Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Crypto Exchange Phem ...

 Cyber News

A sophisticated threat actor drained more than $85 million in cryptocurrency last week from crypto exchange Phemex, according to multiple sources. While initial loss estimates for the January 23 breach were $29 million, by the end of the weekend those estimates grew to just over $85 million. While a suspected threat   show more ...

actor hasn’t been named in the Phemex hack, there has been speculation that the sophisticated hack could be the work of North Korea-linked hackers, who by one estimate accounted for 61% of the $2.2 billion in crypto funds stolen last year. North Korea-linked threat actors were allegedly behind such massive attacks as the May 2024 $308 million DMM breach, among other crypto heists. Phemex Provides Account of Crypto Hack Phemex published an account of the security incident on January 26, noting that after the hot wallet attack, “”we immediately took emergency measures, temporarily suspended deposits and withdrawals, and formulated a follow-up plan.” Affected devices were identified and isolated, and the exchange reported the incident to third-party security firms and law enforcement. The Singapore-based exchange said it “has sufficient asset reserves, and user funds are always safe.” The company released a Proof of Reserves (POR) “to ensure full transparency of our financial status.” After security updates, “Our new system is now live and routinely monitored by our cybersecurity partner, with significant improvements in security and reliability. All operations have been gradually restored, and we ensure the absolute safety of user assets. ... We will continue to optimize our system to prevent such incidents from happening in the future.” 'Sophistication of Threat Actor' In a January 23 post on X (formerly Twitter), Phemex CEO Federico Variola said the company was restoring its systems slowly because of the “the sophistication of the threat actor.” “[W]e are currently carefully testing our system to reprise withdrawals as soon as possible,” Variola wrote. “Due to the sophistication of the threat actor we cannot rush this stage.” Taylor Monahan of crypto wallet firm MetaMask told The Block that the heist appeared to be carried out by “a group of threat actors who have done this many times before.” “In this case, we see a massive amount of distinct assets drained simultaneously across a multitude of chains,” Monahan was quoted as saying. “The tokens are then immediately swapped for the native asset, starting with the freezable stablecoins and then working down the list by value.” The attack has raised interest in “offchain transaction validation,” an emerging blockchain simulation and validation security solution from Web3 security firm Cyvers, reports Cointelegraph. The technology could prevent 99% of crypto hacks, the company claims – including last year’s $230 million WazirX hack.

image for DeepSeek Claims ‘M ...

 Cyber News

DeepSeek shook up the AI world on Monday with claims of a low-cost alternative to large language models (LLMs) from OpenAI and others – then claimed “large-scale malicious attacks” on its services just hours later. DeepSeek’s announcement sent shares of leading AI chip suppliers NVIDIA (NVDA) and Broadcom   show more ...

(AVGO) plunging 17% on Monday. NVIDIA set a single-day record with a $589 million market capitalization loss, more than double its own previous record set in September. While the DeepSeek claims are unverified, the startup’s AI Assistant quickly rocketed to the top of Apple’s App Store, overtaking rival ChatGPT. DeepSeek Claims Welcomed by Rivals DeepSeek claims its AI models – which include DeepSeek-V3, DeepSeek-R1 and Janus-Pro – can perform on a par with models from AI rivals OpenAI, Stability AI and others at a fraction of the cost and using a fraction of the chips too. The startup submitted a paper to the arXiv pre-print service last week that said the DeepSeek-R1 reasoning model “achieves performance comparable to OpenAI-o1-1217 on reasoning tasks.” The company has open-sourced that model. While those claims remain unproven, one researcher who ran the numbers declared DeepSeek's claims to be "plausible." The researcher, Ben Thompson of Stratechery, wrote: "The key implications of these breakthroughs — and the part you need to understand — only became apparent with V3, which added a new approach to load balancing (further reducing communications overhead) and multi-token prediction in training (further densifying each training step, again reducing overhead): V3 was shockingly cheap to train." Meanwhile, OpenAI and NVIDIA welcomed the new AI market entrant. OpenAI CEO Sam Altman said in a statement on X (formerly Twitter) that “deepseek's r1 is an impressive model, particularly around what they're able to deliver for the price. we will obviously deliver much better models and also it's legit invigorating to have a new competitor!” In a statement to Bloomberg, an Nvidia spokesperson called DeepSeek an “excellent AI advancement” that shows how a company can create new AI models while “leveraging widely-available models and compute that is fully export control compliant.” If true, DeepSeek’s breakthrough claims would be good news for AI users and potentially for the environment too, as the power demands of AI data centers have threatened to derail the climate pledges made by leading tech companies. Lower-cost AI models could also spur wider adoption of AI cybersecurity tools at a time when that capability is greatly needed to defend against growing cyber threats. Unspecified 'Malicious Attacks' Halt DeepSeek Signups Amidst all the excitement, DeepSeek had to halt signups after what it said were unspecified “large-scale malicious attacks.” A message on the company’s sign-up page said: “Due to large-scale malicious attacks on DeepSeek's services, registration may be busy. Please wait and try again. Registered users can log in normally. Thank you for your understanding and support.” [caption id="attachment_100577" align="aligncenter" width="550"] DeepSeek says 'malicious attacks' slow sign-ups[/caption] DeepSeek’s service status page reported on January 28 that “A fix has been implemented” but added that the company is “temporarily limiting registrations to ensure continued service” (image below). [caption id="attachment_100579" align="aligncenter" width="450"] DeepSeek service status warning[/caption] It is not clear what caused the service disruption, perhaps hacktivists or an overwhelming number of suspicious sign-ups. Some IT observers wondered if the incident was caused by the company’s infrastructure simply becoming overwhelmed by the massive spike in interest. The Cyber Express attempted to contact DeepSeek and will update this article with any response. Meanwhile, one AI security researcher has already reported that they were able to jailbreak DeepSeek with surprising ease. It may be some time before all the facts surrounding DeepSeek are known, but one thing is clear: on a late January Monday in 2025, the company shook up the AI market in ways that won't be quickly forgotten.

