< ciso
brief />
Tag Banner

All news with #regulatory action tag

353 articles · page 11 of 18

US DOJ Indicts 54 in Multi-Million ATM Jackpotting Scheme

💰The U.S. Department of Justice has indicted 54 individuals tied to a large-scale ATM jackpotting conspiracy that used the Ploutus malware to force machines to dispense cash. Prosecutors allege members of the Venezuelan gang Tren de Aragua, designated a Foreign Terrorist Organization, recruited operatives who conducted surveillance, opened ATM hoods and installed malware by replacing drives or using removable media. Two related indictments returned in October and December 2025 charge bank fraud, burglary, computer fraud and money laundering, exposing an operation that siphoned millions and laundered proceeds to fund other criminal and terrorist activities.
read more →

Nigeria Arrests Developer of Raccoon0365 Microsoft Phishing

🔒 Nigerian police arrested three individuals linked to targeted Microsoft 365 phishing attacks delivered via the Raccoon0365 platform, citing intelligence shared by Microsoft and the FBI. Authorities say one suspect, Okitipi Samuel (aka RaccoonO365 or Moses Felix), developed and sold phishing kits on Telegram and hosted pages on Cloudflare using compromised accounts. The toolkit automated fake Microsoft login pages and has been tied to at least 5,000 account compromises across 94 countries; two other detainees currently have no proven role in creating the service.
read more →

Dismantling Defenses: Trump 2.0 Cyber Year Review Report

🔒 The Trump administration's second term enacted sweeping policy shifts that critics say have weakened the U.S. ability to address cybersecurity, privacy, and corruption risks. Changes include mass workforce cuts and reassignments at CISA, the dismissal of the Cyber Safety Review Board, and reduced enforcement by agencies such as the SEC and CFPB. The creation and apparent misuse of the Department of Government Efficiency (DOGE) raised serious data‑access and oversight concerns. New travel, vetting, and speech controls add further civil‑liberties implications.
read more →

Nigeria Arrests RaccoonO365 Developer Behind PhaaS

🔒 Authorities in Nigeria arrested three alleged internet fraud suspects, including the principal developer of the RaccoonO365 phishing-as-a-service toolkit, following a joint investigation with Microsoft and the FBI. Investigators say the suspect operated a Telegram channel selling phishing links for cryptocurrency, hosted fraudulent Cloudflare portals, and used stolen or fraudulently obtained credentials to harvest Microsoft 365 logins. Laptops, mobile devices, and other evidence were seized during searches.
read more →

Instacart to Refund $60M for Deceptive Subscription Tactics

📰 Instacart will refund $60 million to resolve FTC allegations that it misled customers through deceptive subscription and pricing practices. The FTC says Instacart advertised free delivery while charging mandatory service fees, concealed full-refund options behind self-service menus, and failed to disclose automatic charges at the end of Instacart+ free trials. Under the proposed order, affected consumers will receive refunds and the company must clearly disclose subscription terms.
read more →

FBI Disrupts Russian Crypto Exchange Supporting Cybercrime

🔒 The FBI led an international operation that seized websites and infrastructure tied to E-Note, a Russian-controlled cryptocurrency exchange alleged to have facilitated laundering for cybercriminals. Authorities unsealed an indictment on Dec. 17 against Mykhalio Petrovich Chudnovets, accused of offering money laundering services since 2010. Law enforcement recovered servers, mobile apps, customer databases and records linking more than $70m in illicit proceeds to ransomware and account-takeover campaigns.
read more →

US Seizes E-Note Exchange Linked to Ransomware Laundering

🛑 Law enforcement seized servers and domains of the E-Note cryptocurrency exchange, accused of laundering more than $70 million originating from ransomware attacks and account takeovers. Authorities confiscated e-note.com, e-note.ws and jabb.mn, removed mobile apps, and obtained customer databases and transaction records. The DOJ has indicted Russian national Mykhalio Petrovich Chudnovets on one count of money laundering conspiracy; he faces up to 20 years in prison but has not been arrested. The seized records may help identify additional cybercriminals and the network of money mules used to move and convert illicit funds.
read more →

