Aphinia - Your Weekly CISO Wire

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

→ James Sipe was appointed as Chief Information Security Officer at the State of Pennsylvania.

→ Jeffery Lauria was appointed as Chief Information Security Officer at iCorps.

→ Jean Shapiro was appointed as Chief Security Officer at Achieve.

→ Akshay Sivananda was appointed as Chief Information Security Officer at Saviynt.

→ Joseph Bell was appointed as Chief Information Security Officer at Forcepoint Global Governments and Critical Infrastructure.

→ Ryan Moore was appointed as Chief Information Security Officer at Serco.

→ Kevin Johnson was appointed as Chief Information Security Officer at Tango.

→ David Damato was appointed as Chief Information Security Officer at Citadel.

→ Zane West was appointed as Chief Information Security Officer at RapidScale.

→ Tammy Klotz was appointed as Chief Information Security Officer at Trinseo.

→ Joe Mendel was appointed as Chief Information Security Officer at Kellanova.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Alfritch Anderson, VP of Security, Contexture

• Anthony Lichiello, Executive Director - Cybersecurity & Technology Controls, JPMorgan Chase

• Ashwin Altekar, Chief Information Security Officer, Fullsteam

• Boris Orbach, Head of Global Information Security, GG Group

• Dmitriy Khaletskiy, Sr. IT Security Manager, Credit Sesame

• Eric Lengvenis, Principle Architect for Data Protection, Wells Fargo & Co.

• Jack Roehrig, CISO, Advisor, Investor, JCR Security

• Kevin Johnson, CISO, Bluestone Solutions

• Michael Dunn, Chief Technology and Innovation Officer, Tavve

• Minh Nguyen, CISO, BPM

• Nathan Case, CISO, Corsha

• Norman Kromberg, CEO / Founder/ CISO, SommIS

• Scott Wilson, SVP, Global Head of Security & Privacy, People2.0

• Steven Rich, Global Functions / EO&T CISO, Citi

• Tony Bautts, CISO, Zephyr-7

Welcome on board!

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role

• a consulting gig

• a promotion or appointment

• a book deal

• a speaking engagement at industry conference

Our dance card is filling up fast, please respond today!

Here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out our wide ranging conversation with our guest Ricardo Ferreira (Field CISO, Fortinet) about all things cybersecurity, current and emergent threats; about often challenging relationship between CISOs and cybersecurity vendors, and much more:

Several important events happened that merit your attention:

• Boeing confirms cyberattack, global services disrupted. Boeing confirmed a cyberattack is impacting its global services division, five days after a prolific Russia-affiliated ransomware group claimed responsibility for an attack against Boeing.

• SEC charges SolarWinds, its CISO with fraud. The Securities and Exchange Commission charged SolarWinds and its CISO Timothy Brown with fraud and internal control failures for allegedly misleading investors about its cybersecurity practices leading up to the Sunburst attack discovered in December 2020. 

  The SEC on Monday alleged the company overstated its cybersecurity practices and failed to disclose known risks from October 2018, when the company went public, up to at least the Sunburst attack. The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.

• Okta is having a terrible, horrible, no good, very bad week. First, there was an intrusion into the identity and access management provider’s support system that ultimately compromised five businesses after a threat actor accessed files on 134 customers over a nearly three-week period. Okta shared results of its internal investigation into the attack Friday.

  And secondly, nearly 5,000 current and former Okta employees had their sensitive health information exposed by a cyberattack at Rightway Healthcare, a third-party vendor for the company, which informed Okta of the breach last month.

• Big Brother watches you everywhere in the EU. More than 300 cybersecurity experts, researchers, and NGOs have signed an open letter asking the European Union to drop its new eIDAS (Electronic Identification, Authentication and Trust Services) regulations. Experts say new articles will force web browsers to automatically trust certificate authorities and cryptographic keys mandated by EU governments. Experts say these changes open the door to mass surveillance and the interception of encrypted web traffic across the EU. The latest modifications were adopted behind closed-door meetings and added to the eIDAS text without public debate. Signatories include Mozilla, the EFF, the Linux Foundation, Cloudflare, Fastly, and multiple VPN providers.

• China cracks down on social media stars: Seven of China's top social media platforms have jointly announced that users with more than 500,000 followers will have to list their real names in their profiles. The move comes to deter social media stars from criticizing the government or meddling in global or national affairs. It also comes after China's Central Cyberspace Affairs Commission ordered online platforms to crack down on accounts spreading rumors or fake news. Accounts that will not reveal their real name will be demonetized and restricted. The seven platforms that notified users of the new rule include Baidu, Sina Weibo, WeChat, Douyin (TikTok), Kuaishou, Bilibili, and Xiaohongshu.

• Splunk layoffs: Security firm Splunk has laid off approximately 7% of its workforce, representing around 550 of its 8,000 total staff. CEO Gary Steele says the layoffs are part of its agreement with Cisco, which agreed to buy Splunk for $28 billion. This is Splunk's second round of layoffs this year after it also fired 4% of its staff back in January.

• Adobe appears to be selling fake AI images of the war in Israel-Gaza. Adobe is selling artificially generated, realistic images of the Israel-Hamas war which have been used across the internet without any indication they are fake. As part of the company’s embrace of generative artificial intelligence, Adobe allows people to upload and sell AI images as part of its stock image subscription service, Adobe Stock. Adobe requires submitters to disclose whether they were generated with AI and clearly marks the image within its platform as “generated with AI”. Beyond this requirement, the guidelines for submission are the same as any other image, including prohibiting illegal or infringing content.

