Cybercrims Dangle $300 to T-Moble and Verizon Employees to Perform SIM Swaps (2024)

Check out my latest CSO column on understanding CISA’s proposed cyber incident rules.

Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with $300 in cash to perform SIM swaps.

According to some reports, this effort is part of a campaign targeted at current and former mobile carrier workers who could have access to the systems required to perform a SIM swap.

The attackers' messages claim the source of the contact information is an employee directory, as first spotted by The Mobile Report.

"I got your number from the T-Mo employee directory. I'm looking to pay someone up to $300 per sim swap done, if you're interested, reply and we can talk," the criminals say in the messages.

Some texts request employees contact the threat actor on Telegram if they are interested in the offer. While it was initially believed that these texts only targeted T-Mobile employees, Verizon employees also stated that they were receiving variations of the same text.

T-Mobile said they are investigating the text messages but stressed they did not suffer another breach.

​"We did not have a systems breach. We continue to investigate these messages that are being sent to solicit illegal activity. We understand other wireless providers have reported similar messages," T-Mobile said. (Sergiu Gatlan / Bleeping Computer)

MGM Resorts International sued the Federal Trade Commission to stop an investigation into how it dealt with a cybersecurity attack last year, saying the probe deprives it of its fundamental due process rights and that FTC Chair Lina Khan should recuse herself from the case.

Khan was visiting MGM Grand on the Las Vegas strip in September when the company was hit by a cyberattack that temporarily shut down its computer systems. A front desk clerk asked Khan and her staff to write their credit card information on paper while checking into the hotel. Khan responded by asking the employee how MGM was managing data security in this situation.

Shortly after, the FTC started an investigation and, in January, demanded that the company respond to how it handled the situation, according to the lawsuit. The agency asked the company to hand over more than “100 categories of information.”

The company also claimed that the FTC relied on “inapplicable” regulations that apply only to financial services companies to demand information from the casino operator.

According to a person briefed on the situation, the agency will likely challenge the MGM lawsuit. The person said there is a long history of efforts to get Khan disqualified from past cases but added that people normally try to get her removed for having a point of view rather than just being present.

The FTC earlier denied the company’s request that Khan recuse herself from involvement in the investigation, given her personal experience with the cyberattack. (Sabrina Willmer / Bloomberg)

In its results for the quarter ended March 31, UnitedHealth, parent company of ransomware-besieged Change Healthcare, says the total costs of tending to the February cyberattack for the first calendar quarter of 2024 currently stands at $872 million.

That figure is in addition to the advance funding and interest-free loans UnitedHealth provided to support care providers reeling from the disruption, a sum said to be north of $6 billion.

In its results for the quarter ended March 31, filed today, UnitedHealth stated that the total impact on the company from the attack in Q1 was $0.74 per share, which is expected to rise to a sum between $1.15 and $1.35 per share by the end of the year.

The remediation efforts spent on the attack are ongoing, so the total costs related to business disruption and repairs will likely exceed $1 billion over time, potentially including the reported $22 million payment made to the ALPHV/BlackCat-affiliated criminals behind the attack.

The company warned that, financially, the total cost of the cyberattack is estimated to be between $1.35 billion and $1.6 billion for the calendar year 2024. (Connor Jones / The Register)

In a hearing before the House Energy and Commerce Committee, lawmakers sharply criticized the healthcare giant UnitedHealth Group for the company’s role in and response to a ransomware attack on its subsidiary Change Healthcare that crippled parts of the US healthcare system.

The company has already been under intense scrutiny for its bungling of the attack. The Department of Health and Human Services announced an investigation into whether the payment processor and its parent company complied with federal health data privacy laws.

UnitedHealth Group did not make anyone available for the hearing despite the subcommittee’s request, according to committee Chair Cathy McMorris Rodgers, R-Wash. Though Eshoo later said that CEO Andrew Witty had agreed to “come in,” his absence was notable on a day in which the company said during an earnings call that the ransomware attack caused $872 million in losses, with the expectation that it may surpass $1 billion. (Christian Vasquez / Cyberscoop)

A group of international hackers focused on attacking Israel and Israeli organizations launched in early April a new Wikileaks-type website of pro-Palestinian hackers dedicated to publishing leaks from a series of breaches carried out against sensitive databases and websites in Israel in recent months,

The website and platform is called Cyber Court, and hackers affiliated with it have already attacked websites linked to Israel's defense ministry in what seems like the latest escalation in the proxy wars between Israel and Iran.

