Aphinia - Your Weekly CISO Wire

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

• Mihnea Dobre was appointed as CISO at the EveryMatrix.

• Christine Whichard was appointed as CISO at Idexx Laboratories Limited.

• Levi Bolourie was appointed as CISO at Zscaler.

• Frank Siepmann was appointed as CISO at CorVel Corporation.

• Josh Pugmire was appointed as CISO at Comply.

• Hanan Abdulebdeh was appointed as CISO at the US Department of Health and Human Services.

• Brendon McCaulley was appointed as CISO at Owens ConnexPay.

• Jen Steffen was appointed as CISO at Kohler Energy.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Adam Keown, CISO, Eastman

• Jason Bunyea, Sr. Dir of IT Risk / CISO, Envista Holdings Corporation

• Jason Shafferman, CISO, Kaleris

• Michael Frazee, CISO, Lendlease

• Carlos Fernandes, Sr Director, Enterprise Information Security, NASCAR

• John Clawson, VP of Information Security, Pattern

• Andrew Cannata, Global CISO, Primo Water Corp.

• Jess Duncan, Dir. Infosec & Privacy, Reformation

• Scott Bachand, CISO, Ro

• Jason Wilson, CISO, SciNote

• Tony Lee-Kin, Director, Information Security, Vitalant

• Doug Mayet, VP, CISO, WCG

Welcome on board!

Who in your network can benefit from Aphinia? Please send them here »

Not yet a member? Apply here »

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role

• a consulting gig

• a promotion or appointment

• a book deal

• a speaking engagement at industry conference

Our dance card is filling up fast, here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out our wide ranging conversation with our guest Carraig Stanwyck (VP Global Cybersecurity & Compliance, Avnet) on how to succeed as a CISO in the age of AI: Full interview here»

Several important events happened that merit your attention:

• NYSE hack fine: The US SEC has fined Intercontinental Exchange (ICE), the company behind the New York Stock Exchange (NYSE), $10 million for failing to report an April 2021 security breach in a timely manner.

• Apple's WPS is leaking: Apple's Wi-Fi Positioning System (WPS) is leaking too much information about nearby devices to a threat actor querying its official API. Researchers say that by constantly updating this map, they can track the movement of individuals and groups of people over time.

• Iranian hackers target Albania and Israel: In a series of calculated cyberattacks linked to Iran's Ministry of Intelligence and Security, hackers targeted critical infrastructure in Albania and disrupted Israel's security systems amid the Israel-Hamas conflict.

• GitHub and FileZilla hijacked in new malware scheme: Russian-speaking cybercriminals are leveraging GitHub and FileZilla to spread malware, including Atomic and Vidar. The operation has employed malvertising and SEO poisoning to target users on Android, macOS, and Windows.

• Is Microsoft spying on You: The UK's Information Commissioner's Office has launched an investigation into Microsoft's "Recall," a controversial feature exclusive to Copilot+ PCs, which captures frequent screenshots to facilitate AI-assisted file searches but has faced backlash for potential privacy risks.

• US EPA warns water utilities amid cyber vulnerabilities: The US Environmental Protection Agency (EPA) has issued an enforcement alert to water utilities, urging them to enhance their cybersecurity defenses. After inspections revealed that over 70% of facilities fail to meet basic standards, including unpatched systems and default passwords, the EPA warned of potential civil and criminal actions against non-compliant utilities.

• Space warfare escalates: The U.S. accuses Russia of launching a space weapon capable of attacking satellites, which Russia dismisses as "fake news." Despite the denial, the Pentagon asserts the weapon is in the same orbit as a U.S. government satellite, posing a direct threat.

• Industry news: Lumos, an identity and access management (IAM) and identity governance platform, raised $35 million. Witness AI, an AI governance and safety platform, raised a $27.5 million. SOCRadar, anattack surface management (ASM) platform, raised $25.5 million. Patronus AI, platform focused on automated adversarial testing and risk assessment of Large Language Models (LLMs), raised $17 million. AuditBoard was acquired by Hg for $3 billion. Venafi was acquired by CyberArk for $1.5 billion. Informer was acquired by Bugcrowd. Netsurion was acquired by Lumifi Cyber.

These senior cybersecurity executive roles you may want to forward to your friends and colleagues:

• The City of Lincoln/Lancaster County is looking for a Chief Information Security Officer in Lincoln, NE.

• Five Below is looking for a VP Chief Information Security Officer in Philadelphia, PA.

• ABM Industries is looking for a Deputy Chief Information Security Officer in Georgia, GA.

• Critical Start is looking for a Field Chief Information Security Officer in Plano, TX.