• DOJ and Pentagon email breach impacted around 632,000 federal employees. Russian hackers compromised the email addresses of about 632,000 employees from the United States Department of Defense and Department of Justice. Bloomberg first reported the news of the breach on Monday. The breach occurred on May 28 and 29 according to a new report obtained through the Freedom of Information Act – and it has been classified as a “major incident,” yet the exposed material was not classified and has been described as “generally of low sensitivity.”

• Germany is hacked. A ransomware attack this week has paralyzed local government services in multiple cities and districts in western Germany. Early on Monday, an unknown hacker group encrypted the servers of the local municipal service provider Südwestfalen IT. To prevent the malware from spreading, the company restricted access to its infrastructure for over 70 municipalities, primarily in the western German state of North Rhine-Westphalia.

• My tax dollars did what now? The U.S. government gave at least $30 million in federal grants for research led by a scientist who is now at the forefront of China's race to develop the most advanced artificial intelligence—which he compared to the atomic bomb due to its military importance, a Newsweek investigation has revealed. Pentagon funding for Song-Chun Zhu, the former director of a pioneering AI center at the University of California Los Angeles, continued even as he set up a parallel institute near Wuhan, took a position at a Beijing university whose primary goal is to support Chinese military research, and joined a Chinese Communist Party "talent plan" whose members are tasked with transferring knowledge and technology to China.

These senior cybersecurity sales roles you may want to forward to your friends and colleagues:

→ H. Lee Moffitt Cancer Center is looking for a Chief Information Security Officer in Tampa, FL.

→ RIVER CITY BANK is looking for a Chief Information Security Officer (remote).

→ R&K Cyber Solutions is looking for a Chief Information Security Officer in Maryland (remote).

→ CATIC is looking for a Chief Information Security Officer (remote).

→ Elegant Enterprise Wide Solutions is looking for a Chief Information Security Officer in Norfolk, VA.

→ Bayview Asset Management is looking for a Chief Information Security Officer in Coral Gables, FL.

→ The Office of the Comptroller is looking for a Chief Information Security Officer in Manhattan, NY.

→ New York Department of Labor is looking for a Chief Information Security Officer in Albany, NY.

Looking for a job? Hiring? Let us know.

These are virtual and live events for the cyber community you may find interesting:

Aphinia Event:

Add to your calendar today: Thursday, November 9, 2023 - 12:30pm - 1:00pm EST

Where: https://us06web.zoom.us/j/9411931651

» What SEC case against SolarWinds means for CISOs?

A conversation with a Q&A with a leading cybersecurity lawyer from the top law firm:

Edward McNicholas is a co-leader of Ropes & Gray’s data, privacy & cybersecurity practice. He represents technologically sophisticated clients facing complex data, privacy, and cybersecurity issues in litigation, investigative, and counseling matters. His clients include financial institutions, technology companies, insurance companies, branded pharma companies, healthcare providers, data brokers, and e-commerce retailers. In connection with COVID-19, Ed is advising clients across industries on issues of data protection, opportunistic cyber attacks, and contact tracing technologies. 

If you can’t attend, you still can ask your question: simply fill out this form:

https://244788wg7tz.typeform.com/to/OO9UWTIW

Industry Events:

• RSA 2024 is taking place on May 6-9, 2024 in San Francisco, CA.

• Gartner Security & Risk Summit is taking place on June 3-5, 2024 in National Harbor, MD.

• BlackHat is taking place on August 6-11, 2024 in Las Vegas, NV.

• Evanta Global CISO Executive Summit is taking place on September 16-18, 2024 in San Diego, CA.

• Gartner Identity & Access Management Summit is taking place on December 9-11, 2024 in Grapevine, TX.

Attending or hosting an event? Let us know!

There’s been discussion on implications of using AI products by OpenAI (ChatGPT) and Github (Copilot) in the work environment - from cybersecurity and potentially, legal standpoints.

To offer your opinion on the subject and to participate in the discussion, join Aphinia Slack channel here >

Bad guys have been busy recently 📈 :

• Mortgage and loan giant Mr. Cooper says a “cybersecurity incident” earlier this week was the cause of an ongoing outage, adding that the company is “working to resolve the issue.”

• Ace Hardware says 1,202 devices were hit during cyberattack

• A threat actor claims to have hacked and exfiltrated data from Advarra, a major provider of IT services to the US healthcare sector.

• Airplane maker and defense contractor Boeing has confirmed that a ransomware attack has impacted its parts and distribution business.

• A threat actor has stolen $2.1 million worth of crypto assets from DeFi platform Onyx Protocol. The attacker used an illiquidity market exploit to manipulate interest rates and steal funds from the platform's wallets.

• Dallas County suffered cybersecurity attack, County Judge confirms.

• Infosys US unit hit by cyber event.

• North Korean hackers target crypto experts with KANDYKORN macOS malware.

But a handful of guys were nabbed 👮‍♀️:

• Dutch hacker jailed. Young hacker from Zandvoort sentenced to 4 years in jail for cybercrimes.

• SIM swapper sentenced: A US judge has sentenced a 20-year-old Florida man to 30 months in prison for stealing almost $1 million from online cryptocurrency accounts using SIM swapping attacks.

• Two Russian hackers detained: The Russian FSB has detained two men this week on accusations of carrying out cyberattacks against Russian IT systems on behalf of Ukraine.

• Nigerian cybercrime training centre shut down: The Nigeria Police Force had shut down a recruitment and mentoring hub run by a cybercrime syndicate. The syndicate is linked to romance scams, business email compromise and financial fraud. 

• Magniber members detained: South Korean authorities have detained five employees of a data recovery company on suspicion of working with North Korean hackers.

Stay safe.

Misha Sobolev

Aphinia