Weekly Industry News – Week of May 06

Yura Nunes

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.

Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.

Week of April 15, 2024

Here are the main industry highlights of this week.

TikTok to Automatically Label AI-Generated Content with New Content Credentials Technology

TikTok will add an “AI-generated” label to identify content produced by AI content creation tools using Content Credentials technology from C2PA. The feature will start globally within the next few weeks. The initiative aims to ensure accurate labeling of AI content and ease the burden on creators. TikTok will expand the use of Content Credentials to identify content made with TikTok AI effects and maintain transparency for viewers in the coming months.

BNP Paribas Becomes First EU G-SIB to Join Global LEI System as Validation Agent

BNP Paribas has been approved as a Validation Agent in the Global LEI System, making it the first European Union-based global systemically important bank to join the program. As a Validation Agent, the bank will provide LEIs to its corporate and institutional banking clients during onboarding and ensure LEI completeness during the KYC recertification process. The adoption of LEIs is supported by international bodies to enhance cross-border payment operations and combat global financial crime.

Biden Administration Launches New Global Cybersecurity Strategy at RSA Conference

The Biden administration has launched a new international cybersecurity strategy to combat cyber threats from countries like China and Russia. The strategy focuses on four main areas: creating a secure digital identity ecosystem, advocating for rights-respecting digital technology, forming coalitions to counter cyber threats, and boosting cybersecurity resilience in partner nations. It includes a $50MM Cyberspace and Digital Connectivity fund to aid allies in enhancing their cybersecurity. The strategy also aims to establish global norms around the use of artificial intelligence.

Google Updates Ad Policies to Ban Ads for Deepfake Pornography and Synthetic Explicit Content

Google has updated its advertising policies to ban ads for services that create deepfake pornography and other synthetic sexually explicit content. The new policy targets ads for services that alter or generate synthetic sexually explicit images or videos. Both human review and automated systems will support Google’s enforcement against these ads. The move aligns with growing concerns over nonconsensual deepfake pornography.

Senate Grills UnitedHealth CEO on Change Healthcare’s Cyberattack and $22 Million Ransom Payment

The Change Healthcare cyberattack began with hackers accessing a server that lacked basic security measures. UnitedHealth Group CEO faced questioning about the attack’s details, including the use of compromised credentials. The attack involved ransomware, leading to operational disruptions in healthcare payments and claims processing. UnitedHealth responded by disconnecting the systems, rebuilding the platform, and paying a $22 million ransom in Bitcoin to mitigate the damage. The incident prompted the Office for Civil Rights investigation to determine if protected health information was exposed and patient privacy laws violated.

U.S. Agencies Warn of North Korean Spear-Phishing Campaigns Targeting Geopolitical Intelligence

The U.S. government issued a cybersecurity advisory warning about North Korean hackers’ spear-phishing campaigns. The hackers use spoofed emails to gather sensitive information from their targets. They exploit weak DNS DMARC record policies to send emails that appear to come from valid domains. The group behind these attacks, Kimsuky (or APT43), targets foreign policy experts and uses initial benign interactions to build trust. Organizations are advised to strengthen their DMARC policies and treat suspicious emails more cautiously.

Akamai Technologies to Acquire Noname Security for $450 Million to Boost API Security Capabilities

Akamai Technologies will acquire Noname Security for $450 million to boost its API security solutions. Noname Security’s technology will be integrated into Akamai’s existing security offerings to provide more comprehensive capabilities in identifying shadow APIs and addressing vulnerabilities and attacks. The deal is expected to close in Q2 2024, subject to customary closing conditions.

Wiz Secures $1 Billion in Series E Funding, Eyes IPO with $12 Billion Valuation

Cloud security platform startup Wiz has raised $1 billion in Series E funding, led by Andreessen Horowitz, Lightspeed Venture Partners, and Thrive. With this funding, the company plans to expand its organic growth through R&D and talent acquisition and inorganic growth through strategic acquisitions of other cybersecurity startups. Wiz has quickly established a significant presence in the cloud security sector, boasting contracts with 40% of the Fortune 100. The company plans to leverage this new capital to continue its growth trajectory, aiming for $1 billion in annual recurring revenue by 2025.

DocuSign Acquires AI Startup Lexion for $165 Million to Boost Contract Management Capabilities

Docusign has acquired Lexion, a contract workflow automation startup, for $165 million. This acquisition is part of DocuSign’s strategy to strengthen its presence in the contract management industry. DocuSign aims to leverage Lexion’s technology to provide deeper insights into contract structures and identify potential risks by leveraging structured data management and natural language processing (NLP) techniques. The acquisition comes as DocuSign reportedly navigates a potential sale to private equity, with Bain and Hellman & Friedman among the top bidders. Additionally, Docusign announced a workforce reduction of about 6%, cutting around 400 jobs.