image for Celebrating Data Pri ...

 Firewall Daily

Data Privacy Day (DPD), observed annually on January 28, is a global initiative dedicated to raising awareness about the critical importance of safeguarding personal information. With cyber threats lurking around every corner of the internet, the day serves as a reminder for individuals and organizations alike to   show more ...

assess their online behavior and take proactive steps to protect their data from misuse.  The roots of Data Privacy Day trace back to 2006, when the Committee of Ministers of the Council of Europe designated January 28 as Data Protection Day. This date commemorates the signing of the Convention for the Protection of Individuals regarding Automatic Processing of Personal Data (Convention 108) in 1981, the first international treaty that laid the foundation for data protection laws across Europe and beyond.   As privacy concerns grew globally, Data Privacy Day became more widely recognized. In 2007, the initiative spread internationally, and by 2009, the U.S. House of Representatives officially recognized National Data Privacy Day, followed by the Senate in 2010 and 2011.  The Importance of Privacy in the Digital Age  In 2025, when everything is connected to a network, our personal data has never been more vulnerable. Countless organizations store and transmit our information through apps, websites, and devices. While this data can be used for legitimate purposes, it is also an attractive target for cybercriminals and corporations alike, making it critical to stay vigilant in our data protection practices.  Data Privacy Day offers an opportunity for individuals to reflect on how their data is being collected, stored, and shared. Actions like adjusting privacy settings, reviewing the terms and conditions of apps and websites, and being mindful of the data shared online are vital steps to mitigate risks like data breaches and unauthorized access. For businesses, it’s a chance to assess their data privacy practices, reinforce transparency, and demonstrate their commitment to protecting customer information.   As Suvabrata Sinha, CISO-in-Residence at Zscaler, aptly puts it, "Data is no longer confined by traditional boundaries; it flows freely across an interconnected digital ecosystem fueled by cloud technologies, artificial intelligence, and IoT. This paradigm shift has fundamentally redefined how we create, share, and protect sensitive information, challenging us to rethink security for a borderless world." In today’s digital landscape, protecting data isn’t just about compliance; it’s about securing trust, driving innovation, and enabling a resilient future.  Convention 108: Pioneering Data Protection Standards  Originally set forth by Convention 108, the global framework for data protection has changed over the years to address new privacy challenges. The updated version, Convention 108+, reflects the complexities brought by technologies like artificial intelligence (AI), big data, and the rapid expansion of the internet.   As privacy risks grow more sophisticated, Convention 108+ provides a balanced approach to ensuring the free flow of information while safeguarding individual privacy across borders. The implementation of the General Data Protection Regulation (GDPR) in 2018 marked another milestone in the global evolution of privacy laws. GDPR has influenced data protection legislation worldwide, pushing businesses to be more transparent and accountable in their handling of personal data.  These developments reinforce the critical role Data Privacy Day plays in fostering a culture of privacy awareness and protection.  Rising Threats and the Role of AI in Data Protection  The growing sophistication of cyber threats is evident in trends such as the surge in ransomware attacks, which reached a record high of 574 incidents in December 2024. Mandy Andress, CISO at Elastic, emphasizes, "Data Privacy Day serves as a critical reminder that privacy and trust are inseparable, underscoring the fundamental link between robust cybersecurity practices and the preservation of data privacy."  In today’s multi-cloud environments, protecting data privacy requires more than just technical solutions; it demands a proactive, comprehensive security strategy. Practices like micro-segmentation, virtual containerization, and adopting a "deny all" policy for inter-system communications are essential for securing data across platforms. These measures reduce exposure to threats and ensure that only essential data flows between systems, enhancing overall security posture.  Moreover, the rapid adoption of AI technologies presents both opportunities and challenges. As Mayank Baid, Regional Vice President at Cloudera, highlights, "AI is a double-edged sword. It poses challenges to data privacy by enabling advanced data collection and analysis, but AI-driven privacy safeguards, such as anonymization and automated compliance, can also play a critical role in protecting sensitive information."  In countries like India, where AI adoption is growing rapidly, it’s crucial for both businesses and regulators to balance innovation with privacy protection. The Digital Personal Data Protection Act, 2023, introduced by the Government of India, emphasizes the importance of data sovereignty, security, and privacy in this new digital era.  Practical Steps for Protecting Personal Data  Here are some practical steps individuals can take to enhance their privacy:  Create Unbreakable Passwords: Secure your accounts with complex, hard-to-guess passwords. Limit What You Share: Be selective about what personal details you share online. Be Smart with Public Wi-Fi: Avoid accessing sensitive info over unsecured networks. Beware of Phishing: Don’t fall for deceptive messages aimed at stealing your data. Update Regularly: Ensure your devices are always secure with the latest software updates.  Conclusion   As we mark Data Privacy Day 2025, it’s crucial to recognize that protecting personal information is a shared responsibility. Both individuals and organizations play a key role in protecting data, and with the growing complexity of privacy challenges driven by AI and cloud technologies, staying vigilant is more important than ever. Reflecting on and strengthening data protection practices today helps ensure a more secure digital future, where trust, innovation, and business continuity are prioritized.   As Suvabrata Sinha wisely notes, "Security is no longer a back-office IT concern; it’s a strategic boardroom priority that underpins reputation, customer trust, and long-term business continuity." Now is the time for action—whether it's reviewing your personal privacy settings or evaluating your organization's security measures—making data privacy a top priority will ensure a safer, more trusted digital world for everyone. 