Ari Ben Ami, founder of Telegram search engine and analytics company Telemetry Data Labs and publisher of the Memetic Warfare blog, discovered the site and said it appears to be Iranian-run and "appears to serve as a clearing house for a motley assortment of hacktivist groups to post hacked content.”

The site has already published links to leaks, including thousands of documents it claims were obtained by hackers who broke into websites and administrative portals connected to Israel's Defense Ministry and National Insurance Institute. (Omer Benjakob and Oded Yaron / Haaretz)

Hotel chain giant Omni Hotels & Resorts has confirmed cybercriminals stole the personal information of its customers in an apparent ransomware attack last month.

Omni said the stolen data includes customer names, email addresses, postal addresses, and guest loyalty program information. The company said the stolen data does not include financial information or Social Security numbers.

Omni said it shut down its systems on March 29 after identifying intruders in its systems. Guests reported widespread outages across Omni’s properties, including phone and WiFi issues. Some customers said that their room keys stopped working. The hotel chain restored its systems a week later, on April 8.

A ransomware gang called Daixin has taken credit for the breach.

The Daixin gang posted on its dark website that it would soon leak reams of customer records dating back to 2017. Ransomware gangs typically use such dark websites to publish stolen information and extort a ransom from their victims.

The gang did not post evidence of their claims but shared portions of the allegedly stolen files with veteran data breach watcher DataBreaches.net. Per the publication, the gang claimed to steal 3.5 million Omni customer records. A sample of the stolen data shared with DataBreaches.net matched the types of customers’ personal information that Omni said was taken. (Zack Whittaker / TechCrunch)

Researchers at WithSecure have detailed the operation of little-known Russian backdoor malware called Kapeka linked to the GRU’s Sandworm hacking group that has been used in attacks against victims in Eastern Europe since at least mid-2022.

The backdoor is likely an update to Sandworm’s arsenal for use in espionage campaigns and sabotage operations. Code like Kapeka is built to give hackers network access to deploy other malware.

It is possible, the researchers said, that Kapeka is a successor to Sandworm’s GreyEnergy malware, which itself was likely a replacement for the famous BlackEnergy strain used to insert malicious code into the Ukrainian power grid in 2015.

WithSecure said it found traces of Kapeka in mid-2023 while analyzing an attack on an Estonian logistics company in late 2022.

Two additional backdoor samples from Ukraine were submitted to the VirusTotal repository in mid-2022 and mid-2023. The WithSecure researchers said they have “moderate confidence” that the submitters were victims of the malware infection.

The researchers say that Kapeka can serve as an early-stage toolkit for its operators and provide long-term access to the targeted system.

Once deployed, the backdoor collects information about the infected machine and its user. It can also perform tasks such as reading files from disks below 50 megabytes and sending this information back to hackers.

The researchers say the malware can launch payloads, execute shell commands, and upgrade its functionality. This could allow the threat actor to first infect victims with a skeleton version of the backdoor and only drop a more complete version if the victim is deemed an appropriate target.

Researchers said the scarce mention of Kapeka in other research indicates that the malware has been used in limited-scope attacks since at least mid-2022.

The group may be particularly interested in targeting transportation and logistics companies. WithSecure initially discovered the backdoor in the company's networks in Estonia, and the researchers also connected it to Prestige ransomware-style attacks on the logistics industry in Poland and Ukraine. (Daryna Antoniuk / The Record)

Trust Wallet, a crypto wallet maker owned by crypto exchange Binance, claimed that hackers might be targeting people with an iMessage “zero-day” exploit, but all signs point to an exaggerated threat, if not a downright scam.

Trust Wallet said t, “We have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web. This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk.”

The wallet maker recommended that iPhone users turn off iMessage completely “until Apple patches this,” even though no evidence shows that “this” exists at all.

According to Trust Wallet’s CEO Eowyn Chen, the “intel” is an advertisem*nt on a dark web site called CodeBreach Lab, where someone is offering said alleged exploit for $2 million in bitcoin cryptocurrency. The advert titled “iMessage Exploit” claims the vulnerability is a zero-day remote code execution (or RCE) exploit that requires no interaction from the target and works on the latest version of iOS.

