“The Federal Communications Commission on Friday determined that security products from Kaspersky posed an unacceptable risk to US national security and added the company to a covered list of other firms not eligible for FCC funds. The move adds Kaspersky to the same covered list that Huawei and ZTE landed on in 2021 . Besides its Moscow headquarters, the company’s founder, Eugene Kaspersky, attended a KGB-sponsored technical college and has long been accused of having ties to Russian military and intelligence services.”

“PopID and venue management company ASM Global are kicking off a biometric ticketing and payment system that employs facial verification at the Pechanga Stadium in San Diego, California. The stadium will use PopID’s ‘PopPay,’ a contactless biometric payment option that grants access to payments with a selfie of the user. PopPay works by having a person enroll on their phone and submitting a photo and payment option to open an account.”

“Buried in a new marketing-driven survey about the importance of consumers’ retail digital experience, is a surprising insight into the importance of biometric security. Of 14 nations (plus Puerto Rico) surveyed around the world, consumers in only two, Hong Kong and Brazil, prefer to verify their identity with biometrics when they open an online account according to credit-reporting firm TransUnion.”

“The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer.”

“Nvidia is confirming to The Verge, Bloomberg , Reuters , and others that it’s investigating an “incident” — hours after The Telegraph reported that the graphics chipmaking giant had experienced a devastating cyberattack that “completely compromised” the company’s internal systems over the past two days.”

“The new integration will help businesses protect critical financial information and identities. Online purchases can be made quickly – in two clicks – and securely, as information stored in a customer’s Brex vault will be automatically synced with 1Password, ensuring users always have access to the most up-to-date version of their Brex virtual cards. If a card is compromised, customers can delete their card from both the 1Password or Brex dashboard to ensure no further payments are processed. For customers with heightened security concerns, the new integration enables the creation of a single-use card, ensuring a card can only be used once and eliminating the risk of online card theft.”

“Crypto.com experienced a cyber attack over the weekend but the extent of the damage is unclear. On Sunday, the cryptocurrency exchange platform announced through Twitter and Telegram that a “small number of users” reported unauthorized account activity and that withdrawals were suspended pending an investigation. The company confirmed that all funds were safe but required users to sign back into their accounts and reset their two-factor authentication out of “an abundance of caution.”

“Venafi® , the inventor and leading provider of machine identity management, today announced the findings of a global survey of more than 1,500 IT security decision makers that reveals that almost two-thirds (60%) of security almost two-thirds (60%) believe ransomware threats should be prioritized at the same level as terrorism. These opinions echo the U.S. Department of Justice, which raised the threat level of ransomware following the Colonial Pipeline attack earlier this year. The study also found that less than one-third of respondents have implemented basic security controls that break the ransomware kill chain.”

“A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.”

“Hackers have taken $196 million from crypto trading platform Bitmart, a security firm said Saturday. Bitmart confirmed the hack in an official statement Saturday night, calling it “a large-scale security breach” and writing that hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm Peckshield estimates that the loss is closer to $200 million.”

“The credit card details of millions of people are being sold to criminals on the dark web for an average of less than £8 ($10.60) each. Research by VPN provider NordVPN of over four million credit cards for sale on the dark web found that credit cards from US citizens were the most common, with 1.6 million of the 4.5 million analysed being from the US. About 135,000 of the card details analysed belonged to UK citizens.”

“The owner of Facebook and Instagram is delaying plans to encrypt users’ messages until 2023 amid warnings from child safety campaigners that its proposals would shield abusers from detection. Mark Zuckerberg’s social media empire has been under pressure to abandon its encryption plans, which the UK home secretary, Priti Patel, has described as “simply not acceptable.”“

“The data aggregator Plaid is leading the charge for a new data security standard for fintechs. The San Francisco company, which delivers bank account data to 4,500 fintech clients, has recruited other companies to this effort, including the data aggregators Flinks and MX; the employment verification provider Truework; and the security compliance companies Drata, Laika, Secureframe and Vanta. The new Open Finance Data Security Standard was posted online Tuesday and is open for outside comment ahead of implementation next year. It is meant to hold fintechs that handle consumer data to a higher standard of data protection, the way the PCI Security Standards Council’s Data Security Standard guides those in the payment card industry to protect card data.”

“US banking regulators on Thursday finalised a rule that directs banks to report any major cyber security incidents to the government within 36 hours of discovery. Separately, the banking industry said it had successfully completed a massive cross-industry cyber security drill that aims to ensure Wall Street knows how to respond in the event of a ransomware attack that threatens to disrupt a range of financial services.”

“U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations.”

“A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER , which stands for Registro Nacional de las Personas, translated as National Registry of Persons. The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.”