Aphinia - Your Weekly CISO Wire

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

• Trey Ford was appointed as CISO at Bugcrowd.

• Glynn Stanton was appointed as CISO at Yale New Haven Health System.

• Tim McKnight was appointed as CISO at UnitedHealth Group.

• Mike Kerrigan was appointed as CISO at Cyberhelm Technologies, LLC.

• Ryleigh Feliciano was appointed as CISO at Wholesale Computer Services.

• Roya Gordon was appointed as Deputy CISO at ENGIE North America Inc.

• John Schimanski Jr. was appointed as CISO at TriVigil.

• Shannon Lawson was appointed as Virtual CISO at Redapt Inc.

• Jim Hutchins was appointed as CISO at Align Technologies.

• Jacob Berry was appointed as CISO at Jit.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Anne Coulombe, CISO, Investics Analytics

• Badarinarayan Kalagi, Head of Security, Vagaro

• Erik Bataller, Director, Cybersecurity, M&T Bank

• John Remo, SVP, Global Infrastructure & Cybersecurity, Warner Music Group

• Kevin Chang, Director of Technology Governance, Oscar Health

• Kristen Beneduce, Deputy CISO, Nextdoor

• Ronald Johnson, Head of Information Security, Karat

• Rohit Shirwadkar, Head of Security Strategy, Equinix

• Venkat Rapaka, Senior Drirector, Cybersecurity Engineering, Freddie Mac

Welcome on board!

Who in your network can benefit from Aphinia? Please send them here »

Not yet a member? Apply here »

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role

• a consulting gig

• a promotion or appointment

• a book deal

• a speaking engagement at industry conference

Our dance card is filling up fast, here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out this conversation with our recent guests Tony Gonzalez (Principal, Innervision Services) about all things cybersecurity and the ever changing industry landscape.

Full interview here»

Several important events happened that merit your attention:

• Opera addresses critical flaw in browser: Opera has patched a significant security vulnerability known as "CrossBarking," which allowed malicious browser extensions to access private APIs, enabling actions like capturing screenshots and hijacking accounts.

• Alarming rise in security breaches among U.S. small businesses: Over 80% of U.S. small businesses reported a security breach last year, with financial losses per incident surging to $500,000, while 80% are taking action to bolster security through training and new tools; despite improved consumer awareness, identity crimes persist, with 43% of consumers receiving multiple breach notifications.

• UK Government removes Chinese-made security cameras: The UK government has successfully removed over 50% of Chinese-made security cameras from sensitive sites, including government buildings and military bases.

• CISA plan to enhance International cooperation on Security: CISA has announced its inaugural plan to boost international cooperation in securing critical infrastructure, outlining three ambitious goals to achieve by 2026.

• Microsoft mandates MFA for new Entra accounts: Microsoft has implemented a new policy requiring all new Entra accounts to activate a multi-factor authentication (MFA) solution upon first login, eliminating the previous two-week grace period that permitted password-only access.

• Russia enforces registration for influencers: Russian social media influencers and bloggers with more than 10,000 subscribers are required to register with the government by year-end, linking their channels to the Gosuslugi portal, with approval from the internet watchdog needed to continue posting within 10 working days of registration.

• Five eyes alliance expands UK’s secure innovation program: Following a public meeting of the Five Eyes domestic intelligence agency heads, the UK’s GCHQ and MI5 are extending their Secure Innovation program, launched to protect tech startups from state-backed threats, with over 500 startups engaging in its first year, now set to have regional versions in the US, Canada, New Zealand, and Australia.

• Russia legalizes Crypto-mining with new law: President Vladimir Putin has enacted legislation that legalizes crypto-mining in Russia, granting miners tax exemptions as long as they adhere to electricity consumption limits, while also allowing the government to impose regional bans on mining as necessary.