Given how and where this zero-day is being sold, it’s very likely that it is all just a scam and that Trust Wallet fell for it, spreading what people in the cybersecurity industry would call FUD, or “fear uncertainty and doubt.”

CodeBreach Lab appears to be a new website with no track record. A search on Google returned only seven results, one of which was a post on a well-known hacking forum asking if anyone had previously heard of CodeBreach Lab,

When TechCrunch attempted to buy the alleged exploit, the website asked for the buyer’s name and email address and then to send $2 million in Bitcoin to a specific wallet address on the public blockchain. Nobody has so far.

In other words, if someone wants this alleged zero-day, they have to send $2 million to a wallet that, at this point, no one knows who it belongs to or how to contact them. (Lorenzo Franceschi-Bicchierai / TechCrunch)

Privacy exchange Railgun has refuted claims that it was used by North Korean’s Lazarus Group, saying the hacker group is “blocked from using the Railgun system.”

Railgun said the North Korean bad actors are blocked from its project by the “Private Proofs of Innocence” system, which went live over a year ago. “Secondly, it was a mistaken, false allegation in the first place,” it added.

Railgun’s comment came in response to Wu Blockchain’s tweet about Lazarus Group hackers using Railgun to launder stolen assets, noting that Railgun has become an alternative to Tornado Cash.

On Monday, Railgun’s token price jumped over 123% after Ethereum co-founder Vitalik Buterin noted the project’s privacy benefits on X. Arkham Intelligence data showed that the “vitalik.eth” address transferred 100 ETH (about $311,600) to Railgun. (Timothy Shen / The Block)

Poland’s Prosecutor General Adam Bodnar said that between 2017 and 2022, nearly 578 citizens were targeted with powerful commercial spyware called Pegasus, made by Israel’s NSO Group.

In addition, a top official of Poland’s special services, Tomasz Siemoniak, confirmed in an interview that the number of Pegasus victims exceeds 500 people.

According to him, some of the espionage cases were “justified” as they targeted those suspected of terrorism or were part of counterintelligence efforts. He admitted, however, that there were also “too many cases” when the use of Pegasus wasn’t justified.

Polish prosecutors said last week that they are building a case against current and former government officials believed to have used Pegasus against opposition party members and their allies. (Daryna Antoniuk / The Record)

Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software.

Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as root via command injection in low-complexity attacks on vulnerable PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls if the device telemetry and GlobalProtect (gateway or portal) feature are enabled.

While Palo Alto Networks has started releasing hotfixes to secure unpatched firewalls exposed to attacks, the vulnerability has been exploited in the wild as a zero-day since March 26th to backdoor firewalls using Upstyle malware, pivot to internal networks, and steal data by a threat group believed to be state-sponsored and tracked as UTA0218.

One day after Palo Alto Networks started releasing CVE-2024-3400 hotfixes, watchTowr Labs also released a detailed analysis of the vulnerability and a proof-of-concept exploit that can be used to execute shell commands on unpatched firewalls.

TrustedSec Chief Technology Officer Justin Elze also shared an exploit seen in actual attacks, allowing attackers to download the firewall's configuration file.

Security threat monitoring platform Shadowserver says it sees more than 156,000 PAN-OS firewall instances on the Internet daily; however, it doesn't provide information on how many are vulnerable. Threat researcher Yutaka Sejiyama also found over 82,000 firewalls vulnerable to CVE-2024-34000 attacks, 40% of which were in the United States. (Sergiu Gatlan / Bleeping Computer)

Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum discovered that a vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.

PuTTY is a popular open-source terminal emulator, serial console, and network file transfer application that supports SSH (Secure Shell), Telnet, SCP (Secure Copy Protocol), and SFTP (SSH File Transfer Protocol).

System administrators and developers predominantly use the software to remotely access and manage servers and other networked devices over SSH from a Windows-based client.

The vulnerability is caused by how PuTTY generates ECDSA nonces (temporary unique cryptographic numbers) for the NIST P-521 curve used for SSH authentication. Specifically, there's a bias due to PuTYY's use of a deterministic way to generate these numbers to compensate for the lack of a robust cryptographic random number generator on specific Windows versions.

