Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.
Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.
Here are the main industry highlights of this week.
🪄Innovation and New Technology Developments
Maryland Launches Mobile ID App for Secure Age Verification and Digital ID Adoption
Maryland has launched the Mobile ID Check by MD app, allowing businesses to verify mobile driver’s licenses (mDLs) and digital IDs for age verification without extra hardware. Compliant with ISO/IEC standards, the app promotes secure data sharing and supports Maryland’s mDL initiatives that started in 2018. Businesses, including those at BWI Airport, are using the app for alcohol age checks. Collaborations with organizations like the TSA and DHS position Maryland as a leader in mDL standards and infrastructure, including the Digital Trust Service for efficient authentication. (Source)
China Launches Biometric Fast Lanes for Seamless Travel in Greater Bay Area
China is testing document-free fast lanes at Shenzhen Bay Port and Gongbei Port for travelers between Mainland China, Hong Kong, and Macao, using facial and fingerprint biometrics for verification. Eligible users include Mainland Chinese residents aged 14 and older with valid multi-entry visas and residents of Hong Kong and Macao with Mainland travel permits. While the system aims to streamline border crossings, travelers must still carry physical documents. This initiative supports the Greater Bay Area strategy to enhance regional connectivity and follows similar biometric advancements in Myanmar, Malaysia, and Indonesia. (Source)
New Zealand Launches Digital Identity Framework for Secure, User-Controlled Data Sharing
The New Zealand government has finalized its Digital Identity Services Trust Framework, promoting secure and privacy-focused digital identity services. It emphasizes user control over personal information, requiring consent for data sharing and ensuring data encryption in accredited digital wallets. The framework offers secure digital options like a digital driving license and bank ID, allowing citizens to choose what information to share. While accreditation for providers is voluntary, the framework aims to enhance confidence in safe and user-friendly digital identity systems. (Source)
Moldova to Launch EU-Compliant Biometric ID Card for Seamless Digital and Cross-Border Services
Moldova has approved a biometric ID card set to launch on March 31, 2025, pending parliamentary approval. It aligns with EU standards and will facilitate access to public services and digital authentication without in-person visits. The card includes a chip with facial and fingerprint data but does not include domicile details. Moldovans abroad will also have remote access to digital services. Citizens aged 14 and above must carry the new ID, supporting Moldova’s integration into the EU’s Digital Identity Wallet framework. (Source)
💰 Investments and Partnerships
Silverfort Acquires Rezonate to Launch Unified Identity Security Platform
Silverfort has acquired Rezonate (acquired by Silverfort) to create a unified identity security platform that integrates Rezonate’s cloud capabilities with Silverfort’s solutions for protecting both human and non-human identities across on-premises and cloud environments. This platform aims to eliminate identity security silos, providing comprehensive visibility and real-time controls, while addressing identity security aspects like ITDR, ISPM, and entitlement management. Fueled by a $116M Series D funding and rapid customer acquisition, Silverfort aims to enhance operational efficiency and strengthen security, protecting all identities and assets, including legacy systems, from a single platform. (Source)
Hopae Secures $6.5M to Expand Blockchain-Based Digital Identity Solutions in U.S. and Europe
Hopae, a digital identity company, has secured $6.5 million to expand into the U.S. and Europe, focusing on compliance with international regulations like the EU’s eIDAS 2.0. Utilizing its patented Digital Credential eXpress (DCX) architecture, the company leverages blockchain for secure and scalable digital identity solutions. Founded by developers of Korea’s national DID system, Pae aims to enhance government and private sector verification by streamlining digital credential issuance, verification, and revocation. (Source)
Cyera Raises $300M Series D, Valued at $3B, to Advance AI-Driven Data Security Platform
Cyera, a data security platform provider, has raised $300 million in Series D funding, increasing its valuation to $3 billion and total funding to $760 million since its 2021 founding. Led by Accel and Sapphire Ventures, the funding will support growth, including the recent $162 million acquisition of Trail Security to enhance its Data Security Posture Management capabilities. (Source)
