Latest news with #KELA
Yahoo
2 days ago
- Politics
- Yahoo
Kansas attorney general: State can legally negotiate gaming compact with Wyandotte Nation
Attorneys representing Gov. Laura Kelly sought a legal opinion on potential of the Wyandotte Tribe entering into a state compact to offer casino gambling that included sports betting. Attorney General Kris Kobach says a Kansas governor is obligated to negotiate in good faith with on a tribal compact. In this image, Kelly speaks at 2024 dedication of a replica of the Ad Astra statue of a Native American pointing an arrow at the North Star. (Tim Carpenter/Kansas Reflector) TOPEKA — Attorney General Kris Kobach said Gov. Laura Kelly was obligated under federal law to negotiate in good faith with the Wyandotte Nation on a compact agreement to allow operation of casino gambling, including sports betting, on tribal land. Negotiations with the Wyandotte Nation wouldn't violate state law applicable to operation of four nontribal casinos in Kansas nor would negotiations be inconsistent with compacts with four tribes in the casino business in Kansas, the attorney general said. On Friday, Wyandotte Nation Chief Billy Friend said he appreciated the attorney general's opinion affirming the tribe's contention that state and federal statute wouldn't interfere with the tribe seeking a gaming compact in Kansas. 'We were pleased with the opinion,' he said. 'We're looking forward to sitting down and negotiating in good faith and coming up with a fair compact.' Kobach's nonbinding legal opinion said the federal Indian Gaming Regulatory Act, or IGRA, governed gaming on tribal land held by the Prairie Band Potawatomi, Sac & Fox, Kickapoo and Iowa tribes in Kansas. IGRA would likewise preempt state law related to a Wyandotte Nation request for a compact applicable to its 7th Street Casino in Wyandotte County and Cross Winds Casino near Park City in Sedgwick County, the opinion said. Under the Kansas Expanded Lottery Act, or KELA, the opinion said the state's jurisdiction over gambling activities was confined to four casinos outside of tribal land in Mulvane, Pittsburg, Dodge City and Kansas City, Kansas. These Kansas Lottery facilities operated through management contracts with private companies. KELA does forbid Kansas from adding state-owned casino zones through 2032. 'Because KELA and the management contracts do not prohibit efforts that further tribal gaming under IGRA, they do not prohibit negotiating with the Wyandotte Nation over a compact,' Kobach said. Kobach said sports wagering could be featured in a compact with the Wyandotte Nation because Kansas permitted that type of gaming at casinos across the state. In 2022, the Legislature and Kelly granted the four state-owned casinos an opportunity to operate sports books. Since 2023, the Iowa, Sac & Fox and Prairie Band Potawatomie nations negotiated sports betting agreements with the state. Friend, chief of the Wyandotte Nation headquartered in northeast Oklahoma, said the intent was to seek a compact with Kansas enabling the tribe to participate in sports gambling. Justin Whitten, chief counsel to the governor, sought the attorney general's insight into the intersection of IGRA and KELA. The request reflected government and industry concern about potential violation of state management contracts with nontribal casinos. 'A compact with the Wyandotte Nation would not fall under, and would not violate, KELA,' Kobach said. 'And, because federal law trumps state law, to the extent there is any conflict between IGRA and Kansas Statutes Annotated 46-2305, IGRA prevails.' Under the existing system of developing gaming compacts in Kansas, a tribe would begin by requesting negotiations with the governor. The negotiated compact documents would be submitted to the Legislature for consideration. If approved, the compact agreement would be forwarded for review to the U.S. Department of Interior. Kobach said the U.S. Supreme Court weakened IGRA's central mechanism for getting states to negotiate with tribes by holding IGRA didn't abrogate state sovereign immunity. 'This means that if the state does not negotiate with the Wyandotte Nation, or if the Wyandotte Nation believes the state is not negotiating in good faith, the state can invoke its sovereign immunity against any resulting suit by the tribe,' Kobach said. While a tribe might not successfully pursue a lawsuit against the state of Kansas, Kobach's opinion said, the federal government could take legal action on behalf of a tribe to sidestep a sovereign immunity defense.
