Article

Industry Highlights – Week of November 25

11/30/24
Yura Nunes

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.

Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.

Here are the main industry highlights of this week.

🪄Innovation and New Technology Developments

Colorado Expands Digital ID Options with Samsung Wallet Integration

Colorado residents can now add their driver’s license or state ID to Samsung Wallet, allowing for digital use in certain situations, such as at select TSA checkpoints like Denver International Airport. Users can verify their identity by unlocking their phone and using a QR code or digital ID, ensuring only necessary information is shared securely. Colorado has previously made digital IDs available through Apple and Google Wallets, as well as the state’s myColorado app. While digital IDs are gaining acceptance, they are intended to supplement, not replace, physical IDs, which residents should continue to carry. The Colorado DMV highlights this initiative as part of the state’s commitment to innovation, convenience, and enhanced security for its citizens. (Source)

UK Releases DIATF 0.4: Paving the Way for Digital Identity Certification in 2025

The UK government has pre-released version 0.4 of its Digital Identity and Attributes Trust Framework (DIATF), providing clarity on forthcoming standards ahead of certification opportunities expected in early 2025. This iteration, shaped by stakeholder feedback since the 2022 beta, introduces new certification roles for digital wallets and facial authentication services, stricter user support requirements, and guidance on data protection and promoting certified status. Key updates include inclusion monitoring, fairness in biometric systems, and a revamped structure for better navigation and auditability. Building on prior versions, DIATF 0.4 aligns with international standards, mandates certification for certain use cases, and emphasizes inclusivity through alternative identity verification methods. (Source)

North Korean Hackers Exploit AI and Remote Work to Fund Weapons Program with Stolen Crypto

Security researchers at Cyberwarcon revealed that North Korean hackers have stolen billions in cryptocurrency over the past decade by posing as venture capitalists, recruiters, and IT workers to fund the country’s weapons program. These campaigns involve creating false identities using AI and infiltrating multinational corporations, often with the help of U.S.-based facilitators to bypass sanctions. Key tactics include phishing, malware-laden downloads disguised as meeting tools or skills tests, and fraudulent employment schemes that exploit remote working trends. Despite sanctions and investigative efforts, experts warn that North Korean hacking operations remain a persistent and evolving threat to global cybersecurity. (Source)

💰 Investments and Partnerships

ID.me Secures $67M Investment to Expand Trusted Digital Identity Solutions

ID.me secured $67 million in secondary tender funding from Ribbit Capital , Viking Global Investors, and CapitalG, highlighting its rapid growth and adoption. Serving over 135 million users, including 62 million federally authenticated, ID.me offers a secure digital identity wallet for government, healthcare, and commercial use, meeting NIST Identity Assurance Level 2 standards. With 370% revenue growth from 2020 to 2023, the investment advances its vision of a trusted, reusable identity to combat fraud and simplify digital access. (Source)

Halcyon Secures $100M to Advance AI-Powered Ransomware Defense

Halcyon, a cybersecurity firm specializing in ransomware defense, raised $100 million in Series C funding, totaling $190 million to date. Its platform combines AI-driven prevention, suspicious file analysis, and tools to disrupt ransomware attacks while minimizing business disruption. Investors include Evolution Equity Partners and Bain Capital Ventures, with Evolution’s Richard Seewald joining the Board. The funds will drive Halcyon’s growth and innovation in ransomware prevention. (Source)

Idemia and Kudelski IoT Team Up to Boost Identity Security at Automotive Dealerships

IDEMIA Public Security has partnered with Kudelski IoT to enhance identity verification and document authentication for U.S. automotive dealerships. Kudelski IoT’s vehicle tracking technology, which uses GPS, WiFi, and Bluetooth Low Energy, will complement Idemia’s ability to validate driver’s licenses and verify customer identities during key dealership processes. The collaboration aims to improve security and reduce fraud risks for over 1,000 dealership customers, handling more than 200,000 identity verifications annually. This integration will support dealerships in managing test drives, financing applications, and vehicle purchases securely. Idemia also recently introduced a new Chief Technology Officer and shared insights on integrating biometric security in IoT devices. (Source)

Haveli Investments Acquires Majority Stake in AppViewX to Scale AVX ONE Platform and Tackle Cryptographic Challenges

Haveli Investments has acquired a majority stake in AppViewX, a company focused on certificate lifecycle management and public key infrastructure solutions. This investment aims to enhance AppViewX’s AVX ONE platform, which addresses the complexities of machine identities in hybrid and IoT environments and responds to shorter TLS certificate durations and emerging cryptographic needs. The platform automates certificate management and prepares for post-quantum cryptography. The deal includes financial and operational support to expand AppViewX’s capabilities and market presence, though financial details remain undisclosed. (Source)

EY Identity Acquires J Group Consulting to Boost Privileged Access Management Capabilities in Oceania

EY Identity (EYI) has acquired Melbourne-based cybersecurity firm J Group Consulting to enhance its Privileged Access Management (PAM) capabilities in Oceania. Founded in 2022, J Group Consulting specializes in PAM tools like CyberArk and HashiCorp Vault, offering strategy, implementation, and optimization services. The 20-member team, led by Joel Harris, will integrate with EYI, aiming to improve cybersecurity solutions for critical infrastructure sectors and address the growing demand for advanced PAM to secure privileged accounts in Australia. This partnership will strengthen EYI’s regional presence and its ability to deliver tailored cybersecurity strategies. (Source)