Nuvei Goes Private in $3 Billion Acquisition Led by Advent International to Drive Global Growth
Nuvei has been acquired by Neon Maple Purchaser Inc., formed by Advent International, for $34.00 per share. This acquisition makes Nuvei a private company, with ownership stakes of approximately 46% by Advent, 24% by Philip Fayer, 18% by Novacap, and 12% by CDPQ. Philip Fayer, Nuvei’s Founder and CEO, remains a major shareholder after rolling over 95% of his shares. Following the acquisition, Nuvei’s shares will be delisted from the Toronto Stock Exchange and Nasdaq, and the company will deregister its shares under U.S. and Canadian securities laws, focusing on global growth through investments and acquisitions. (Source)
Bitsight Acquires Cybersixgill for $115M to Bolster Dark Web Threat Intelligence and Cyber Risk Management
Bitsight, a cybersecurity firm specializing in cyber risk management, has acquired Cybersixgill, a dark web threat intelligence provider, for $115 million. This acquisition aims to enhance Bitsight’s capabilities in assessing cyber risks by leveraging Cybersixgill’s expertise in analyzing dark web activities. Based in Israel, Cybersixgill monitors invite-only messaging groups and other platforms for emerging threats. Bitsight plans to integrate Cybersixgill’s technology and team to further develop its AI-driven cybersecurity products. (Source)
Thales Targets €25B Revenue by 2028 with Defense and Cybersecurity Growth Amid Market Challenges
Thales, Europe’s largest defense technology company, aims for 5%-7% annual revenue growth, targeting €25 billion by 2028, driven by rising global defense spending and cybersecurity demand. CEO Patrice Caine emphasized opportunities from increased defense investments and premium services for critical sectors, supported by acquisitions like Gemalto and Imperva. The company seeks to raise operating margins to 13%-14% by 2028, focusing on high-margin products. While analysts anticipated stronger growth, Thales prioritizes long-term demand for technologies like fighter radars over short-term spikes. Challenges in Europe’s satellite market persist, but talks with Airbus and Leonardo may offer solutions. (Source)
UltraPass Partners with Philippine DOTr to Pilot Biometric Identity Verification in Airports
Ultrapass Identity Corp, a US digital identity company, is partnering with the Philippine Department of Transportation (DOTr) to pilot a biometric identity verification solution at airports. This initiative aims to enhance security, streamline passenger processing, and improve the travel experience. The program aligns with international aviation standards, reduces wait times, and ensures data privacy. Originating from a US-Philippines trade mission, this collaboration supports regional connectivity and highlights the role of US technology in ASEAN’s digital transformation while respecting national data sovereignty. (Source)
⚖️ Policy and Regulatory
DOJ Pushes for Google Chrome Sale in Landmark Antitrust Battle
U.S. Department of Justice Office of the Inspector General (DOJ) is pushing for a federal judge to require the sale of Google’s Chrome browser as part of its antitrust case against the company. The DOJ argues that Google’s deals with phone makers like Apple to secure default search positions and the integration of Chrome with its search engine maintain its illegal monopoly in online search, which constitutes 90% of global searches. The agency also wants court oversight of Google’s Android division or its divestiture, and for websites to have the option to opt out of contributing data to Google’s AI models. Google argues that these proposals would hinder innovation and harm consumers. A court decision is expected in 2025 after a hearing in April. (Source)
Finastra Investigates Data Breach of Secure File Transfer Platform, Impacting Global Banks
Finastra, a London-based financial software provider for global banks, is investigating a data breach involving its Secure File Transfer Platform (SFTP). The breach, disclosed on November 8, resulted in the exfiltration of data, with a hacker claiming to have obtained 400GB of client files and documents, reportedly from IBM Aspera. Finastra has not confirmed the number of affected customers or the specific data types, and initial investigations suggest the breach may stem from compromised credentials. The company is working to identify impacted customers and assess the breach’s extent and cause. (Source)
