Aphinia - Your Weekly CISO Wire
Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:
These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:
David Ramirez was appointed as CISO at Broadridge Financial Services.
Fahmi Megdiche was appointed as CISO at Medius.
Adam Cartwright was appointed as CISO at Australia Post.
Damon Becknel was appointed as Deputy CISO at Microsoft.
Julie Chatman was appointed as CISO at CareFirst BlueCross BlueShield Service Benefit Plan Administrative Services.
Luiz Firmino was appointed as CISO at FEMSA Proximity & Health.
Brett Lambo was appointed as CISO at King & Spalding.
Afia Phillips was appointed as CISO at Little Caesar Enterprises.
John Visneski was appointed as Deputy CISO at Sumo Logic.
Alfred Gonzalez was appointed as CISO at Ultra Intelligence & Communications.
Appointed? Promoted? Let us know!
Aphinia is growing! Say hello, reach and connect with our new members:
Amit Srivastava, Director, Walmart
Brandon Berry, Director, Technology Risk Management, BlackRock
Caroline Sarkis, Director, Program Management Cloud Engineering, Capital One
Danny Blonien, Director of Information Security, Cambium Learning Group
Drew Kingston, CISO, American Associated Foods
Eiwe Lingefors, Chief Information Security Officer, DocGo
Eric Hess, Director, Information Security, Five9
Hari Tadepalli, Sr Director, Product Cybersecurity, Evolv Technologies, Inc.
Jack Countryman, Cloud Security Engineer, Avnet
Jesse Reisman, Director, Cybersecurity Operations, DTE Energy
John Dempsey, Senior Manager, Security Operations, National Audubon Society
Michael Thiessmeier, Executive Director, US National AI and Cybersecurity ISAO
Nate Fielding, Director, IT and Security, Integrate.com
Renana Friedlich, Deputy CISO, PayPal
Rohan Bafna, Director threat detection and incident response, Wework
Thomas Holz, Security Architect, Bank of America
Tom Brennan, CIO, Mandelbaum Barrett PC
Yvonne Chen, Cybersecurity Director, BNP Paribas
Welcome on board!
Who in your network can benefit from Aphinia? Please send them here »
Not yet a member? Apply here »
Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min
Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:
a new Advisory role
a consulting gig
a promotion or appointment
a book deal
a speaking engagement at industry conference
Our dance card is filling up fast, here’s the link to grab your time slot now: https://calendly.com/aphinia/30min
Meanwhile, check out our this interview with our returning guest Michael Piacente (Managing Partner, Hitch Partners) in the four-part series. This interview focused on specific job search tactics.
Full interview here»
Several important events happened that merit your attention:
Trump shooter phone: The FBI says it gained access to the phone of Thomas Crooks, the man who tried to assassinate former US President Donald Trump.
Lazarus money laundering: The Lazarus North Korean hacking group has allegedly laundered stolen cryptocurrency funds through Cambodian payments firm Huione Pay which is allegedly linked to the Cambodian royal family.
Kaspersky shuts down US business: Russian security firm Kaspersky will begin to wind down its US business starting on July 20. The company has already begun laying off US employees at the start of July.
Microsoft China tells employees to ditch Android for iPhones: In a surprising move, Microsoft China is requiring its employees to switch to iPhones. This decision stems from the Google Play Store being blocked in China, leaving the Microsoft Authenticator app only accessible through the App Store.
Cybercriminals target users with malware in Facebook ads: Cybercriminals are exploiting Facebook ads and business pages to spread the SYS01 password-stealing malware disguised as Windows desktop themes. These deceptive ads also distribute pirated software and games. Trustwave warns users to be cautious as similar schemes are found on LinkedIn and YouTube.
Progress Software embroiled in 144 class action lawsuits: Progress Software faces 144 class action lawsuits from customers affected by the 2023 MOVEit hacking spree. Although the company has reported only $3 million in related expenses so far, it anticipates significant future financial repercussions .
Google adds dark web monitoring to all user accounts: Google will roll out Dark Web Reports to all user accounts allowing users to scan the dark web for their personal details like names and emails. Initially part of the discontinued Google One VPN, this feature will be accessible through the account dashboard.
Germany kicks out Chinese gear from 5G network: In a move citing national security threats, the German government mandated telecom operators to strip Huawei and ZTE equipment from their 5G networks. All unauthorized Chinese equipment must be removed from core networks by the end of 2026 and from transport networks by 2029.
Russian influencers forced to reveal real identities: Russia's internet watchdog now mandates that social media users with over 1,000 followers must disclose their real names to authorities. This new regulation specifically targets those sharing news content.
Whispers of tech titans' secret AI agenda reach the Senate: Three Democratic Senators have called on the FTC to investigate Amazon, Microsoft, and Google over concerns that their consolidation efforts could lead to a dominant position in the rapidly growing AI market.
EU slams Twitter for shady practices and deceptive tactics: The European Commission claims Twitter violated the Digital Services Act, citing manipulation through dark patterns, lack of data sharing with researchers, and opaque advertising policies. The Commission criticized Twitter's misuse of verified status to enhance post visibility without verifying account identities. An investigation could lead to fines of up to 6% of Twitter's revenue.
Kremlin set to ban YouTube this September: The Russian government is deliberately throttling YouTube speeds nationwide, blaming faulty Google equipment. IT experts debunked this, revealing local ISPs' involvement. Sources indicate the Kremlin plans to block YouTube entirely by September, following the launch of its YouTube clone - Platforma.
