This week is the hangover from DefCon as vendors and delegates head home and reflect on new product launches, some very interesting presentations and the behaviour of hotels and the organising committee, especially the refusal to pay out bug bounties at the show.
In other news, CloudBees has announced the acquisition of Launchable to boost GenAI and DevSecOps. The deal also sees Kohsuke Kawaguchi, founder of the Jenkins project, and Harpreet Singh return to CloudBees. Neither side has disclosed the amount paid.
National Crime Agency
The National Crime Agency (NCA) coordinated an international operation to arrest one of the world’s most prolific Russian-speaking cybercrime actors, Maksym Silnikov. The 38-year-old was arrested at an apartment in Estepona, Spain. Silnikau, from Belarus, is believed to have used the J.P. Morgan moniker, as well as other notorious monikers within the cybercrime community, including ‘xxx’ and ‘lansky’.
Although arrested in Spain, Silnikau was first taken to Poland, where he was then extradited to the USA on charges including ransomware, extortion and other crimes.
NOYB
A busy week for noyb with three pieces of news.
noyb is taking action against the Swedish Data Protection Authority (IMY). It is accused of refusing to properly handle complaints from data subjects by just forwarding the complaint to the offending company. It has also lost a ruling by the Supreme Administrative Court of Sweden against this practice. As it continues to ignore that ruling, noyb is now taking further action against the IMY to force it to comply with its obligations under EU law.
noyb has filed nine more complaints against Twitter‘s plans to use data from 60 million people to train its Grok AI. The countries where the complaints have been filed are Austria, Belgium, France, Greece, Ireland, Italy, Netherlands, Spain and Poland. It has taken this action because rather than ordering Twitter to stop the Irish DPA, it has decided that mitigation is the only route. noyb hopes that action from other DPA will change this.
Supermarket loyalty schemes are notorious for scooping up data on their customers. In Greece, supermarket chain Alfa Vita (AB) refuses to answer subject access requests (SARs) properly. noyb has now filed a complaint with the Greek authority (DPA). It wants the DPA to investigate AB’s data collection and make it respond to SARs properly. It has also asked for a fine of up to 4% of AB’s annual turnover to prevent repeat offences.
US Department of Justice
Maksim Silnikau, also known as Maksym Silnikov, 38, a Belarussian and Ukrainian dual-national, has been extradicted from Poland to face charges over several cybercrime schemes. The District of New Jersey and Eastern District of Virginia have both indicted Silnikau with leading international computer hacking and wire fraud schemes made his initial appearance in Newark, New Jersey, today after being extradited from Poland.
Two other alleged co-conspirators, Volodymyr Kadariya, a Belarussian and Ukrainian national, 38, and Andrei Tarasov, a Russian national, 33, are also charged with cybercrime offences. They are accused of transmitting the Angler Exploit Kit, other malware, and online scams to the computers of millions of unsuspecting victim internet users through malvertising and other means from October 2013 through March 2022.
Deputy Attorney General Lisa Monaco. “As alleged, for over a decade, the defendant used a host of online disguises and a network of fraudulent ad campaigns to spread ransomware and scam U.S. businesses and consumers. Now, thanks to the hard work of federal agents and prosecutors, along with Polish law enforcement colleagues, Maksim Silnikau must answer these grave charges in an American courtroom.”
Xalient
Xalient published a blog called “The Evolution of Privileged Access Management (PAM).” Written by David Morimanno, Director of Identity and access Management Technologies at Xalient, it examines the challenges organisations face when deploying PAM, ranging from user resistance to onboarding and ongoing management.
Mormanno says that organisations need to set out a strategic approach to the deployment of PAM and suggests three steps:
- Defining Your Use Cases: Understand your organization’s specific requirements and challenges.
- Planning: Develop a comprehensive plan that outlines the journey from account discovery to full PAM deployment.
- Execution: Work with an experienced services provider to guide and manage the implementation process, ensuring that the identity fabric matures effectively.