France Arrests Suspect Linked to Interior Ministry Hack

🔒 French authorities arrested a 22-year-old on December 17, 2025, in connection with a cyberattack that breached the Ministry of the Interior's internal email servers earlier in the month. The suspect, born in 2003 and previously convicted for similar offenses in 2025, faces charges of unauthorized access to an automated personal data processing system as part of an organized group, punishable by up to 10 years' imprisonment. Investigations involve the Paris cybercrime unit and OFAC, and officials said a further statement will follow after police custody.
read more →

ISACA Named Global CMMC Credentialing Authority by US DoD

🛡️ ISACA has been appointed by the US Department of Defense as the global credentialing authority for the CMMC program, responsible for training, examining and certifying assessors and instructors. The DoD's final CMMC rule published on 10 September 2025 and effective 10 November 2025 initiated a three-year rollout, requiring credentials across DoD suppliers by 2028. ISACA replaces The Cyber AB as the CAICO and expects the rules to affect over 200,000 contractors worldwide, including many in Europe.
read more →

European Operation Dismantles €10M Ukraine Call-Center Ring

🔍 Eurojust coordinated a cross-border operation that disrupted a Ukraine-based call-centre fraud ring alleged to have defrauded consumers of more than €10m ($11.7m). An action day on 9 December produced 72 searches in Dnipro, Ivano-Frankivsk and Kyiv, resulting in 12 arrests and 45 suspects identified. Authorities seized forged IDs, computers, phones, a polygraph machine, cash, 21 vehicles and weapons. Investigators say scammers used remote-access tools and bogus 'safe' accounts, recruiting staff from multiple countries and offering up to 7% of proceeds plus large bonuses to high earners.
read more →

Texas Sues TV Makers Over Secret Viewing Data Collection

📰 Texas Attorney General Ken Paxton has sued five TV manufacturers — Sony, Samsung, LG, Hisense, and TCL — alleging they used Automated Content Recognition (ACR) to secretly record and transmit users' viewing activity without consent. The complaints filed in Texas state courts claim some TVs capture screenshots every 500 milliseconds, monitor viewing in real time, and send that data to corporate servers where it is allegedly sold for advertising. Paxton also raised concerns that the China-based vendors may be subject to China's National Security Law, potentially exposing U.S. consumer data to foreign authorities. An LG spokesperson declined to comment on the pending matter; other vendors had not responded at the time of reporting.
read more →

European Authorities Dismantle Ukrainian Call-Center Scam

🚨 European and Ukrainian authorities dismantled a large fraud ring operating call centers in Dnipro, Ivano-Frankivsk and Kyiv, arresting 12 suspects and seizing vehicles, weapons, a polygraph machine, computers, cash, and forged IDs after 72 coordinated searches on December 9. The network, which employed about 100 people from across Europe, scammed over 400 victims and stole more than €10 million using impersonation, remote-access tools and in-person cash pickups. The multi-country operation was led by investigators from the Czech Republic, Latvia, Lithuania and Ukraine with support from Eurojust.
read more →

Against a Federal Moratorium on State AI Regulation

⚖️ The essay opposes a proposed ten‑year moratorium and an impending Executive Order that would bar states from regulating artificial intelligence, arguing this would cede power to a few dominant AI firms and undermine local consumer protections. It highlights growing state efforts in places like California, New York, Massachusetts, Utah, and Texas and rejects the industry claim that a regulatory patchwork would fatally stifle innovation. The authors advocate that the federal government should support state-led experimentation and fund public-interest AI models rather than preempt state authority, and note that the President signed an Executive Order shortly after publication.
read more →