Executives under intense pressure to adopt GenAI solutions: A recent survey highlights the growing pressure on corporate leaders to adopt GenAI solutions, with 87% of executives feeling the heat. Despite the enthusiasm for AI's potential benefits, concerns over resources and AI backlash linger, underscoring a preference for trusted partnerships over in-house development.
Exim bug leaves 1.5 million mail servers vulnerable to hackers: A critical vulnerability in Exim mail servers, affecting versions up to 4.97.1, has left 1.5 million servers unpatched, warns Censys. The flaw allows threat actors to bypass security filters using malicious email attachments, with the U.S., Canada, and Russia most at risk.
Threat/trend reports: Check Point, Cloudflare, NextDLP, ReliaQuest, and SpamHaus have recently published reports covering cybersecurity industry threats and trends.
Industry news: Google is rumored to be in talks to acquire Wiz for 23 billion, PortSwigger, a top global provider of web application security testing tools, has raised $112 million. Sola Security, a newly founded cybersecurity startup, has raised $28 million. Command Zero, an autonomous cyber investigation platform, has raised $21 million. XBOW raised $20 million for AI pentesting. Cytactic raised $16 million cyber crisis management. Tracebit raised $5 million for next gen honeypots. Cybolt has acquired Cyber Guards.
These senior cybersecurity executive roles you may want to forward to your friends and colleagues:
Software People Inc. is looking for a Chief Information Security Officer in Jackson, MS.
The Office of Labor Relations, New York City, is looking for a Chief Information Security Officer in Manhattan, NY
The University of North Carolina Greensboro is looking for a Chief Information Security Officer in Greensboro, NC.
Citizens Property Insurance Corporation is looking for a VP Chief Information Security Officer in Jacksonville, FL.
Customers Bank is looking for a Chief Information Security Officer in Malvern, PA.
CBOE is looking for an SVP, Chief Information Security Officer in Lenexa, KS.
Major League Soccer is looking for a Chief Information Security Officer in New York, NY.
Meridianlink is looking for a Chief Information Security Officer, Remote.
Looking for a job? Hiring? Let us know.
These are virtual and live events for the cyber community you may find interesting:
Aphinia Events:
Aphinia CISO Dinner: Las Vegas, NV on August 5, 2024. We have 1 spot left, apply here»:
Aphinia CISO Dinner: Boston, MA on Sep 17, 2024. Want to attend or sponsor?
Aphinia CISO Dinner: New York, NY on Sep 18, 2024. Want to attend or sponsor?
Want to host or sponsor a CISO Mastermind or a CISO Dinner in your city? Contact us here»
Industry Events:
BlackHat is taking place on August 6-11, 2024 in Las Vegas, NV.
InfoSec World is taking place on September 23-25, 2024 in Lake Buena Vista, FL.
Fal.con is taking place on September 16-19, in Las Vegas, NV.
Attending or hosting an event? Let us know!
Bad guys have been busy recently 📈:
American bank Evolve has updated the public on its recent breach, revealing that hackers have stolen the data of 7.6 million customers.
Moroccan and LulzSec Black Soldiers have launched DDoS attacks against Turkish organizations due to the country's mistreatment of Syrians.
Neiman Marcus is dealing with a security nightmare as hackers have swiped over 31 million customer details.
AT&T's mega breach exposed phone call and text message records of nearly all its cellular customers, leading the company to pay a $370,000 ransom to delete the stolen data.
Last week, over 2.3 million records collected by the mSpy surveillance company were exposed on “Have I Been Pwnd,” according to mSpy data.
Legal advice service Rapid Legal inadvertently exposed 38 million records through an unsecured cloud storage database.
Software company CDK Global reportedly paid a $25 million ransom to the BlackSuit ransomware gang last week.
A threat actor has stolen $1.8 million worth of crypto-assets from Dough Finance by manipulating one of its smart contracts to swipe some of its Aave tokens.
The hacktivist group NullBulge has reportedly leaked over 1.1 TB of sensitive Disney data from their internal Slack channel.
A massive data breach has exposed 6 million Pinterest user records on popular leak forums, revealing email addresses, usernames, user IDs, and IP addresses.
But a handful of guys were nabbed 👮♀️:
Scandal as FACCT links Ukrainian man to notorious malware: FACCT, a Russian security firm, has identified a 38-year-old Ukrainian from Ternopil, Andrey R., as the creator of the Burns remote access trojan, a tool used by the cybercrime group VasyGrek to attack Russian companies since 2020.
Hacker drama unfolds as Comelec data breach suspects detained: Philippine authorities detained five suspects, believed to be BLOODSEC and Anonymous Philippines members, accused of hacking government agencies and companies, including COMELEC and Sky Cable Data, and selling stolen data online.
Notorious hacker Tank finally sentenced after years on the run: US authorities have sentenced Ukrainian national Vyacheslav Penchukov to 18 years for leading the Zeus and IcedID malware operations. He was also ordered to repay over $73 million to past victims.
Stay safe.
Misha Sobolev
Aphinia
***
P.S.: Are you a senior GTM executive at a cybersecurity company wanting to get your story in front of 1,000s of cybersecurity executives? Sponsor a thought leadership section in the next issue of CISO Wire.