Aphinia - Your Weekly CISO Wire

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

• Christopher Burger was appointed Chief Information Security Officer at Slalom.

• Marina Kelly was appointed Chief Information Security Officer at the City of Raleigh Municipal Government

• Stacy Cahill was appointed Chief Information Security Officer at the University of Maryland Baltimore County.

• John Toney was appointed Chief Information Security Officer at State of Vermont.

• Doug English was appointed Chief Information Security Officer at Compass.

• Jason Kees was appointed Chief Information Security & Technology Officer at Fanatics.

• Joe Susai was appointed Chief Information Security Officer at Public School and Education Employee Retirement System of Missouri.

• Adriel Camejo was appointed Chief Information Security Officer at Gunster.

• Salman Khan was appointed Chief Information Security Officer at MRC Global.

• Rafael Pierosan was appointed Chief Information Security Officer at SellersFi.

• Mike Stolarik was appointed Chief Information Security Officer at PetSafe Brands.

• Michael Mincey was appointed Chief Information Security Officer at NexBank.

• Clayton C. Peddy was appointed Chief Information Security Officer at ABBYY.

• Ron Powell was appointed Chief Information Security Officer at Pacific Premier Bank.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Aleks Gimelshteyn, VP, Security Systems Architect, Enfusion

• Sadiq Khan, CISO, BlueVoyant

• Dennis Kim, Director of Cybersecurity Engineering, Fortrea

• Chandan Kochhar, Directory Global Cybersecurity Engineering, DTCC

• Daniel Melleby, CISO, Davis Wright Tremaine LLP

• Jeff Moss, Head of Security & IT, Incode Technologies

• Efrain Orsini, Head of Security Operations, Redzone

• Dante Siciliano, Director of Information Security, Curaleaf

• Jeffrey Steadman, Deputy CISO, Corning

Welcome on board!

Who in your network can benefit from Aphinia? Please send them here »

Not yet a member? Apply here »

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role

• a consulting gig

• a promotion or appointment

• a book deal

• a speaking engagement at industry conference

Our dance card is filling up fast, here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out our wide ranging conversation with our guest Lee Kim (Senior Principal Cybersecurity and Privacy, HIMSS, ISC2 Board Nominee) on legal issues concerning CISOs related to most recent changes in data privacy regulations and potential personal liability implications in light of recent SEC actions. Full interview here»

Several important events happened that merit your attention:

• TA547 uses new malware in phishing attacks on German firms: In a sophisticated phishing campaign, threat actor TA547 has attacked numerous German companies, deploying an information stealer named Rhadamanthys for the first time. Disguised as invoices from Metro AG, the emails contain a malicious ZIP file that triggers a remote PowerShell script to execute the malware, which researchers believe was generated using a large language model.

• How vigilante hacker broke the internet in North Korea. Alejandro Caceres, known by his hacker alias "P4x," who launched a one-man cyberattack against North Korea's internet in response to their attempts to hack U.S. cybersecurity resources. Revealing his identity publicly for the first time, Caceres shared his motivations and methods, detailing how he single-handedly disrupted North Korean internet infrastructure from his home in Florida.

• MGM sues FTC over hack: MGM Resorts sued the FTC to stop the agency's investigation into a recent security breach. MGM claims the FTC is requiring too much data about the hack, and it's depriving the company of its due process rights—whatever that means. The company has also asked FTC chair Lisa Khan to recuse herself from the investigation because she was staying at the hotel when the hack happened.

• Exchange Online rate limit: Microsoft will limit the number of recipients Exchange Online customers can send emails to. Starting with January 2025, Microsoft Exchange Online admins will only be able to send emails to 2,000 different recipients over a period of 24 hours.

• Congress introduces the APRA in a major move toward nationwide data privacy: The U.S. Congress has revealed the American Privacy Rights Act (APRA), a bipartisan effort to establish a federal data privacy framework. APRA aims to limit corporate data collection to essential use, allowing consumers to opt-out of targeted ads and manage their personal information. The bill also proposes a national registry for data brokers and enables users to opt out of data sales.

• Apple calls out NSO Group in spyware alert update: Apple updated its documentation to define better alerts regarding mercenary spyware, like NSO Group's Pegasus, used in costly, sophisticated attacks against select individuals globally. The revision emphasizes the threats' complexity and ongoing nature, specifically highlighting their use against journalists and politicians.

• Israel's top spy's identity is revealed in his own book: Yossi Sariel, commander of Israel's highly secretive Unit 8200, has inadvertently exposed his own identity online. The blunder occurred through a book Sariel published on Amazon, which left a digital trail back to his private Google account, including his unique ID and links to personal profiles like maps and calendars.

• New bill seeks to limit ransomware payments by financial institutions: A proposed bill in the House could significantly alter how financial institutions handle ransomware payments. The Ransomware and Financial Stability Act, introduced by Reps. Patrick McHenry and Brittany Pettersen, mandates notifying the Treasury before making payments and bars transactions over $100,000 without law enforcement approval.

• Unfixable vulnerability found in Intel and Lenovo hardware: Hackable hardware sold by Intel and Lenovo, containing a long-undetected vulnerability from a supply chain error, will remain unpatched. Researchers have identified a flaw in server hardware that reveals security-critical information, affecting products with certain baseboard management controllers.

• Credit card skimmer hidden in fake Facebook tracker script: Cybersecurity experts have unveiled a credit card skimmer masquerading as a Meta Pixel tracker, infiltrating websites through customizable tools like WordPress plugins. Sucuri revealed that the malicious script mimics legitimate trackers but secretly redirects to a deceptive domain, posing significant security risks.