image for How Machine Learning ...

 Cyber News

The financial sector is transforming significantly in an era of unprecedented digital connectivity. The advent of open banking platforms, characterized by sharing financial information electronically and securely under a standardized protocol, is revolutionizing how we think about banking. However, as open banks   show more ...

proliferate, the potential attack vectors for cybercriminals also increase. This is where machine learning (ML) comes in as a game-changer for API security in these platforms. The Application Programming Interfaces (APIs) at the heart of open banking are a double-edged sword. While they allow seamless integration and data exchange among banks, fintechs, and third-party providers, they expose critical systems to more threats. More than ever, robust security measures are imperative to protect sensitive financial data against unauthorized access and fraudulent activities. How Machine Learning (ML) Provides Adaptive and Proactive Solutions to Secure APIs Unlike traditional security systems, which are typically rule-based and static, ML offers a dynamic and self-improving approach to security. It provides the adaptability necessary to keep pace with the continuously evolving landscape of cyber threats, ensuring a robust security posture for APIs within open banking platforms. This proactive nature of ML should reassure you about the future of open banking security. Key Security Challenges in Open Banking APIs Common Vulnerabilities Like Credential Theft, Endpoint Abuse, and Data Breaches Exploiting vulnerabilities such as credential theft, endpoint abuse, and data breaches is a significant threat to API security. Hackers relentlessly probe APIs for weaknesses, using sophisticated methods to impersonate legitimate users, hijack accounts, or gain unauthorized access. Traditional protections, often incapable of adapting quickly to new threats, might not be enough to safeguard against these sophisticated attacks fully. Why Traditional Security Measures Fall Short in Open Banking Traditional security measures are often ill-equipped to deal with the sheer volume and sophistication of today's attacks. Moreover, they struggle to provide scalable solutions that adapt to a rapidly changing threat landscape. The limitations of these traditional methods underscore the necessity for more advanced security strategies, such as those offered by ML. Machine Learning's Role in Securing APIs Anomaly Detection and Behavioral Analytics: Identifying Unusual Patterns and Suspicious Activities ML excels at detecting patterns in data. Within the context of API security, this means ML algorithms can identify potentially malicious behaviour by analyzing deviations from standard transaction patterns. This real-time anomaly detection allows immediate responses to threats before they can cause harm. Anomaly detection is the process of identifying unusual patterns or behaviours that deviate from the norm, which could indicate a potential security threat. Threat Intelligence: Using ML to Predict and Mitigate Emerging Cyber Threats ML-driven security systems are uniquely suited to augment threat intelligence capabilities. They can learn from historical data and predict future attacks, staying one step ahead of cybercriminals. This role of ML should make you feel prepared and confident about the security of open banking platforms. Fraud Prevention: Securing Transactions and Preventing Account Takeovers with ML-powered Tools Preventing fraud is central to fostering trust in open banking platforms. ML contributes by implementing sophisticated algorithms to detect fraudulent transactions and avoid account takeovers, effectively reducing the incidence of financial fraud and mitigating the risks posed by cyber-attacks. This emphasis on fraud prevention should make you feel secure and protected in the open banking environment. Benefits and Challenges of Using ML for API Security Advantages: Real-time Detection, Dynamic Adaptation, and Enhanced Compliance ML offers significant advantages in real-time detection capabilities, dynamic adaptation to new threats, and helping maintain regulatory compliance. Financial institutions that harness these benefits can better secure their APIs and keep pace with the evolving regulatory landscape of the financial sector. Implementation Challenges: Data Privacy, Evolving Threats, and Continuous Model Optimization While ML can significantly bolster API security, implementing these systems poses challenges. Data privacy concerns, the need to stay ahead of evolving threats, and the requirement for ongoing optimization of ML models represent some of the hurdles that need to be addressed to reap the full benefits of ML in securing open banking APIs. Continuous model optimization refers to the process of regularly updating and improving the ML algorithms to ensure they remain effective against new and evolving threats. Conclusion As a transformative force, ML is set to redefine the security landscape of open banking platforms. By offering advanced capabilities such as real-time anomaly detection, threat intelligence, and fraud prevention, ML empowers financial institutions to defend their APIs against the sophisticated threats they face today. However, integrating machine learning finance use cases into open banking platforms is not without its challenges. As banks and other financial institutions navigate these waters, the focus remains clear: adopting ML-driven security solutions is not just a technical decision but a strategic move towards safeguarding sensitive data and building customer trust. The future of finance depends on secure and seamless digital experiences. ML is at the forefront of making this future a reality. Financial institutions must, therefore, harness the power of ML to enhance API security and ensure the prosperity of open banking.

