Aphinia - Your Weekly CISO Update

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

→ Nicole Ford was appointed as Chief Information Security Officer at Nordstrom.

→ Nate Vanderheyden was appointed as Deputy Chief Information Security at Morgan Stanley.

→ Jose Dominguez was appointed as Chief Information Security Officer at the University of Oregon.

→ Jay Mody was appointed as Chief Information Security Officer at Chimera Investment Corp.

→ Martin Rues was appointed as Chief Information Security Officer at Zuora.

→ Ryan Messier was appointed as Chief Information Security Officer at Chemonics.

→ Andres Andreu was appointed as Chief Information Security Officer at Hearst.

→ Shane Callahan was appointed as Chief Information Security Officer at Vanderbilt University.

→ Jamal Bodey-Burks was appointed as Chief Information Security Officer at Symetra.

→ Gian Ciavarro was appointed as Chief Information Security Officer at Accordion.

→ Sean Croston was appointed as Deputy Chief Information Security Officer at Truist.

→ David Ginn was appointed as Deputy Chief Information Security Officer at Johnson Controls.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Michael Brown, Field CISO, Presidio

• Jim Richards, CISO, Wisconsin Department of Justice

• Teja Myneedu, Head of Security Engineering, Naval

• George Chacko, Executive Director, Information Security, New York Blood Center Enterprises

• Dhruva Pudel, Head of Cyber Security, Skillcast Group

• Sam Gallant, CISO, OneStudyTeam

• Minh Nguyen, CISO, BPM

• Norman Kromberg, CEO / Founder/ CISO, SommIS

• Scott Wilson, SVP, Global Head of Security & Privacy, People2.0

• Ashwin Altekar, Chief Information Security Officer, Fullsteam

Welcome on board!

Who in your network can benefit from Aphinia? Send them here »

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role

• a consulting gig

• a promotion or appointment

• a book deal

• a speaking engagement at industry conference

Our dance card is filling up fast, please respond today!

Here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out our wide ranging conversation with our guest Michael Timineri (Head of Information Security, Checkr) about the current threat landscape, about all things cybersecurity, and much more:

Several important events happened that merit your attention:

• Vault Typhoon is surging: The U.S. is tracking a resilient botnet [called Vault Typhoon] linked to the Chinese government. This sophisticated threat actor has been targeting U.S. critical infrastructure, particularly in strategic areas like Guam, using end-of-life SOHO routers.

• Microsoft is after Storm 1152: Microsoft has disrupted Storm 1152, a Vietnamese-led cybercrime ecosystem. This network created over 750 million (!) fraudulent Microsoft accounts to facilitate various cyber attacks, including identity theft and phishing.

• Apache Struts attack vector: Hackers are exploiting a recently patched vulnerability in Apache Struts, comparable to the infamous Equifax breach. This vulnerability could lead to remote code execution, prompting companies like Cisco to investigate potential impacts on their products.

• From Russian with cyber espionage: APT29, a Russian cyber espionage group, has been exploiting vulnerabilities in Team City software since September. Known for their involvement in previous high-profile cyber incidents, they've been using this exploit to conduct widespread cyber attacks.

• Controversy over FISA Section 702: The U.S. Senate passed a bill extending Section 702 of the Foreign Intelligence Surveillance Act, which allows warrantless surveillance. This move sparked debate over privacy rights.

• London calling. The UK government is at high risk of a “catastrophic ransomware attack” that could “bring the country to a standstill” because of poor planning and a lack of investment, a parliamentary committee has warned. In a damning report, the joint committee on the national security strategy warned that the UK could face a crippling cyber-attack on its critical national infrastructure at any moment.

• Infosec was not included. AFA Sweden, a group of Stockholm-based anti-fascists, doxxed the neo-Nazi music site Midgård, releasing the customer register.

• Insomniac hack: Sony has confirmed that hackers breached Insomniac Games, the developer of the Spider-Man 2 video game. The attack has been claimed by the Rhysida gang, which claims to have acquired screenshots and character art for the studio's upcoming Wolverine video game.

• New national cyber director. The Senate confirmed Harry Coker Jr. as national cyber director Tuesday, ending a 10-month absence of a permanent leader in the role. The Navy veteran and executive director of the National Security Agency from 2017 to 2019, will lead the Office of the National Cyber Director and its team of about 100 employees after the Senate confirmed his nomination by a 59-40 vote.