• YouTube channels hacked to spread malware: AhnLab Security Intelligence Center reports a rise in YouTube account hacks. Attackers hijack existing channels with large followings to distribute malware, including info stealers like Vidar and LummaC2, disguised as game and software cracks. This tactic mirrors recent findings by Proofpoint.

These senior cybersecurity executive roles you may want to forward to your friends and colleagues:

• The Nassau Companies of New York is looking for a Deputy Chief Information Security Officer in Hartford, CT.

• Motiva Enterprises, LLC is looking for a Chief Information Security Officer in Houston, TX.

• Avera is looking for a Chief Information Security Officer in  Sioux Falls, SD.

• Methodist Le Bonheur Healthcare is looking for a  Deputy Chief Information Security Officer in Memphis, TN.

• First Financial Bank is looking for a Chief Information Security Officer in Cincinnati, OH.

• CyncHealth is looking for a Chief Information Security Officer in Omaha, NE.

• Conference of State Bank Supervisors is looking for a Chief Information Security Officer in Washington, DC.

• Convergence Network is looking for a Virtual Chief Information Security Officer in Portland, OR.

Looking for a job? Hiring? Let us know.

These are virtual and live events for the cyber community you may find interesting:

Industry Events:

• CISO Chicago Think Tank is taking place on Mar 12, 2024 in Chicago, IL.

• RSA 2024 is taking place on May 6-9, 2024 in San Francisco, CA. Are you going? Check out all the RSAC parties here» One event around RSAC that we are not affiliated with but considering attending is the Entrepreneurship Summit.

• Re:Inforce is taking place on June 10-12, 2024 in Philadelphia, PA

• BlackHat is taking place on August 6-11, 2024 in Las Vegas, NV.

• Evanta Global CISO Executive Summit is taking place on September 16-18, 2024 in San Diego, CA.

Attending or hosting an event? Let us know!

Two Aphinia members are looking for vendor feedback:

Hi everyone! I’m considering how we build out an “insider risk” style program. Several folks i have spoken to have recomended a tool; Code42. I was wondering if any of you had any experiences of Code42 to share?

***

We are looking to purchase a password manager and give it away to our employees as a perk.  Are any of your companies doing something similar and if so, what vendor are you using?

The conversation is on Slack in the #general channel, so if you can share your experience and help them out, a) comment on Slack or b) if you are not on Slack, ping me and I will send you a link or c) if you don’t like Slack, send me an email and I will connect you directly.

Separately, if you looking for similar type of advice, post your question in the #general channel.

Hackers have been busy recently 📈 :

• CISA issued a red alert about a massive supply chain breach at New York's Sisense, urging immediate security measures for global businesses.

• Roku announces 576,000 accounts were compromised in a recent security breach, with unauthorized purchases reported.

• OraSure Technologies reports a network breach and investigates potential consumer data leak.

• PSG informs subscribers of a cyberattack on its ticketing system, targeting identity data.

• Hacker leaks personal data and photos of over 5 million Salvadorans, covering 80% of the population.

• Apple warns iPhone users in 92 countries of potential mercenary spyware attacks.

• A data breach exposes the personal information of nearly 300,000 UK and Ireland taxi passengers.

• Hackers breach the Israeli Ministry of Military Affairs and threaten to sell data unless Palestinian prisoners are released.

• Ransomware strikes Russia's major agricultural firm NI Tkacheva, demanding $5 million.

• Ukrainian hackers breach Moscow's sewer system and threaten data loss unless demands are met.

• Security breach at the Permanent Electoral Authority exposed the personal data of potential polling station heads.

• U.S. cybersecurity officials confirm Russian-backed hackers breached Microsoft, stealing sensitive emails from multiple federal agencies.

But a handful of them were nabbed 👮‍♀️:

• Ex-Amazon engineer sentenced to three years for cryptocurrency theft: A former Amazon security engineer, Shakeeb Ahmed, has been sentenced to three years in prison for exploiting blockchain vulnerabilities to steal $12.6 million from cryptocurrency platforms, Cream Finance and Nirvana Finance. Authorities stated Ahmed masked the thefts as vulnerability research, demanding hefty "bug bounties" for the return of the stolen funds.

• California man arrested for selling malicious 'Hive' computer software: Federal authorities have arrested Edmond Chakhmakhchyan on charges of marketing and selling 'Hive' malware, enabling users to access private data and control victim computers.

• Zambia arrests 77 in crackdown on cybercrime syndicate: Zambian officials arrested 77 individuals, including 22 Chinese nationals, suspected of operating an internet fraud syndicate. The arrests followed a raid on Golden Top Support Services, a Chinese company allegedly running scam call centers. The police confiscated devices used to spoof phone numbers and 13,000 SIM cards. Authorities hailed it as a significant breakthrough in combating cybercrime.

• The US sanctions Hamas cyber chief for leading influence operations: The US Treasury Department has sanctioned Hudhayfa Samir Abdallah al-Kahlut, a Hamas member who has led the al-Qassam Brigades' cyber influence department since 2007.

• Another Rescator hack: The individual who hacked Target (2013) and Home Depot (2014) also hacked the South Carolina Department of Revenue (2012) and stole the tax records of 3.6 million Americans. Infosec reporter Brian Krebs has linked the South Carolina incident to a hacker known as Rescator. Krebs previously identified Rescator after an investigation that lasted 10 years as Mikhail Borisovich Shefel, a 36-year-old man from Moscow.

Stay safe.

Misha Sobolev

Aphinia

***

P.S.: Are you a senior GTM executive at a cybersecurity company wanting to get your story in front of 1,000s of cybersecurity executives? Sponsor a thought leadership section in the next issue of CISO Wire.