image for How to migrate to SA ...

 Business

The traditional network security model — with a secure perimeter and encrypted channels for external access to that perimeter — is coming apart at the seams. Cloud services and remote working have challenged the very notion of perimeter, while the primary method of accessing the perimeter — VPN — has in   show more ...

recent years become a prime attack vector for intruders. Many high-profile hacks began by exploiting vulnerabilities in VPN solutions: CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893 in Ivanti Connect Secure, and CVE-2023-4966 in Citrix solutions. By compromising a VPN server, which needs to be accessible online, intruders gain privileged access to an enterprises internal network and plenty of scope for covert attack development. Server and enterprise applications are often configured to trust — and be accessible to — all intranet-based hosts, making it easier to find and exploit new vulnerabilities, and extract, encrypt, or destroy important data. Often, VPN access is granted to company contractors too. If a contractor violates the information security requirements while being granted standard VPN access with extensive privileges in the corporate network, attackers can penetrate the network by compromising the contractor, and gain access to information through the latters accounts and privileges. And their activities can go unnoticed for a long time. A radical solution to these network security issues requires a new approach in terms of network organization — one whereby each network connection is analyzed in detail, and participants credentials and access rights are checked. Any of them lacking explicit permission to work with a particular resource are denied access. This approach applies to both internal network services as well as public and cloud-based ones. Last year, cybersecurity agencies in the United States, Canada and New Zealand released joint guidance on how to migrate to this security model. It consists of the following tools and approaches. Zero trust The zero trust model seeks to prevent unauthorized access to data and services through granular access control. Each request for access to a resource or microservice is analyzed separately, and the decision is based on a role-based access model and the principle of least privilege. During operation, every user, device, and application must undergo regular authentication and authorization — processes which are, of course, made invisible to the user by technical means. See our dedicated post for more about zero trust and its implementation. Secure service edge Secure service edge (SSE) is a set of tools for securing applications and data regardless of users and their devices location. SSE helps implement zero trust, adapt to the realities of hybrid cloud infrastructure, protect SaaS applications, and simplify user verification. SSE components include zero trust network access (ZTNA), cloud secure web gateway (CSWG), cloud access security broker (CASB) and firewall-as-a-service (FWaaS). Zero trust network access ZTNA provides secure remote access to a companys data and services based on strictly defined access policies in line with zero trust principles. Even if intruders compromise an employees device, their ability to develop an attack is limited. For ZTNA, an agent application is deployed that checks the identity of the user or service, and access rights, then matches them with the policies and user-requested actions. Other factors that can be monitored are the security level of the client device (software versions, security solution database updates), the clients location, and the like. The agent can also be used in multifactor authentication. Periodic reauthentication occurs during user sessions. If the user requires access to new resources and applications, the authentication and authorization process is repeated in full. However, depending on the solution settings, this may be transparent to the user. Cloud secure web gateway CSWG protects both users and devices from online threats and helps enforce network policies. Features include filtering web connections by URL and content, controlling access to web services, and analyzing encrypted TLS/SSL connections. Its also involved in user authentication and provides analytics on web application usage. Cloud access security broker CASB helps enforce access policies for cloud SaaS applications — bridging them to their users, as well as manage data transferred between different cloud services. This makes it possible to detect threats targeting cloud services and unauthorized attempts to access cloud data, as well as to bring control of various SaaS applications under a single security policy. Firewall-as-a-service Cloud-based FWaaS performs the functions of a traditional firewall — except that traffic analysis and filtering take place in the cloud instead of on a separate device in the companys office. Besides the convenience of scalability, FWaaS makes it easier to protect a distributed infrastructure consisting of cloud and on-premises data centers, offices, and branches. Secure access service edge Combining software-defined networks (SD-WAN) with full SSE functionality, SASE delivers the most effective integration of network control and security management. There are several advantages for companies in terms of not only security, but also cost efficiency: Reducing the cost of setting up a distributed network and combining different communication channels to increase speed and reliability Taking advantage of centralized network management, high visibility, and extensive analysis capabilities Lower administration costs due to automatic configuration and failure response All SSE functions (SWG, CASB, ZTNA, NGFW) can be integrated into the solution, giving defenders full visibility of all servers, services, users, ports, and protocols — plus automatic application of security policies when deploying new services or network segments Simplifying administration and policy enforcement with a centralized management interface The SASE architecture allows all traffic to be routed dynamically and automatically, taking into account speed, reliability and security requirements. With information security requirements integrated deep into the network architecture, there is granular control over all network events — traffic is classified and inspected at multiple levels, including the application level. This delivers automatic access control as prescribed by zero trust, with granularity extending to a single application function and user rights in the current context. The use of a single platform dramatically boosts monitoring performance and speeds up and improves incident response. SASE also simplifies updates and general management of network devices, which is another security benefit. Migration technicalities Deploying the above solutions would help your company replace the traditional perimeter behind firewall plus VPN approach with a more secure, scalable, and cost-effective model, which factors in cloud solutions and employee mobility. At the same time, cybersecurity agencies that recommend this set of solutions warn that each case requires an in-depth analysis of a companys requirements and current state of affairs, plus a risk analysis and step-by-step migration plan. When switching from VPN to SSE/SASE-based solutions, you must: Strictly limit access to the network control plane Separate and isolate the interface for managing the solution and the network Update the VPN solution and analyze its telemetry in detail to rule out the possibility of compromise Test the user authentication process and explore ways to simplify it, such as authentication in advance Use multifactor authentication Implement version control of the management configuration, and keep track of changes