The developers fixed the vulnerability in PuTTY version 0.81, which abandons the previous k-generation method and switches to the RFC 6979 technique for all DSA and ECDSA keys.

However, it is noted that any P521 private keys generated using the vulnerable version of the tool should be considered unsafe and replaced by new, secure keys. (Bill Toulas / Bleeping Computer)

Researchers at Cisco Talos warn about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide.

According to Cisco Talos, this new brute force campaign uses a mix of valid and generic employee usernames related to specific organizations.

The researchers say the attacks started on March 18, 2024, while all attacks originate from TOR exit nodes and various other anonymization tools and proxies, which the threat actors use to evade blocks.

The Cisco Talos report warns that "Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions.”

"The traffic related to these attacks has increased with time and is likely to continue to rise."

Some services used to conduct the attacks include TOR, VPN Gate, IPIDEA Proxy, BigMama Proxy, Space Proxies, Nexus Proxy, and Proxy Rack.

The Talos team has shared a complete list of indicators of compromise (IoCs) for this activity on GitHub, including the attackers' IP addresses for inclusion in blocklists and the list of usernames and passwords used in the brute force attacks. (Bill Toulas / Bleeping Computer)

Researchers at Positive Technologies report that a new campaign it dubs SteganoAmor by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems.

Positive Technologies discovered over 320 attacks, most focused in Latin American countries, but the targeting scope extends worldwide.

The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.

The emails are sent from compromised SMTP servers to minimize the chances of the messages getting blocked as they come from legitimate domains. If an old version of Microsoft Office is installed, the exploit will download a Visual Basic Script (VBS) from the legitimate 'paste upon opening the file. ee' service. This script is then executed to fetch an image file (JPG) containing a base-64 encoded payload.

PowerShell code inside the script in the image downloads the final payload hidden inside a text file as a reversed base64-encoded executable.

Positive Technologies has observed several variants of the attack chain, delivering a diverse array of malware families, including Agent Tesla, FormBook, Remcos, LokiBot, Guloader, Snake Keylogger, and XWorm.

The final payloads and malicious scripts are often stored in legitimate cloud services like Google Drive, taking advantage of their good reputation to evade getting flagged by AV tools.

Stolen information is sent to compromised legitimate FTP servers used as command and control (C2) infrastructure to make the traffic appear normal. (Bill Toulas / Bleeping Computer)

Researchers at Fortinet report that attackers continue to exploit a vulnerability in unpatched TP-Link internet routers, adding them to botnets that can disrupt websites with bogus traffic.

The flaw, CVE-2023-1389, was discovered last December and patched in March. It affects the Archer AX21, a popular model manufactured by the Hong Kong-based company that has long been a target of botnet operators. It is a command injection vulnerability with a CVSS severity score of 8.8 out of 10.

The researchers observed multiple attacks focusing on this year-old vulnerability, including botnet malware such as Moobot, Mirai, Condi, and Gafgyt. The malicious code allows attackers to take control of devices for distributed denial-of-service (DDoS) attacks. (Daryna Antoniuk / The Record)

Kemba Walden, who served as acting national cyber director from February to November 2023, said during a House Financial Services subcommittee hearing that a ransomware payment ban remains “the North Star” for US cybersecurity experts looking to curtail hacking groups’ leverage over companies, but “real steps” remain before the country can reach that point.

Walden said that we haven’t come to a “place where the American economy is resilient enough to withstand” a prohibition on companies making payments to resolve an attack.

“The profits are still too high, and the costs are still too low,” said Walden, now the president of the Paladin Global Institute, a division within the venture capital firm Paladin Capital Group aimed at protecting global critical infrastructure from cyber threats.

“So we need to shift that balance, and there are several policy options that we can take in order to get to the point where profitability is no longer a motivator for ransomware actors.” (Matt Bracken / Cyberscoop)

The UK Ministry of Justice said that creating a sexually explicit “deepfake” image is to be made an offense under an amendment to the criminal justice bill.

Under the legislation, anyone who creates such an image without consent will face a criminal record and an unlimited fine. They could also face jail if the image is shared more widely.