• Provident Bank is looking for a  Chief Information Security Officer in Iselin, NJ.

• Rich Product Corporation is looking for a Chief Information Security Officer, Remote.

• Major League Soccer is looking for a Chief Information Security Officer in New York, NY.

• Jooble is looking for a Chief Information Security Officer in Boston, MA.

• Vitalant is looking for a VP Chief Information Security Officer in Scottsdale, AZ.

Looking for a job? Hiring? Let us know.

These are virtual and live events for the cyber community you may find interesting:

Aphinia Events:

• Aphinia CISO Dinner: Las Vegas, NV on August 5, 2024. We have 2 spots left, apply here»:

• Aphinia CISO Dinner: New York, NY on Sep 25, 2024. Want to attend or sponsor?

• Aphinia CISO Dinner: Boston, MA on Oct 16, 2024. Want to attend or sponsor?

• Aphinia CISO Dinner: Washington, DC on Oct 23, 2024. Want to attend or sponsor?

Want to host or sponsor a CISO Mastermind or a CISO Dinner in your city? Contact us here»

Industry Events:

• Re:Inforce is taking place on June 10-12, 2024 in Philadelphia, PA

• BlackHat is taking place on August 6-11, 2024 in Las Vegas, NV.

  • Aphinia CISO Dinner: August 5, 2024. We have 2 spots left, apply here»:

  • Friends of Aphinia: CISO Society: cocktail reception on August 7, 2024. Sign up here»

• Evanta Global CISO Executive Summit is taking place on September 16-18, 2024 in San Diego, CA.

• InfoSec World is taking place on September 23-25, 2024 in Lake Buena Vista, FL.

Attending or hosting an event? Let us know!

Bad guys have been busy recently 📈:

• Christie's auction house confirmed a data breach by the Ransom Hub group, involving the theft of sensitive data of 500,000 individuals, including high net worth clients.

• EquationCorp and USDoD (threat actors), just dumped a 70 million row database of American criminal records.

• Sav-Rx data breach leaves over 2.8 million Americans' health and personal information exposed.

• The US pharmaceutical giant Cencora breach rocked the healthcare world, as US patient data from 11 drug companies was leaked.

• BAMSI reveals that data breaches have impacted over 20,000 individuals in major security lapses.

• Western Sydney University was hit by a data breach, compromising emails and SharePoint of 7,500 students and staff.

• Nearly 55,000 are at risk as California school administrators' group was hit by a cyberattack.

• Nearly all Eindhoven resident's details were exposed in a massive city data breach.

• Hackers leak pcTattletale's secrets, such as the spyware app's source code and internal data, which are exposed after website defacement.

• ABN AMRO client data is potentially exposed after supplier AddComm falls victim to a ransomware attack.

• Patriot Mobile, America's exclusive Christian conservative wireless provider, was hit by a major data breach.

• The American Radio Relay League, ARRL, was hit by a ransomware attack, causing widespread disruption for radio enthusiasts.

• Nissan Oceania's emergency call center, established post-cyberattack, falls victim to its own security breach.

But a handful of guys were nabbed 👮‍♀️:

• Neculiti brothers: Infosec reporter Brian Krebs has picked up and expanded on a Correctiv report covering the Neculiti brothers, Ivan and Juri, two Moldavian nationals behind several shady web hosting companies.

• Russian hacker indicted for unauthorized network access: Evgeniy Doroshenko, a 31 years old Russian citizen, also known as "Flanker," has been indicted for selling unauthorized access to networks, including a U.S. company in New Jersey, facing charges of wire fraud and computer fraud.

• Phishing scammer caught in a $37 million Coinbase fraud: Indian national Chirag Tomar, 30, admitted to a Coinbase phishing scam, stealing $37 million, pleading guilty to hefty federal charges, confirmed U.S. Attorney Dena J. King.

• Dark web kingpin arrested in New York: Rui-Siang Lin, known as "Pharoah," the alleged mastermind behind the Incognito dark web market, was captured in New York. His platform processed over $100 million in illicit drug transactions. Lin now faces potential life imprisonment.

• Georgia man sentenced for $4.5 million email and romance scams: Malachi Mullings of Sandy Springs, Georgia, received a 10-year prison sentence today for laundering over $4.5 million through business email compromise and romance scams, including defrauding elderly victims and a health care program.

Stay safe.

Misha Sobolev

Aphinia

***

P.S.: Are you a senior GTM executive at a cybersecurity company wanting to get your story in front of 1,000s of cybersecurity executives? Sponsor a thought leadership section in the next issue of CISO Wire.