image for A Tumultuous Week fo ...

 A Little Sunshine

Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board,   show more ...

called for the creation of a strategic cryptocurrency reserve, and voided a Biden administration action that sought to reduce the risks that artificial intelligence poses to consumers, workers and national security. On his first full day back in the White House, Trump dismissed all 15 advisory committee members of the Cyber Safety Review Board (CSRB), a nonpartisan government entity established in February 2022 with a mandate to investigate the causes of major cybersecurity events. The CSRB has so far produced three detailed reports, including an analysis of the Log4Shell vulnerability crisis, attacks from the cybercrime group LAPSUS$, and the 2023 Microsoft Exchange Online breach. The CSRB was in the midst of an inquiry into cyber intrusions uncovered recently across a broad spectrum of U.S. telecommunications providers at the hands of Chinese state-sponsored hackers. One of the CSRB’s most recognizable names is Chris Krebs (no relation), the former director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs was fired by President Trump in November 2020 for declaring the presidential contest was the most secure in American history, and for refuting Trump’s false claims of election fraud. South Dakota Governor Kristi Noem, confirmed by the U.S. Senate last week as the new director of the DHS, criticized CISA at her confirmation hearing, TheRecord reports. Noem told lawmakers CISA needs to be “much more effective, smaller, more nimble, to really fulfill their mission,” which she said should be focused on hardening federal IT systems and hunting for digital intruders. Noem said the agency’s work on fighting misinformation shows it has “gotten far off mission” and involved “using their resources in ways that was never intended.” “The misinformation and disinformation that they have stuck their toe into and meddled with, should be refocused back onto what their job is,” she said. Moses Frost, a cybersecurity instructor with the SANS Institute, compared the sacking of the CSRB members to firing all of the experts at the National Transportation Safety Board (NTSB) while they’re in the middle of an investigation into a string of airline disasters. “I don’t recall seeing an ‘NTSB Board’ being fired during the middle of a plane crash investigation,” Frost said in a recent SANS newsletter. “I can say that the attackers in the phone companies will not stop because the review board has gone away. We do need to figure out how these attacks occurred, and CISA did appear to be doing some good for the vast majority of the federal systems.” Speaking of transportation, The Record notes that Transportation Security Administration chief David Pekoske was fired despite overseeing critical cybersecurity improvements across pipeline, rail and aviation sectors. Pekoske was appointed by Trump in 2017 and had his 5-year tenure renewed in 2022 by former President Joe Biden. AI & CRYPTOCURRENCY Shortly after being sworn in for a second time, Trump voided a Biden executive order that focused on supporting research and development in artificial intelligence. The previous administration’s order on AI was crafted with an eye toward managing the safety and security risks introduced by the technology. But a statement released by the White House said Biden’s approach to AI had hindered development, and that the United States would support AI systems that are “free from ideological bias or engineered social agendas,” to maintain leadership. The Trump administration issued its own executive order on AI, which calls for an “AI Action Plan” to be led by the assistant to the president for science and technology, the White House “AI & crypto czar,” and the national security advisor. It also directs the White House to revise and reissue policies to federal agencies on the government’s acquisition and governance of AI “to ensure that harmful barriers to America’s AI leadership are eliminated.” Trump’s AI & crypto czar is David Sacks, an entrepreneur and Silicon Valley venture capitalist who argues that the Biden administration’s approach to AI and cryptocurrency has driven innovation overseas. Sacks recently asserted that non-fungible cryptocurrency tokens and memecoins are neither securities nor commodities, but rather should be treated as “collectibles” like baseball cards and stamps. There is already a legal definition of collectibles under the U.S. tax code that applies to things like art or antiques, which can be be subject to high capital gains taxes. But Joe Hall, a capital markets attorney and partner at Davis Polk, told Fortune there are no market regulations that apply to collectibles under U.S. securities law. Hall said Sacks’ comments “suggest a viewpoint that it would not be appropriate to regulate these things the way we regulate securities.” The new administration’s position makes sense considering that the Trump family is deeply and personally invested in a number of recent memecoin ventures that have attracted billions from investors. President Trump and First Lady Melania Trump each launched their own vanity memecoins this month, dubbed $TRUMP and $MELANIA. The Wall Street Journal reported Thursday the market capitalization of $TRUMP stood at about $7 billion, down from a peak of near $15 billion, while $MELANIA is hovering somewhere in the $460 million mark. Just two months before the 2024 election, Trump’s three sons debuted a cryptocurrency token called World Liberty Financial. Despite maintaining a considerable personal stake in how cryptocurrency is regulated, Trump issued an executive order on January 23 calling for a working group to be chaired by Sacks that would develop “a federal regulatory framework governing digital assets, including stablecoins,” and evaluate the creation of a “strategic national digital assets stockpile.” Translation: Using taxpayer dollars to prop up the speculative, volatile, and highly risky cryptocurrency industry, which has been marked by endless scams, rug-pulls, 8-figure cyber heists, rampant fraud, and unrestrained innovations in money laundering. WEAPONIZATION & DISINFORMATION Prior to the election, President Trump frequently vowed to use a second term to exact retribution against his perceived enemies. Part of that promise materialized in an executive order Trump issued last week titled “Ending