West Australian
29-04-2025
- Business
- West Australian
Cyber security firm Dvuln warns Australian banks, customers of new wave of identity theft
An internet security group says Australia needs to prepare for a new generation of criminal software that penetrates big computer systems using stolen customer cookies. Security consultant Dvuln says stolen customer credentials are presenting a double challenge to Australian financial institutions — forcing them to defend the integrity of their own networks and protect customer accounts. Infostealer software not only steals the account name and passwords details that a person might store on their phone or computer. The malware can also harvest the digital cookies, or tokens, that allow users to move smoothly through a secure system after they have passed traditional log-ins and even advanced multi-factor authentication (MFA) systems. Dvuln said some infostealer systems had captured authentication tokens to the extent that they could entirely bypass MFA gateways. 'Criminal marketplaces have adapted to capitalise on these capabilities,' the security group said in a report. 'Some marketplaces now featured dedicated filters for 'token-included' credential packages that increased the likelihood of MFA bypass.' Israeli cybersecurity group KELA estimated in February that 330 million individual credentials were compromised by infostealer infections in 2024, enabling fraud and ransomware attacks. Dvuln said its research had identified the 30,000 Australian bank customer credentials in infostealer logs, but the actual number of stolen credentials was likely far higher. The banking details belonging to at least 14,000 CommBank customers, 7000 ANZ customers, 5000 NAB customers and 4000 Westpac customers. 'Many infections remain undetected or are traded in private channels outside our visibility,' he said. With lines continually blurring between organisational security and customer security, Dvuln said financial institutions, governments, customers and security experts needed collaborative approaches to address this growing problem. 'This is not about shifting responsibility to any single party, but rather recognising neat traditional security boundaries are being c
Yahoo
26-02-2025
- Business
- Yahoo
KELA Releases State of Cybercrime 2024: The Alarming Rise of Infostealers and Ransomware & Predictions for 2025
TEL AVIV, Israel, Feb. 26, 2025 /PRNewswire/ -- KELA, the global leader in cyber intelligence, has released its annual State of Cybercrime 2024 report, offering an in-depth analysis of the past year's most pressing cyber threats and intelligence-driven predictions for 2025. The report uncovers the evolving landscape of cybercrime, with attackers forming alliances, leveraging artificial intelligence, and shifting towards new monetization models that challenge traditional security measures. "Cybercrime has reached an unprecedented level of sophistication, with attackers continuously adapting and evolving their tactics," said David Carmiel, CEO of KELA. "The surge in infostealers and ransomware, along with the increasing use of AI-driven threats, highlights the urgent need for organizations to rethink their security postures and adopt a more proactive intelligence-led approach." One of the most alarming trends identified in the report is the continued dominance of infostealer malware as a primary initial access vector. In 2024 alone, KELA tracked over 4.3 million infected machines worldwide, resulting in more than 330 million compromised credentials. Attackers are using these credentials to fuel sophisticated ransomware campaigns and large-scale data breaches. Meanwhile, ransomware operations continued to expand, with over 5,230 victims tracked throughout the year. Notably, the RansomHub ransomware group surpassed LockBit as the most prolific actor, while cybercriminals increasingly moved towards data extortion tactics beyond traditional encryption. Beyond ransomware and infostealers, the report highlights a growing convergence between state-sponsored actors, hacktivists, and traditional cybercriminal groups. Over 200 new hacktivist groups emerged, conducting more than 3,500 distributed denial-of-service (DDoS) attacks, often in response to geopolitical events. The intersection of cybercrime and geopolitics has blurred attribution lines, making it even more difficult for organizations to track and mitigate threats effectively. AI-related cyber risks also intensified in 2024, with cybercriminals jailbreaking large language models (LLMs), stealing credentials for AI-driven platforms, and utilizing deepfakes for fraud and influence campaigns. "Cybercriminals are becoming more strategic, leveraging AI-driven automation, targeting supply chains, and exploiting new vulnerabilities at an alarming pace," said David Carmiel, CEO of KELA. "Organizations must shift from a reactive stance to a proactive, intelligence-driven approach. We look forward to continuing to work with our partners and customers to strengthen their security posture and stay ahead of cyber threats. KELA's expertise in cybercrime intelligence provides security teams with the foresight and actionable insights needed to counter evolving threats before they escalate." The State of Cybercrime 2024 report is now available for download, providing organizations with crucial insights into emerging threats, defensive strategies, and expert predictions for the cybersecurity landscape in 2025, helping businesses stay ahead of increasingly sophisticated adversaries. Download Here About KELAKELA is an Intelligence-Driven Threat Exposure Management company, redefining how organizations detect, monitor, and mitigate external threats. Our proprietary CTI Platform, combined with External Attack Surface and Third-Party Risk Management, provides real-time access to cybercriminal activity in the Deep and Dark Web. This empowers organizations to proactively reduce their exposure at any scale—from enterprises to national security. Learn more at Logo: For media inquiries or interview requests, please contact:Ben Kaponbenk@ View original content to download multimedia: SOURCE KELA