• Industry news: Reality Defender, a company that developed a technology to detect deepfake and AI-generated media, raised $33 million. ContraForce, a firm providing guidance that adapts to business contexts without scripting or coding, raised $3.25 million. Bugcrowd, is a security solution that fixes your digital blind spots and strengthens your security posture, raised $50 million. Everfox acquired Yakabod. Compugen acquired SynerSolutions. Lumifi acquired Critical Insight.

These senior cybersecurity executive roles you may want to forward to your friends and colleagues:

• CommonSpirit Health is looking for a SVP Chief Information Security Officer in Englewood, CO.

• Florida Gulf Coast University is looking for a Chief Information Security Officer in Fort Myers, FL.

• City of Phoenix is looking for a  Deputy Chief Information Security Officer in Phoenix, AZ.

• Meridianlink is looking for a Chief Information Security Officer in Hawthorne, CA.

• VC3 is looking for a Chief Information Security Officer (remote).

• The Wyoming State is looking for a Chief Information Security Officer (remote).

• Avient Corporation is looking for a Chief Information Security Officer in Avon Lake, OH.

Looking for a job? Hiring? Let us know.

These are virtual and live events for the cyber community you may find interesting:

Aphinia Events:

RSVP here: https://www.addevent.com/event/xG23602727

RSVP here: https://www.addevent.com/event/xG23602727

Industry Events:

• Gartner: Identity & Access Management Summit is taking place on Dec 9-11, 2024 in Grapevine, TX.

• BlackHat Europe is taking place on December 9-12, 2024 in London, UK.

• RSAC is taking place on April 28-May 1, 2025 in San Francisco, CA.

• Black Hat is taking place on Aug 2-7, 2025 in Las Vegas, NV.

Attending or hosting an event? Let us know!

Bad actors have been busy recently 📈:

• Schneider Electric has confirmed a data breach on its developer platform after a hacker named "Grep" claimed to have stolen 40GB of data from its JIRA server,

• Cyberattack disrupts San Joaquin County superior court, halting all digital services including phone lines, e-filing, credit card payments, and juror reporting systems.

• French internet service provider, Free revealed a cyberattck that exposed personal data of 19.2 million customers.

• Sunray Finance suffers $2.85 Million Crypto heist marking a significant security breach in the decentralized finance sector.

• A crypto user on the Lottie open-source video player lost over $700,000 in Bitcoin after a supply chain attack.

• Van Wagner has suffered a cyberattack with the ALPHV/BlackCat ransomware group claiming to have stolen 3.5 terabytes of sensitive data.

• The notorious hacker known as Intel Broker claims to have breached Nokia through a third-party contractor, stealing sensitive internal data.

• The Housing Authority of the City of Los Angeles (HACLA) has confirmed a cyberattack on its IT network leading to over 800 GB of sensitive information.

• Interbank, Peru's fourth largest bank, has announced a data breach that could compromise the information of up to 3 million customers.

• True World Group, reported a data breach compromising sensitive personal and financial information of employees and customers.

But a handful of them were nabbed 👮‍♀️:

• Alleged ringleader of Snowflake data breach arrested in Canada: Authorities have arrested Alexander Moucka in Canada believed to be the ringleader of a hacking group responsible for a series of significant data breaches targeting Snowflake customers, with potential extradition to a U.S. court on the horizon.

• Six Thai officers and one civilian arrested for extorting $10 Million from expats: Six rogue police officers and one civilian were arrested for orchestrating a fake passport investigation aimed at extorting 10 million USDT from a Chinese-Vanuatu citizen.

• Equalize linked to breach of state security databases: Italian authorities have traced a significant breach of state security databases to the Milan-based private investigative firm Equalize, resulting in four members under house arrest and 60 others under investigation for allegedly hacking to steal sensitive data on politicians, entrepreneurs, and celebrities, with clients including the Vatican and Israeli intelligence.

Stay safe.

Misha Sobolev

Aphinia

***

P.S.: Are you a senior GTM executive at a cybersecurity company wanting to get your story in front of 2,000+ of cybersecurity executives? Sponsor a thought leadership section in the next issue of CISO Wire.