the Weaponization of the Federal Government,” which decried “an unprecedented, third-world weaponization of prosecutorial power to upend the democratic process,” in the prosecution of more than 1,500 people who invaded the U.S. Capitol on Jan. 6, 2021. On Jan. 21, Trump commuted the sentences of several leaders of the Proud Boys and Oath Keepers who were convicted of seditious conspiracy. He also issued “a full, complete and unconditional pardon to all other individuals convicted of offenses related to events that occurred at or near the United States Capitol on January 6, 2021,” which include those who assaulted law enforcement officers. The New York Times reports “the language of the document suggests — but does not explicitly state — that the Trump administration review will examine the actions of local district attorneys or state officials, such as the district attorneys in Manhattan or Fulton County, Ga., or the New York attorney general, all of whom filed cases against President Trump.” Another Trump order called “Restoring Freedom of Speech and Ending Federal Censorship” asserts: “Over the last 4 years, the previous administration trampled free speech rights by censoring Americans’ speech on online platforms, often by exerting substantial coercive pressure on third parties, such as social media companies, to moderate, deplatform, or otherwise suppress speech that the Federal Government did not approve,” the Trump administration alleged. “Under the guise of combatting ‘misinformation,’ ‘disinformation,’ and ‘malinformation,’ the Federal Government infringed on the constitutionally protected speech rights of American citizens across the United States in a manner that advanced the Government’s preferred narrative about significant matters of public debate.” Both of these executive orders have potential implications for security, privacy and civil liberties activists who have sought to track conspiracy theories and raise awareness about disinformation efforts on social media coming from U.S. adversaries. In the wake of the 2020 election, Republicans created the House Judiciary Committee’s Select Subcommittee on the Weaponization of the Federal Government. Led by GOP Rep. Jim Jordan of Ohio, the committee’s stated purpose was to investigate alleged collusion between the Biden administration and tech companies to unconstitutionally shut down political speech. The GOP committee focused much of its ire at members of the short-lived Disinformation Governance Board, an advisory board to DHS created in 2022 (the “combating misinformation, disinformation, and malinformation” quote from Trump’s executive order is a reference to the board’s stated mission). Conservative groups seized on social media posts made by the director of the board, who resigned after facing death threats. The board was dissolved by DHS soon after. In his first administration, President Trump created a special prosecutor to probe the origins of the FBI’s investigation into possible collusion between the Trump campaign and Russian operatives seeking to influence the 2016 election. Part of that inquiry examined evidence gathered by some of the world’s most renowned cybersecurity experts who identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia’s largest financial institutions. Trump’s Special Prosecutor John Durham later subpoenaed and/or deposed dozens of security experts who’d collected, viewed or merely commented on the data. Similar harassment and deposition demands would come from lawyers for Alfa Bank. Durham ultimately indicted Michael Sussman, the former federal cybercrime prosecutor who reported the oddity to the FBI. Sussman was acquitted in May 2022. Last week, Trump appointed Durham to lead the U.S. attorney’s office in Brooklyn, NY. Quinta Jurecic at Lawfare notes that while the executive actions are ominous, they are also vague, and could conceivably generate either a campaign of retaliation, or nothing at all. “The two orders establish that there will be investigations but leave open the questions of what kind of investigations, what will be investigated, how long this will take, and what the consequences might be,” Jurecic wrote. “It is difficult to draw firm conclusions as to what to expect. Whether this ambiguity is intentional or the result of sloppiness or disagreement within Trump’s team, it has at least one immediate advantage as far as the president is concerned: generating fear among the broad universe of potential subjects of those investigations.” On Friday, Trump moved to fire at least 17 inspectors general, the government watchdogs who conduct audits and investigations of executive branch actions, and who often uncover instances of government waste, fraud and abuse. Lawfare’s Jack Goldsmith argues that the removals are probably legal even though Trump defied a 2022 law that required congressional notice of the terminations, which Trump did not give. “Trump probably acted lawfully, I think, because the notice requirement is probably unconstitutional,” Goldsmith wrote. “The real bite in the 2022 law, however, comes in the limitations it places on Trump’s power to replace the terminated IGs—limitations that I believe are constitutional. This aspect of the law will make it hard, but not impossible, for Trump to put loyalists atop the dozens of vacant IG offices around the executive branch. The ultimate fate of IG independence during Trump 2.0, however, depends less on legal protections than on whether Congress, which traditionally protects IGs, stands up for them now. Don’t hold your breath.” Among the many Biden administration executive orders revoked by President Trump last week was an action from December 2021 establishing the United States Council on Transnational Organized Crime, which is charged with advising the White House on a range of criminal activities, including drug and weapons trafficking, migrant smuggling, human trafficking, cybercrime, intellectual property theft, money laundering, wildlife and timber trafficking, illegal fishing, and illegal mining. So far, the White House doesn’t appear to have revoked an executive order that former President Biden issued less than a week before President Trump took office. On Jan. 16, 2025, Biden released a directive that focused on improving the security of federal agencies and contractors, and giving the government more power to sanction the hackers who target critical infrastructure.