US Charges Hackers in Global Cybercrime Spree Targeting Tech and Crypto Firms
The U.S. Department of Justice has charged five individuals, including one arrested in Spain, for a multi-year hacking spree targeting tech companies, cryptocurrency platforms, and telecommunications providers. The accused, linked to groups 0ktapus and Scattered Spider, allegedly used phishing, SIM swapping, and fake Okta portals to steal credentials and cryptocurrency worth millions. Victims included organizations in entertainment and virtual currency, with one losing $6.3 million. Prosecutors describe the group as a financially motivated network employing advanced social engineering tactics to breach at least 45 companies worldwide. Additional suspects are yet to be identified. (Source)
New NIST Drafts Aim to Strengthen Federal Identity Verification with Enhanced Security and Interoperability Standards
NIST has released final drafts of SP 800-157 and SP 800-217 to enhance identity verification for federal agencies. SP 800-157 expands the use of Derived PIV Credentials beyond mobile devices, introducing phishing-resistant multi-factor authentication. SP 800-217 outlines requirements for federating PIV credentials between agencies, focusing on protocols and trust agreements. Both documents aim to improve security and standardization in digital identity management. Public feedback is welcomed until January 10, 2025. (Source)
DocuSign Phishing Surge Exploits Trust in Regulatory Communications, Highlighting Gaps in Verification Security
Researchers report a 98% increase in phishing attacks since November 8, primarily targeting businesses through Docusign impersonations. These scams exploit trust by mimicking legitimate agencies like the Department of Health and Human Services, sending urgent, fraudulent requests via authentic-looking DocuSign templates. Victims are pressured to respond quickly, with attacks using accurate terminology to evade security. This situation highlights the need for stronger verification protocols and staff training to reduce risks, as businesses face both immediate financial losses and long-term disruptions. Robust validation processes for sensitive communications are essential. (Source)
Vietnam Enforces Stricter Social Media Rules with Mandatory Identity Verification, Raising Privacy Concerns
The Vietnamese government will implement stricter social media regulations starting December 25, 2024, requiring user identity verification via registered phone numbers. All users, including those on international platforms, must authenticate their identities to post or share content. Parents must register accounts for children under 16 and monitor their online activity. Platforms are obligated to remove illegal content, and companies must comply with user data requests from authorities. Critics voice concerns about privacy, government overreach, and accessibility for those in remote areas with limited telecommunications. (Source)
Roblox Strengthens Parental Controls and Safety Measures Amid Child Protection Scrutiny
Roblox has introduced new parental controls and content safeguards amid concerns about child safety, following allegations that it prioritizes growth over user protection. Parents can now manage daily usage limits, block game genres, and access ratings for games. Users under 13 will be unable to text chat outside of games, in addition to an existing voice chat ban. Roblox claims these features were planned before the Hindenburg report and denies any inflated user metrics. The company has faced criticism from child advocacy groups and regulatory challenges, including a ban in Turkey for alleged child exploitation content. These updates reflect a wider industry trend toward stronger protections for minors. As of September, Roblox reported 88.9 million daily active users, with 40% under 13. (Source)
T-Mobile Targeted in Alleged Chinese Cyberattack on Wiretap Systems Amid Espionage Concerns
T-Mobile has reportedly been targeted in a cyberattack linked to the Chinese state-sponsored hacking group Salt Typhoon, as part of a broader campaign against U.S. and international telecom companies. The focus was on wiretap systems used for government access to customer data. T-Mobile stated that its systems and customer data remain secure, but it did not confirm its ability to fully assess potential breaches. The FBI and CISA have warned of ongoing Chinese cyber espionage efforts targeting sensitive communications. This incident is the ninth known cyberattack on T-Mobile in recent years, following a 2023 breach that exposed the personal information of 37 million customers. (Source)