• What will they think of next? A French documentary examined how TikTok has been used to influence young voters away from the country's independence and to closer relations and possible annexation to China.

• US SBOM guidance: Multiple US government agencies have released guidance on securing software supply chains. The guidance covers the use of SBOMs, the use of open-source software, and the proper ways of using and maintaining open-source repositories.

• Amazon sues REKK group: Amazon has filed a massive lawsuit against REKK, a criminal group specializing in refund fraud by recruiting Amazon employees to approve refunds for unreturned products for a cut in profits.

• How Scattered Spider weaves its web: SilentPush researchers have published new TTPs used by Scattered Spider, the group behind recent hacks at Okta, Twilio, and MGM.

These senior cybersecurity sales roles you may want to forward to your friends and colleagues:

→ Baptist Health System KY & IN is looking for a Deputy Chief Information Security Officer in Louisville, KY.

→ City of Fredericksburg is looking for a Chief Information Security Officer in Fredericksburg, VA

→ Catholic Health is looking for a Chief Information Security Officer in Melville, NY.

→ Insightsoftware is looking for a Chief Information Security Officer in Raleigh, NC.

→ Headspace is looking for a Chief Information Security Officer (remote).

→ NeoGenomics Laboratories is looking for a Chief Information Security Officer (remote).

→ North Carolina Central University is looking for a Chief Information Security Officer in Durham, NC.

→ State of Wisconsin is looking for a Chief Information Security Officer in Madison, WI.

→ NexThreat is looking for a Chief Information Security Officer in Washington, D.C.

Looking for a job? Hiring? Let us know.

These are virtual and live events for the cyber community you may find interesting:

Industry Events:

• Next’24 is taking place on April 6-10, 2024 in Las Vegas, NV.

• RSA 2024 is taking place on May 6-9, 2024 in San Francisco, CA.

• Gartner Security & Risk Summit is taking place on June 3-5, 2024 in National Harbor, MD.

• AWS Re:Inforce is taking place on June 10-12, 2024 in Philadelphia, PA.

• BlackHat is taking place on August 6-11, 2024 in Las Vegas, NV.

• Evanta Global CISO Executive Summit is taking place on September 16-18, 2024 in San Diego, CA.

• Fal.Con 2024 is taking place on September 16-19, 2024 in Las Vegas, NV.

• Gartner Identity & Access Management Summit is taking place on December 9-11, 2024 in Grapevine, TX.

Attending or hosting an event? Let us know!

There’s been discussion on implications of using AI products by OpenAI (ChatGPT) and Github (Copilot) in the work environment - from cybersecurity and potentially, legal standpoints.

To offer your opinion on the subject and to participate in the discussion, join Aphinia Slack channel here >

Bad guys have been busy recently 📈 :

• Norton Healthcare ransomware attack exposes 2.5M people.

• Kentucky Health System confirms ransomware attack impacting 2.5M individuals.

• Sony is investigating an alleged ransomware attack on Insomniac.

• Defiance City hit by cyber extortion: Knight ransomware group strikes.

• Ukraine’s intelligence claims cyberattack on Russia’s state tax service.

• Toyota Financial Services (TFS) disclosed a data breach.

• Personal information of 45,000 individuals stolen in Idaho National Laboratory data breach.

• Crystal Lake Clinic hit with cyber attack.

But a handful of guys were nabbed 👮‍♀️:

• A Russian national allegedly behind the Hive ransomware arrested in Paris, and police recovered E 570K in crypto assets.

• Miklos Daniel Brody was sentenced to two years in prison for wiping the codebase at the First Republic Bank after his employment there had been terminated.

• The United States has seized digital currency worth about half a million dollars from an account registered to Wang Yicheng, a Chinese national, after the blockchain address was involved in crypto investment fraud known as “pig butchering”.

• Spanish police have arrested the leader of the Kelvin Security hacking group. The group and its members were known for exploiting vulnerabilities and selling access to the hacked systems.

• KillMilk, the leader of the KillNet hacktivist group, has announced his retirement and appointed a new head honcho, an individual known as Deanon Club. KillMilk retired days after a Russian newspaper published his real-world identity as a 30-year-old Russian national named Nikolai Serafimov.

Stay safe.

Misha Sobolev

Aphinia