Fox News
26-02-2025
- Fox News
Malware exposes 3.9 billion passwords in huge cybersecurity threat
We saw a rise in infostealer malware in 2024, with hackers using it to steal credentials, cryptocurrency and other personal data from millions of users. If you recall, I reported countless incidents of an infostealer called Lumma preying on Android, Windows and even iOS and Mac users. A new cybersecurity report now highlights that hackers using Lumma, along with StealC, Redline and other infostealers, infected 4.3 million machines in 2024, leading to an astonishing 330 million compromised credentials. Security researchers have also observed 3.9 billion credentials shared in credential lists that appear to be sourced from infostealer logs. A cybersecurity report by threat intelligence platform KELA has uncovered a sharp rise in infostealer malware in 2024. Researchers also observed an alarming trend in how stolen data was circulated. Large compilations of credentials, often referred to as "credential lists," were being shared across cybercrime forums. These lists, primarily sourced from infostealer logs, contained billions of login details harvested from infected devices. One of the most notable incidents linked to infostealer malware was the breach of Snowflake, a cloud data storage provider. In April 2024, threat actors gained access to customer accounts using stolen login credentials, many of which were obtained through infostealers. Exploiting weak security practices, such as the absence of multifactor authentication, attackers extracted valuable data and later attempted to sell it on underground markets. The breach affected at least 165 companies. The KELA report highlights that hackers deploying Lumma, StealC, Redline and other infostealers infected 4.3 million machines, leading to the compromise of 330 million credentials. Nearly 40% of these infected machines contained credentials for corporate systems, including content management platforms, email accounts, Active Directory Federation Services and remote desktop environments. In total, this accounted for 1.7 million compromised bots and 7.5 million stolen credentials. The report also found that 3.9 billion credentials were shared in credential lists that appear to be sourced from infostealer logs. KELA's analysis suggests that almost 65% of infected devices were personal computers storing corporate credentials, making them a prime target for infostealer malware. Infostealer malware is not going anywhere in 2025. With malware-as-a-service platforms on the rise and infostealers becoming more advanced, cybercriminals will likely keep using them as a go-to method for stealing credentials and gaining access to systems. Law enforcement has been cracking down, though. In 2024, authorities managed to take down key parts of the infostealer ecosystem, including disrupting Redline, one of the most widely used infostealers. This showed that international agencies can go after not just the malware developers but also the networks and underground markets that keep these operations running. But takedowns like these rarely put an end to the problem. When one major infostealer operation is shut down, others quickly step in to take its place. The constant demand for stolen credentials and the ability of cybercriminals to adapt means infostealer attacks will likely remain a major threat in 2025. With infostealer malware becoming a growing threat, protecting your data requires a mix of smart security habits and reliable tools. Here are some effective ways to keep your information safe. 1. Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an extra layer of security by requiring a second form of verification, such as a code from an authentication app or biometric confirmation. Cybercriminals rely on stolen usernames and passwords to break into accounts, but with 2FA enabled, they cannot gain access without the additional security step. Make sure to enable 2FA on important accounts like email, banking and work-related logins. 2. Use strong antivirus software and be cautious with downloads and links: Infostealer malware often spreads through malicious downloads, phishing emails and fake websites. Avoid downloading software or files from untrusted sources and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats or cracked applications, so it is best to stick to official websites and app stores for downloads. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Use a password manager: Many infostealers target saved passwords in web browsers. Instead of relying on your browser to store credentials, use a dedicated password manager. Get more details about my best expert-reviewed password managers of 2025 here. 4. Keep software updated: Cybercriminals exploit outdated software to deliver malware. Keeping your operating system, browsers and security software up to date ensures that known vulnerabilities are patched. Enable automatic updates whenever possible and install reputable antivirus or endpoint protection software that can detect and block infostealer threats before they compromise your system. Given the surge in infostealer malware warnings, it is clear that cybercriminals are actively targeting passwords. Both organizations and individuals are urged to strengthen their security measures by enabling 2FA, monitoring credential exposure and using endpoint protection tools. While no security measure is completely foolproof, combining these practices can significantly reduce the risk of falling victim to infostealer malware. CLICK HERE TO GET THE FOX NEWS APPDo you feel that companies are doing enough to protect your data from infostealer malware and other cyber threats? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