The department said creating a deepfake image would be an offense regardless of whether the creator intended to share it. The Online Safety Act, introduced last year, has already criminalized sharing deepfake intimate images, whose creation is facilitated by advances in artificial intelligence. (The Guardian)

The Meta Oversight Board announced that it was taking on cases that could force the company to reckon with how it deals with deepfake p*rn.

The board, which is an independent body that can issue both binding decisions and recommendations to Meta, will focus on two deepfake p*rn cases, both regarding celebrities who had their images altered to create explicit content.

In one case about an unnamed American celebrity, deepfake p*rn depicting the celebrity was removed from Facebook after it had already been flagged elsewhere on the platform. The post was also added to Meta’s Media Matching Service Bank, an automated system that finds and removes images that have already been flagged as violating Meta’s policies to keep them off the platform.

In the other case, a deepfake image of an unnamed Indian celebrity remained up on Instagram even after users reported it for violating Meta’s policies on p*rnography. The deepfake of the Indian celebrity was removed once the board took up the case. (Vittorio Elliott / Wired)

Researchers at Resecurity report a 325% increase in cyberattacks targeting the Phillippines in Q1 2024 compared to the same period last year.

Cyberattacks involving hacktivist groups and foreign misinformation campaigns nearly tripled in Q2 2024. Multiple attacks were staged by unknown threat actors, combining ideological motivations with nation-state-sponsored propaganda.

Resecurity found numerous hacktivist groups targeting the Philippines, including the pro-China Mustang Panda, DeathNote Hackers, and Exodus Security.

In addition, local hacking groups, including Philippine Hacking University, Excommunicado, CyberMafia Philippines, Philippine Cyber Alliance, Bisaya Cyber Army, and LizardSquad Philippines, are also using hacking as a form of protest. (Deeba Ahmed / HackRead)

The Cloudflare DDoS Threat Report for 2024 Q1, based on traffic and attacks observed through Cloudflare’s network, found that DDoS attacks jumped 50% year-over-year from a year ago.

During the quarter, Cloudflare mitigated 4.5 million DDoS attacks, including 1.7 million HTTP DDoS attacks, which shot up 93% year-over-year. The figures were notably higher than any quarter through 2023.

In total, Cloudflare systems mitigated 10.5 trillion HTTP DDoS attack requests, as opposed to attacks, in the first quarter and mitigated more than 59 petabytes of DDoS attack traffic, just on the network layer.

This year, the largest single DDoS attack recorded this year involved a Mirai-variant botnet. The attack reached two terabits per second and targeted an Asian hosting provider.

The quarter also saw a surge in DNS-based DDoS attacks, with the report noting that they have become the most prominent attack vector. DNS-based DDoS attacks surged 80% year-over-year and now account for about 54% of all DDoS attacks.

Sweden, not a country one would usually associate with cyberattacks, saw a massive increase in DDoS attacks, with Cloudflare observing a 466% increase in attacks targeting the country. The attacks are attributed to Sweden joining the North Atlantic Treaty Organization alliance, mirroring a pattern observed during Finland’s NATO accession in 2023.

Even with the increase in attacks, Sweden did not make the top 10 when it comes to countries targeted in the quarter. Unsurprisingly, the US was the most attacked country or territory, followed by China, Canada, Vietnam, Indonesia, Singapore, Hong Kong, Taiwan, Cyprus, and Germany. (Duncan Riley / Silicon Angle)

Researchers at BlackBerry detailed the resurgence of the LightSpy mobile espionage campaign, which focuses on targets in Southern Asia and probably India, potentially indicating a renewed focus on political targets and regional tensions.

LightSpy is a sophisticated iOS implant that was first reported in 2020 in connection with a watering hole attack against Apple device users. It possesses modules designed to exfiltrate device information and saved files, including data from popular messenger applications such as QQ, WeChat, and Telegram.

It also has a plugin capable of crawling the victim's payment history from WeChat Pay (Weixin Pay in China). It can additionally access a user’s contacts, SMS messages, phone call history, GPS location, connected WiFi history, and Safari and Chrome browser histories. This comprehensive set of features can turn a user’s infected phone into a potent spying device.

BlackBerry says, ”The reemergence of LightSpy highlights the ongoing threat of sophisticated mobile spyware used for espionage purposes. The targeting of individuals in Southern Asia, coupled with the suspected Chinese origin of the attackers, raises concerns about the potential motives and geopolitical implications of this campaign.” (Anthony Spadafora / Tom’s Guide)

The United Nations Development Programme (UNDP) recently experienced a cyberattack in which local IT infrastructure in UN City, Copenhagen, was targeted.