 Feed

DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in

 Feed

Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. "Apple is

 Feed

The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said. Per the council decision, all the

 Feed

Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – including

 Feed

Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses. Security

 Feed

Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia

 Feed

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them

 Feed

A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter. TorNet is so

 AI

In episode 35 of The AI Fix, our hosts learn who the 175th best programmer in the world is, the AI supervillains put on suits for President Trump, a "not imaginary" AI turns out to be imaginary, OpenAI releases Operator and teases o3-mini, and Anthropic predicts that superintelligence is only three years away.   show more ...

Graham considers giving his money, pets, and vital organs to a YouTuber with an AI, and Mark looks into Project Stargate and the geo-politics of AI. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 0CISO2CISO

Source: www.techrepublic.com – Author: Luis Millares 1Password fast facts Our rating: 4.3 stars out of 5 Pricing: Starts at $2.99 per month Key features Unique travel mode feature. Integrations with Fastmail and Privacy. Easy-to-use and modern UI. 1Password has earned a reputation for being one of the best   show more ...

password managers around. It has an easy-to-use […] La entrada 1Password Review: Features, Pricing & Security – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Owlie Productions via Shutterstock A recently debuted AI chatbot dubbed GhostGPT has given aspiring and active cybercriminals a handy new tool for developing malware, carrying out business email compromise scams, and executing other   show more ...

illegal activities. Like previous, similar chatbots like WormGPT, GhostGPT is an uncensored AI […] La entrada For $50, Cyberattackers Can Use GhostGPT to Write Malicious Code – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Source: Shahid Jamil via Alamy Stock Photo NEWS BRIEF In its latest security update for users, Apple has released a patch for a zero-day vulnerability tracked as CVE-2025-24085 (no CVSS score assigned yet). The vulnerability,   show more ...

not yet added to the National Vulnerability Database (NVD), can be […] La entrada Apple Patches Actively Exploited Zero-Day Vulnerability – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE BIRMINGHAM, Mich., Jan. 15, 2025 /PRNewswire/ — IT-Harvest, the premier data-driven industry analyst firm, is excited to announce the launch of HarvestIQ.ai, a groundbreaking platform featuring two cutting-edge AI assistants designed to redefine how   show more ...

professionals navigate the complex cybersecurity landscape. The Analyst AI provides unparalleled access to IT-Harvest’s comprehensive database of 4,070 cybersecurity vendors, offering […] La entrada IT-Harvest Launches HarvestIQ.ai – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE SEATTLE, Jan. 15, 2025 /PRNewswire/ — Spectral Capital Corporation (OTCQB: FCCN), a pioneer in providing its deep quantum technology platform, is pleased to announce the filing of a critical patent in quantum cybersecurity. “Over the past three   show more ...

decades, I have been deeply involved in the cybersecurity industry, including founding a leading-edge company […] La entrada Spectral Capital Files Quantum Cybersecurity Patent – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Change

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Pavel Kapish via Alamy Stock Photo New evidence suggests that more than half of the US population was touched by the ransomware attack(s) against UnitedHealth subsidiary Change Healthcare. One of the largest data breaches ever   show more ...

recorded struck Change Healthcare last year. Change’s technology services reach hundreds […] La entrada Change Healthcare Breach Impact Doubles to 190M People – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Francis Vachon via Alamy Stock Photo Attackers impersonating the US Postal Service (USPS) are striking again, this time in a widescale mobile phishing campaign that taps people’s trust in PDF files. This time it uses a   show more ...

