Aphinia - Your Weekly CISO Wire

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

• Alex Stamos was appointed as CISO at SentinelOne.

• David Schwed was appointed as CISO at Robinhood.

• Katie Clare was appointed as CISO at Boston Consulting Group (BCG). 

• Preetam Sirur was appointed as CISO at Sightview Software.

• Craig Dornon was appointed as CISO at Northwest Bank.

• Michael Knight was appointed as CISO at NHS South East London.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Alexander Neff, Sr Director of Information Security and Compliance, Faro Health

• Barak Blima, CISO, Cheq

• Blaine Hebert, VP CISO, Yuma Regional Med Ctr

• Chad LeMaire, Deputy CISO, ExtraHop

• Dane Jones, CISO, HighRadius Corporation

• Dmitri Raskes, Head of Information Security GRC, DISH

• Douglas Michaelson, CISO, STChealth

• David Wood, Director Information Security, Alnylam Pharmaceuticals

• Jason Young, Director, Head of Information Security, Prometric

• Kathleen Mullin, CISO, MyCareGortithm

• Kyle Brennan, Vice President Information Security Officer, River Run Bancorp

• Michael Hyndman, CISO, Qoria

• Nathan Udell, Head of Fraud and Abuse Prevention, Ionos Internet

• Paul Mazzucco, CISO, TierPoint

• Roberto Martelloni, Cyber Security & Data Protection CTO, UBS

• Daniel Burkard, VP of Information Security, PMCU

• Suramya Bakshi, Director, Identity and Access Management, Cyderes

Welcome on board!

Who in your network can benefit from Aphinia? Please send them here »

Not yet a member? Apply here »

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role

• a consulting gig

• a promotion or appointment

• a book deal

• a speaking engagement at industry conference

Our dance card is filling up fast, here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out our this interview with our returning guest Chris Brown (CEO, New Cyber Executive) on dealing with job related stress that often comes with the territory for the cybersecurity executives.

Full interview here»

Several important events happened that merit your attention:

• German and US authorities have seized a crypto-wallet service named Cryptonator on charges of money laundering and operating an unlicensed money service business. According to court documents, this service was involved in $1.4 billion worth of transactions. Of that amount, more than $306 million appear to be linked to illegal sources, such as ransomware gangs, online scams, darknet markets, crypto-heists, and sanctioned entities.

  

• US sues TikTok for violating children's privacy: The US FTC and DOJ have sued TikTok for collecting personal data from children under 13 without parental consent, then using it for targeted ads. This follows a 2019 FTC restraining order against TikTok for similar violations, revealed by the company’s own employees.

• Gamers petition EU to ban game shutdowns: A formal EU petition aims to stop gaming companies from making games unplayable once support ends. It has garnered over 10% of the needed one million signatures in just a few days, reflecting widespread frustration among gamers over this practice.

• Russian hackers use car ads to trick diplomats: Fighting Ursa, a Russian cyber-espionage group, is using ads for diplomatic car sales as phishing lures to infect diplomats across the EU. They advertised an Audi Q7 Quattro for diplomats in Romania, a tactic borrowed from Cloaked Ursa, which previously targeted Ukrainian diplomats with BMW ads.

• DigiCert's emergency certificate revocation faces lawsuit: DigiCert's emergency certificate revocation hit a roadblock after a lawsuit from a customer and safety concerns from critical infrastructure operators. This action followed a platform bug affecting around 85,000 TLS certificates. Despite compliance with CA/B Forum rules, the oversight led to major disruptions.

• Booking.com fined $413 million in Spain: Spain’s data protection agency has hit Booking.com with a $413 million fine. The penalty comes after the company was found abusing its dominant market position by imposing unfair conditions on Spanish hotels, blocking them from collaborating with local travel agencies.

• CrowdStrike shareholders sue over untested bug: Shareholders have sued CrowdStrike after a global IT outage caused by a faulty Windows EDR update. The class-action lawsuit, filed in Texas, alleges the company concealed poor testing practices despite claims of rigorous software validation and certification.

• Senate passes KOSA despite privacy concerns: The US Senate has overwhelmingly passed the Kids Online Safety Act (KOSA) with a 91-3 vote. Despite facing criticism from privacy advocates, the legislation aims to enhance online safety measures for children, marking a significant step in digital protection for minors.

• Delta sues CrowdStrike and Microsoft over costly outage: Delta Airlines has engaged a top law firm to pursue financial damages from CrowdStrike and Microsoft after a major security outage this month. The issue, triggered by a faulty CrowdStrike driver update, crashed Windows systems and grounded flights globally. Delta's losses are estimated between $350 million and $500 million, while insurer Parametrix suggests global financial losses could hit $15 billion.

• Malaysia demands social media giants get licensed: Starting next year, Malaysia will require social media platforms with over 8 million users to obtain a government license. The new law mandates companies to actively combat internet crimes, including scams, fraud, cyberbullying, and CSAM.

• Germany accuses China of hacking: Germany has accused China of a 2021 cyberattack on its national cartography office. The German government summoned the Chinese ambassador for the first time since the Tiananmen Square massacre. Beijing dismissed the accusation as "targeted defamation." This is the second such summoning for a cyberattack, following the UK's similar action against Russia last December.