On March 27, UNDP received a threat intelligence notification that a data-extortion actor had stolen data, which included certain human resources and procurement information.

Actions were immediately taken to identify a potential source, contain the affected server, and determine the specifics of the exposed data and who was impacted.

UNDP is currently conducting a thorough assessment of the nature and scope of the cyber-attack, and we have maintained ongoing communication with those affected by the breach so they can take steps to protect their personal information from misuse. Additionally, we are continuing efforts to contact other stakeholders, including informing our partners across the UN system. (UNDP.org)

Internet-scraping outfit Spy.pet claims to have harvested more than four billion public messages from nearly 620 million users on more than 14,000 Discord chat servers and is selling access to this trove.

The service has been active since November 2023, vacuuming user and server activity without any sign of an opt-out.

It presents the collected in several ways. Each known user has a profile that contains all known aliases and pronouns, connected accounts to other platforms such as Steam and GitHub, Discord servers joined, and public messages.

Discord said it is probing Spy.pet to see if any action needs to be taken against the chat-harvesting service. "Discord is committed to protecting the privacy and data of our users. We are currently investigating this matter," a spokesperson said. (Matthew Connatser / The Register)

Voting technology company Smartmatic and the far-right network One America News announced they settled a defamation lawsuit stemming from the outlet’s lies about the 2020 election.

Smartmatic filed its lawsuit against OAN in 2021, alleging that the right-wing conspiracy network “victimized” the company and spread lies about its role in the 2020 election to “increase viewership and revenue.”

In its lawsuit, Smartmatic alleged OAN hosts and guests made dozens of false claims about the company’s role in the 2020 election. Personalities on the network repeatedly said Smartmatic software was used in voting machines “in 30 states,” including battleground states like Michigan and Pennsylvania. In reality, Smartmatic software was only used in one California county.

Others on OAN claimed that Smartmatic’s software was “used to switch votes from President Trump to Joe Biden” and said the company was engaged in digital “ballot-stuffing” to help Biden win. OAN personalities also stretched the truth about Smartmatic’s past ties to Venezuela to weave a baseless narrative that “Maduro allies were meddling in the latest US election through a company called Smartmatic. (Marshall Cohen and Oliver Darcy / CNN)

Tom Holland, famous for playing Spider-Man in Marvel movies, has become the latest victim of a cryptocurrency scam on X.

His account was hacked to promote a new digital currency called $SPIDER, which was presumably associated with a Spider-Verse project. The post encouraged followers to sign up for early access to this new cryptocurrency and NFTs.

Holland’s bio was altered to include a link to a website offering fake partnership details. Shortly after the crypto promotion, another strange image emerged: a selfie of an unknown person, with a caption referencing Sam Raimi’s 2002 Spider-Man film starring Tobey Maguire.

Cynomi, a vCISO platform provider for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs), has announced it has raised $20 million in a Series A venture funding round.

Canaan led the round with Flint Capital, s16vc, and Aloniq among the return investors. (James Spiro / Calcalist)

Cybersecurity startups raised nearly $2.7 billion in 154 deals in Q1, according to Crunchbase data, the highest level since Q1 last year, when similar startups raised just less than $2.9 billion in 228 deals.

However, the Q1 2024 dollar figure represents a 69% increase from the previous quarter, when cyber startups raised just $1.6 billion in 148 deals. (Chris Metinko / Crunchbase News)

Best Thing of the Day: Even If You’re The Hottest Thing Around, The Law Still Applies

Massachusetts Attorney General Andrea Campbell warned that developers, suppliers, and users of artificial intelligence must comply with existing state consumer protection, anti-discrimination, data privacy, and data security laws.

Worst Thing of the Day: Your Driver’s License Is Worth $3,000

A group of hackers has allegedly hacked a database holding all of Argentina’s 5.7 million driver’s licenses, including those of Argentine President Javier Milei, alongside several public officials, including Patricia Bullrich, the Minister of Security, and Luis Petri, the Minister of Defense, requesting a payment of $3,000 USD for whoever wishes to purchase the images of Argentine licenses.

Closing Thought