novel evasion tactic to steal credentials and compromise sensitive data […] La entrada USPS Impersonators Tap Trust in PDFs in Smishing Attack Wave – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 crisis

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Source: Irina Guzovataya via Alamy Stock Photo NEWS BRIEF In 2025, chief information security officers (CISOs) will be directing their attention to becoming more cyber prepared in the event of an attack, by enhancing their   show more ...

crisis simulation capabilities. That’s according to a study conducted by […] La entrada Crisis Simulations: A Top 2025 Concern for CISOs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Tom Ferrucci Tom Ferrucci, Chief Information Officer, Natco Home Group January 27, 2025 4 Min Read Source: MR3D via Alamy Stock Photo COMMENTARY Cyber threats have never held greater risk to digital business operations than they do today. At Natco Home Group, we received a   show more ...

wake-up call when outdated backup systems […] La entrada The Case for Proactive, Scalable Data Protection – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons US Secretary of State Marco Rubio has frozen nearly all foreign aid cash for a full-on government review, including funds to defend America’s allies from cyberattacks as well as steer international computer security policies. The pause applies to   show more ...

“all US foreign assistance funded by or through the State Department […] La entrada US freezes foreign aid, halting cybersecurity defense and policy funds for allies – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: The use-after-free flaw allows privilege escalation in affected media applications running on Apple’s Core Media framework. Apple iPhone users were targeted for privilege escalation in the zero-day exploitation of a use-after-free vulnerability affecting Apple’s Core   show more ...

Media framework. “A malicious application may be able to elevate privileges,” Apple said in the security […] La entrada iPhone users targeted in Apple’s first zero-day exploit in 2025 – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Some remain unconvinced that a cyberattack is to blame, noting that DeepSeek’s claims of low cost and efficiency remain unverified. Chinese AI startup DeepSeek said it was hit by a cyberattack, prompting the company to restrict user registrations and manage website outages   show more ...

as demand for its AI assistant soared. According to […] La entrada DeepSeek hit by cyberattack and outage amid breakthrough success – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: News Analysis 28 Jan 20258 mins HIPAAHealthcare IndustryRegulation Security experts welcome proposed changes to the regulation’s security rules while warning about political uncertainty, feasibility, and the potential cost to healthcare orgs. The major update to the HIPAA   show more ...

security regulations also requires healthcare organizations to strengthen security incident response plans and procedures, […] La entrada US takes aim at healthcare cybersecurity with proposed HIPAA changes – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSO and CISO

Source: www.csoonline.com – Author: Opinion 28 Jan 20254 mins CSO and CISOHuman ResourcesIT Skills New research indicates an acute need for security professionals proficient with emerging and advanced technologies The cybersecurity skills shortage remains a controversial topic. Research from ISC2 states that   show more ...

the current global workforce of cybersecurity professionals stands at 5.5 million, but the […] La entrada The cybersecurity skills gap reality: We need to face the challenge of emerging tech – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: News 27 Jan 20255 mins Hacker GroupsHackingRansomware The rise of Funksec’s ransomware, which focuses on extortion through file encryption and data theft, shows how LLMs are empowering ransomware groups. Threat reports for December showed a newcomer to the   show more ...

ransomware-as-a-service (RaaS) landscape quickly climbing the ranks. Called Funksec, this group appears to […] La entrada New ransomware group Funksec is quickly gaining traction – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: cybernewswire Cary, NC, Jan. 26, 2025, CyberNewswire — INE Security, a leading global provider of cybersecurity training and certifications, today announced a new initiative designed to accelerate compliance with the Department of Defense’s (DoD) newly streamlined   show more ...

Cybersecurity Maturity Model Certification (CMMC) 2.0. This initiative aims to assist Defense Industry Base (DIB) contractors […] La entrada News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 British

Source: www.infosecurity-magazine.com – Author: Three men have been sentenced in a London court, after pleading guilty to operating a sophisticated scheme that helped fraudsters login to victims’ bank and telecoms accounts. Callum Picari, 23, from Hornchurch, Vijayasidhurshan Vijayanathan, 21, from Aylesbury,   show more ...

and Aza Siddeeque, 19, from Milton Keynes, had pleaded guilty last year to “conspiracy […] La entrada British Vishing-as-a-Service Trio Sentenced – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A new report has revealed a surge in the use of so-called “hidden text salting” techniques to evade email security measures in the latter half of 2024.  This method, also known as “poisoning,” allows cybercriminals to bypass spam filters, confuse email   show more ...

parsers and evade detection engines by embedding invisible elements in […] La entrada Hidden Text Salting Disrupts Brand Name Detection Systems – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 backdoors

Source: www.schneier.com – Author: Bruce Schneier A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders.   show more ...

One countermeasure is to equip the […] La entrada New VPN Backdoor – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-01
Aggregator history
Tuesday, January 28
WED
THU
FRI
SAT
SUN
MON
TUE
JanuaryFebruaryMarch