• Meta settles Texas lawsuit with $1.4 billion payout: Meta will pay $1.4 billion to settle a lawsuit from Texas officials over allegations of unauthorized facial scan collection for its facial recognition feature in 2022. The settlement addresses claims that Meta illegally captured and stored user facial data without permission.

• Industry news: Abnormal Security raised $250 million getting ready for an IPO. Cowbell, a cyber insurance startup based in California, has raised $60 million. ZeroTier, Inc., a virtual networking company, has raised $13.5 million. Clutch Security, a cybersecurity firm based in Tel Aviv, has raised $8.5 million. Heeler, a startup specializing in application security, has raised $8.5 million. Dataprise has acquired Phoenix IT.

These senior cybersecurity executive roles you may want to forward to your friends and colleagues:

• Tri-Force is looking for a Virtual Chief Information Security Officer in Hauppauge, NY.

• US Small Business Administration is looking for a Chief Information Security Officer in Washington, DC.

• The Dormitory Authority of the State of New York is looking for a Chief Information Security Officer in New York, NY.

• The State of Florida is looking for a Deputy Chief Information Security Officer in Tallahassee, FL.

• Xerox is looking for a Chief Information Security Officer in Cary, NC.

• Quickbase is looking for a VP Chief Information Security Officer in Boston, MA

• Viasat is looking for a Deputy Chief Information Security Officer in Carlsbad, CA.

• CampusWorks is looking for a  Chief Information Security Officer, Remote.

• Umbra is looking for a Chief Information Security Officer in Santa Barbara, CA.

Looking for a job? Hiring? Let us know.

Our member dinner in Las Vegas was awesome: check out the smiles and the view! Better photos are coming in shortly. Thank you everyone who attended.

These are virtual and live events for the cyber community you may find interesting:

Aphinia Events:

• Aphinia CISO Dinner: Boston, MA on Sep 17, 2024. Want to attend or sponsor?

• Aphinia CISO Dinner: New York, NY on Sep 18, 2024. Want to attend or sponsor?

Want to host or sponsor a CISO Mastermind or a CISO Dinner in your city? Contact us here»

Industry Events:

• BlackHat is taking place on August 6-11, 2024 in Las Vegas, NV.

• InfoSec World is taking place on September 23-25, 2024 in Lake Buena Vista, FL.

• Fal.con is taking place on September 16-19, in Las Vegas, NV.

Attending or hosting an event? Let us know!

Bad guys have been busy recently 📈:

• Millions of US voter records, including 4.6 million from Illinois, were exposed due to 13 misconfigured databases linked to Platinum Technology Resource.

• A hacker claims to have breached Gregory’s Foods, leaking a 400GB database with sensitive information now for sale on the dark web.

• Keytronic is reeling after a ransomware attack by Black Basta resulted in over $17 million in losses and leaked 530 GB of data.

• 332 million email addresses scraped from SOCRadar.io by hacker USDoD were publicly released by Dominatrix on Breach Forums.

• Hackers tried to sell the personal data of 2.9 billion people from an April breach, sparking a class action lawsuit over compromised social security numbers.

• APT41 breached a Taiwanese research institute using ShadowPad and Cobalt Strike, with Cisco Talos researchers confirming the attack linked to China.

• BangBros leak reveals personal details of over 37,000 users, including usernames and IP addresses, via an unsecured database.

• National Public Data is being sued over a data breach that allegedly exposed 2.9 billion records, with hackers reportedly selling the data for $3.5 million.

• Terra's $6.8 million crypto-heist this week halted operations after a security breach exploited a blockchain vulnerability.

• Fresnillo, the world's largest silver producer, has been hit by a cyberattack but assures no impact on its 1,600-ton annual output.

• A ransomware attack on OneBlood has forced over 250 US hospitals to activate critical blood shortage protocols as the non-profit struggles to restore its operations.

• South Korean authorities are probing a KDIC data breach that exposed undercover agents' identities, with suspicion falling on an employee's compromised laptop.

But a handful of guys were nabbed 👮‍♀️:

• Indian tech scam leader gets seven years: Vinoth Ponmaran, an Indian national, was sentenced to seven years by US authorities for masterminding a tech support scam. His group tricked over 6,500 victims, mostly elderly, into paying for unnecessary IT services, raking in more than $6 million through deceptive pop-up windows.

• Toronto SIM-swapping gang busted: Canadian authorities have arrested 10 suspects linked to a notorious SIM-swapping gang, accused of stealing over CAD$1 million from more than 1,500 victims by hijacking their phone numbers to access financial accounts. Most members operated out of Toronto, with two still at large.

• Coinbase phisher gets jail time: UK authorities have sentenced 24-year-old Elliott Gunton to three-and-a-half years in prison for phishing over 500 Coinbase users and stealing more than $900,000. The crimes occurred in 2018 and 2019 when Gunton was 17 and 18. He previously served 20 months for hacking British ISP TalkTalk.

Stay safe.

Misha Sobolev

Aphinia

***

P.S.: Are you a senior GTM executive at a cybersecurity company wanting to get your story in front of 1,000s of cybersecurity executives? Sponsor a thought leadership section in the next issue of CISO Wire.