KGeN Raises $10M to Empower Gamers with Web3 Digital Identities and Expand Global Gaming Economy

Kratos Gamer Network has secured $10 million to enhance gamers’ control over their digital identities and expand its web3 gaming economy. The company aims to redefine game publishing with a focus on equitable data management and rewarding collaborations among developers. Targeting emerging markets like India, Brazil, Nigeria, and MENA, KGeN seeks to incorporate micro-gaming communities into the web3 ecosystem. This funding, led by Aptos Labs and supported by Polygon and Game7, brings KGeN’s total funding to $30 million, valuing the company at $500 million. (Source)

Wiz Acquires Dazz for $450M to Boost AI-Powered Application Security

Wiz, a leading cloud security provider, has acquired cybersecurity startup Dazz for $450 million. Founded in 2020, Wiz has grown rapidly, generating $500 million in annual recurring revenue, with projections to exceed $1 billion next year. Dazz, which supports around 100 organizations, specializes in scanning developer code for vulnerabilities and has achieved 500% annual revenue growth. The acquisition will enhance Wiz’s newly launched Wiz Code service by integrating Dazz’s technology, aligning with Wiz’s strategy to expand its security solutions and strengthen its position in the cybersecurity market. (Source)

⚖️ Policy and Regulatory

DOJ Pushes for Google Chrome Sale in Landmark Antitrust Battle

Australia has passed a law banning children under 16 from using social media platforms like Instagram, Snap Inc., and TikTok, effective in late 2025. The legislation, backed by 77% of Australians, aims to tackle youth mental health issues but raises concerns about privacy and digital surveillance. Critics argue it could lead to excessive data collection and limit access to support networks, while supporters, including parent groups, view it as a necessary move against cyberbullying. Tech companies are pushing back, claiming the law lacks clear implementation guidelines. This decision is a political win for Prime Minister Anthony Albanese but may complicate Australia’s relations with U.S. tech firms. (Source)

Finastra Investigates Data Breach of Secure File Transfer Platform, Impacting Global Banks

Pornhub Challenges UK Age Verification Rules as New Digital Identity Solutions Emerge

Pornhub has controversially claimed it is a social media platform, not a pornography website, to argue it is not subject to age verification requirements under the UK’s Online Safety Act until July. The company has previously blocked access in U.S. states requiring age checks and may implement options like facial age estimation or ID uploads. Meanwhile, Spain-based TechPump has partnered with Gataca to launch an age verification system using a free self-sovereign digital identity (SSI) wallet that protects user anonymity while verifying age. Gataca’s solution complies with the EU’s Digital Services Act and has been approved by Spain’s Data Protection Agency for secure age data processing. (Source)

NY Attorney General Fines Geico and Travelers $11.3M for COVID-Era Data Breaches

New York Attorney General Letitia James has fined Geico and Travelers Indemnity Company $11.3 million for data breaches during the COVID-19 pandemic that exposed the personal information of over 120,000 individuals. The cybersecurity failures allowed attackers to exploit vulnerabilities in Geico’s online quoting tool and access sensitive data, including driver’s license numbers, likely contributing to identity theft and fraudulent unemployment claims. This enforcement action highlights the importance of robust cybersecurity measures. (Source)

Australia’s Fast-Tracked Age Verification Bill Sparks Privacy and Democracy Concerns

The Australian government is moving to fast-track legislation for age verification on social media and pornography sites, despite limited public consultation. Critics argue this rushed process undermines democratic decision-making and raises privacy concerns, especially as the law requires collecting personal or biometric data, which could lead to data misuse and push minors to less regulated platforms. Digital rights advocates are divided on its effectiveness, with some suggesting a broader digital duty of care instead of targeted restrictions. Exemptions for sites like YouTube and unclear enforcement only add to the controversy surrounding user safety versus government control. (Source)

Bluesky Faces EU Scrutiny for Non-Compliance with Digital Services Act Amid Rapid Growth

According to the European Commission, BlueSky, a fast-growing social media platform competing with Elon Musk’s X, has breached EU regulations by failing to disclose details such as its number of EU users and legal establishment. Despite a nearly 300% increase to 3.5 million daily users after Musk’s controversial endorsement of Donald Trump, Bluesky has not complied with the Digital Services Act (DSA). The Commission has not yet contacted Bluesky directly and is seeking member states’ help to find an EU representative. Although it doesn’t meet the 45 million EU monthly user threshold for very large online platforms under the DSA, continued non-compliance could result in penalties of up to 6% of global annual revenues. (Source)

IGT Cyberattack Disrupts Systems Amid Rising Threats to the Gambling Sector

IGT, a major global gambling company, faced a cybersecurity incident on November 17, 2024, disrupting its internal IT systems. The company activated its response plan, involving external advisors and taking some systems offline to contain the breach. While the financial impact is still uncertain, IGT has implemented measures to maintain customer service. This cyberattack is part of a rising trend of ransomware targeting the gambling and lottery sectors. As IGT works to restore systems and rebuild stakeholder confidence, it remains transparent with customers and partners about its efforts. (Source)

Share this Article