Delta Capita Boosts KYC Offerings with Acquisition of LSEG’s Client On-Boarding Technology

Delta Capita acquired the Client On-Boarding technology and client base from the LSEG (London Stock Exchange Group), formerly GoldTier. This acquisition aims to enhance its KYC capabilities and expand its suite of compliance tools and services, reinforcing its standing as a leading provider in KYC client lifecycle management. The move is part of Delta Capita’s broader expansion strategy, including previous blockchain and financial consultancy acquisitions.

SoFi Fined $1.1 Million by FINRA for Lax Customer Verification Leading to $2.5 Million Theft

SoFi was fined $1.1 million by FINRA for inadequate customer identification measures that led to fraud, resulting in a $2.5 million theft. SoFi’s automated process for approving account openings was insufficient for verifying identities, leaving accounts vulnerable to exploitation by fraudsters. About $8.6 million was stolen from other financial institutions via SoFi Money accounts, with $2.5 million successfully withdrawn by the perpetrators. SoFi identified the flaws and implemented remediation steps, including enhanced staff training and improved customer verification processes.

IMF Report Stresses Cybersecurity as a Growing Financial Risk, Urges Enhanced Corporate Governance

The IMF warns about the rising threat of cyberattacks in the financial sector and emphasizes the importance of stronger corporate governance in cybersecurity. The organization encourages financial firms to increase cybersecurity training efforts and attain clearer oversight of cyber risks.

Spanish Police Crack Encrypted Services to Identify Catalan Activist in Pro-Independence Investigation

Spanish police obtained data from encrypted services Wire and Proton to identify an activist linked to Catalonia’s pro-independence movement. The investigation aimed to uncover individuals involved in the 2019 street riots and a potential protest plan during King Felipe VI’s 2020 visit. Wire and Proton confirmed compliance with Swiss authorities’ requests for external email addresses. Proton highlighted its limitations in providing user data due to encryption policies.

Massive Data Breach Exposes Over 5 Million Salvadorans’ Personal Information on Dark Web

Over 5.1 million Salvadorans were affected by a significant data breach where personal details, including high-definition facial photos and national ID numbers, were leaked on the dark web. The data, which represents about 80% of El Salvador’s population, was made available for free after an unsuccessful attempt to sell it. The source of the breach remains unconfirmed, but cybersecurity firm Resecurity suggests a potential link to the hacker group Guacamaya. The incident has raised concerns about identity fraud and other cybercrimes due to the improperly stored sensitive data.

UK Suspects China in Defence Ministry Cyberattack, Tightens Security Amid Investigation

The Ministry of Defence’s payroll system was recently hacked, with sensitive information of armed forces personnel compromised, including names, bank details and personal addresses. Although China is suspected, the government has not officially named the perpetrator due to ongoing investigations. Prime Minister Rishi Sunak acknowledged a “malign actor” was responsible, and the UK’s defensive strategies are robust. The security practices of the external contractor managing the system are being reviewed. Service personnel affected by the breach have been reassured about the safety of their May salaries.

TD Bank Faces Justice Department Probe for Alleged Money Laundering Linked to Fentanyl Sales

The Justice Department is investigating TD Bank for facilitating money laundering related to illegal fentanyl sales. The bank is enhancing its anti-money laundering practices after acknowledging that its systems have failed to detect criminal activities. TD Bank is facing multiple anti-money laundering probes in the U.S. and was recently fined $9.2MM CAD by Canadian AML regulator Fintrac for related deficiencies. The bank has earmarked $450MM in capital within its Q1 regulatory filings to pay US AML penalties, and financial analysts predict the bank could face fines of up to $2 billion.

Google’s Antitrust Trial Nears Conclusion, Spotlight on Search Market Dominance

Google is facing two antitrust trials by the Department of Justice, with the first one about its search operations nearing conclusion. The trial focuses on whether Google’s business practices in the search engine market violate anti-monopoly laws, with key issues discussed being Google’s potentially anticompetitive behavior, its significant payments to Apple to remain the default search engine on iOS devices, and the impact of these practices on market competition. The trial’s outcome could lead to significant remedies, including possible changes to how Google conducts its business or even a breakup of certain operations.

Share this Article