ICO fines LastPass £1.2m over 2022 customer data breach

🔒 The UK Information Commissioner’s Office has fined LastPass £1.2m after concluding insufficient technical and organisational measures contributed to a major 2022 breach. The ICO said there is no evidence that vault master passwords were decrypted, but around 1.6 million users had personal data exposed, including names, emails, phone numbers and stored URLs. The regulator reiterated that password managers remain recommended but vendors must restrict access and harden internal controls.
read more →

Seoul Police Raid Coupang; CEO Steps Down Amid Breach

🔍 Seoul police raided Coupang’s headquarters after the e‑commerce firm disclosed that a massive data leak impacted 33.7 million users. CEO Park Dae‑jun resigned and was replaced by US‑based interim chief Harold Rogers to lead remediation, strengthen information security and restore customer trust. Authorities have issued a search warrant for a suspected ex‑employee and are investigating potential criminal violations. South Korea’s data regulator has also ordered changes to Coupang’s terms, simplified account cancellation and a specialist task force to limit further harm.
read more →

UK Fines LastPass £1.2M Over 2022 Data Breach

🔒 The UK Information Commissioner's Office (ICO) fined LastPass £1.2 million after a 2022 breach that exposed account metadata and encrypted vault backups for up to 1.6 million UK users. The attacker first compromised an employee laptop and development credentials, then exploited a vulnerability in a third‑party streaming app on a senior employee's device to deploy malware, capture a master password, and bypass MFA. Those keys enabled access to cloud backups at GoTo containing customer data. The ICO said vaults were not decrypted but warned weak master passwords are at risk and urged stronger passwords and tighter controls.
read more →

Ukrainian Hacker Charged for Aiding Russian Hacktivists

🔒 U.S. prosecutors arraigned 33-year-old Victoria Dubranova, accusing her of supporting Russian state-linked hacktivist groups in cyberattacks against critical infrastructure, including water systems and election-related targets. Dubranova, known by aliases such as Vika and SovaSonya, was extradited this year and has pleaded not guilty to charges tied to NoName057(16) and CyberArmyofRussia_Reborn (CARR). She faces separate trials in February and April 2026 and potential sentences of up to 27 years and 5 years under the respective indictments.
read more →

2026 NDAA: Cybersecurity Changes for DoD Mobile and AI

🛡️ The compromise 2026 NDAA directs large new cybersecurity mandates for the Department of Defense, including contract requirements to harden mobile phones used by senior officials and enhanced AI/ML security and procurement standards. It sets timelines (90–180 days) for mobile protections and AI policies, ties requirements to industry frameworks such as NIST SP 800 and CMMC, and envisions workforce training and sandbox environments. The law also funds roughly $15.1 billion in cyber activities and adds provisions on spyware, biologics data risks, and industrial base harmonization.
read more →

Portugal exempts ethical hackers under updated law

🔒 Portugal has amended its cybercrime law to exempt cybersecurity researchers and ethical hackers from prosecution, with the change published in the Diário da República on 4 December. The amendment, titled “Acts not punishable due to public interest in cybersecurity,” creates a legal exception for good-faith vulnerability research provided strict conditions are met. Researchers must avoid economic gain, refrain from DoS, social engineering, phishing and data theft, report findings to the system owner and the data protection regulator, and delete sensitive data within 10 days of a fix.
read more →

UK ICO Seeks Urgent Clarity on Facial Recognition Bias

🔍 The UK Information Commissioner’s Office (ICO) has asked the Home Office for urgent clarity after a National Physical Laboratory (NPL) report identified racial bias in the retrospective facial recognition (RFR) algorithm Cognitec FaceVACS-DBScan ID v5.5 used by police. The study found far higher false positive rates for Asian (4%) and Black (5.5%) subjects compared with white subjects (0.04%), with an observed disparity between black males (0.4%) and black females (9.9%). Deputy information commissioner Emily Keaney said the ICO was disappointed it had not been informed earlier and stressed that public confidence, transparency and proper oversight are essential while the Home Office moves to operationally test a replacement algorithm.
read more →