerability in unpatched ownCloud implementations, which they can use to steal credentials and other secret information. Last month, ownCloud said it had sent all users a security alert and updates to fix the flaws.

Artificial Intelligence & Machine Learning

ChatGPT Turns One - and the Future of Generative AI

Tom Field • November 29, 2023

Nov. 30 marks the one-year public birthday of ChatGPT. Gartner's Avivah Litan shared insights on the current state and future of generative AI, as well as the potential market after-effects of the pre-Thanksgiving drama involving OpenAI, its board and fired/reinstated CEO Sam Altman.

Breach Notification

Okta Says Hacker Stole Every Customer Support User's Details

Mihir Bagwe , Mathew J. Schwartz • November 29, 2023

Identity and authentication giant Okta said the attacker behind its September data breach stole usernames and contact details for all users of its primary customer support system and warned customers to beware potential follow-on phishing and social engineering attacks.

Cloud Security

Stopping Cloud Workload Attacks

Steve King • November 29, 2023

In this episode of "Cybersecurity Insights," Eyal Fisher discussed Sweet Security's Cloud Runtime Security Suite, which helps CISOS and security teams defend against all stages of a cyberattack by gathering data, generating insights, baselining the normal environment and looking for deviations.