APHINIA - Weekly Cybersecurity News

=> to get the full version of this newsletter, subscribe here: https://aphinia.substack.com/

I hope you are winning this week!

Here is your weekly summary of CISO appointments and promotions, industry events, and breaking cybersecurity news:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”?? to:

• George Maropakis was appointed CISO at Advance Auto Parts.
• Bert Talley was appointed as CISO at Health TrackRx.
• Joseph Frisk was appointed as VP CISO at Dine Brands Global.
• Hanan AbuLebdeh CISSP, CISM, ITIL 4. FAC-COR II was appointed as CISO at the U.S. Department of Homeland Security.
• Bandon Cross was appointed as CISO at EDGE Markets.
• Brett Enclade was appointed as CISO at Stealth Mode.
• Dave Phillips was appointed as CISO at OSHEAN Inc.
• Brady Miller was appointed as CISO at Carilion Clinic.

Appointed? Promoted? Let us know!

Are you a CISO, VP- or Director-level cybersecurity executive looking to level up, to enhance your personal brand, to network, to mentor and to find mentors?

Cybersecurity is a team sport, join the team of cyber superheroes!

=> Join 2,000+ cybersecurity executives in Aphinia (it is free)!

• Pakistan introduces new social media law with jail time for spreading fake news: Pakistan is tightening its grip on online misinformation with a new bill that could send offenders to prison for up to three years. Social media companies must also register with the government or risk being banned for good.
• Trump administration shuts down cybersecurity review board: the Department of Homeland Security has disbanded its advisory committees, including the Cyber Security Review Board (CSRB), which investigates major cyber incidents.
• PayPal fined $2 million for security failures: PayPal has been fined $2 million by financial regulator for failing to secure customer data. The company neglected cyber training when updating its system, leaving sensitive data exposed.
• Russia introduces new social media regulations: Russia's internet watchdog Roskomnadzor requires social media networks to block accounts that haven't provided their real names, with influencers over 10,000 subscribers ordered to register by the start of this year.
• US freezes cyber diplomacy funding amid foreign aid review: the U.S. State Department has halted funding for its Cyber Diplomacy Bureau, along with most foreign aid programs, following an executive order by President Trump.
• Android introduces a new security upgrade for users: Google has launchedIdentity Check, a feature requiring biometrics when a device leaves trusted locations. This safeguard activates when accessing settings or account data. It’s designed to protect users from theft or unauthorized access.?
• Crazy Evil responsible for several crypto scams: Recorded Future revealed that the cybercrime group, Crazy Evil, runs a massive network of crypto scams and phishing sites. Active since 2021, the group has six subteams specializing in different attack techniques. Their primary victims are cryptocurrency enthusiasts, NFT traders, and online gamers.
• Worldcoin faces backlash In Brazil: Worldcoin’s relaunch as Tools for Humanity was banned from offering crypto for iris scans. Officials claim such payments may influence consent, while Worldcoin insists its iris scans are secure and anonymous. The company claims the issues will be resolved.?
• Microsoft tightens Teams security: Microsoft reminded admins that new anti-impersonation features in Teams Chat, launching mid-February, will flag suspected phishing messages by default. Users can preview flagged messages and choose to accept or block them.
• Industry news: Alpheris, which enables vital federated data networks in the life sciences industry, has raised $20 million. Mitiga, a company which specializes in threat detection and response solutions for Cloud and SaaS, has raised $30 million. Chainalysis acquired Alterya. Cytracom acquired Telivy. Tidal Cyber acquired Zero-Shot Security. Tenable acquired Vulcan Cyber.

Aphinia Events:

• CISOs and Cyber Founders. Are you interested in meeting next generation startup founders? Aphinia and Glilot Capital Partners are hosting an exclusive "CISOs and Founders" Michelin-star chef dinner taking place on February 26, 2025 in New York, NY. We have a handful of spots left but they will go fast. Interested in attending? Reach out to Misha Sobolev for details.
• FS-ISAC CISO Mastermind is taking place on March 9, 2025 in New Orleans, LA. Interested in attending? Reach out to Misha Sobolev for details.
• Aphinia CyberTech delegation. We are going to CyberTech (Mar 24-26, 2025) and planning a small delegation. Ready to face geopolitical winds and join us? Reach out to Misha Sobolev for details.
• 2025 RSAC CISO Mastermind Dinner. Last year's event was awesome so we are hosting it again in 2025. Are you going to RSAC in 2025? Reach out to Misha Sobolev for details.
• Re:Inforce CISO Mastermind is taking place on June 15, 2025 in Philadelphia, PA. Interested in attending? Reach out to Misha Sobolev for details.
• BlackHat CISO Mastermind is taking place on Aug 3, 2025 in Las Vegas, NV. Interested in attending? Reach out to Misha Sobolev for details.

Industry Events:

• Prodacity is taking place on Feb 4-6, 2025 in Nashville, TN.
• CruiseCon is taking place on Feb 8-13, 2025 at sea (!), departing Cape Canaveral, FL. Get a members-only rate (code: Aphinia10).
• FS-ISAC is taking place on Mar 9, 2025 in New Orleans, LA.
• CyberTech is taking place on March 24-26, 2025 in Tel-Aviv, Israel.
• RSAC is taking place on April 28-May 1, 2025 in San Francisco, CA.
• Identiverse is taking place on June 2, 2025 in Las Vegas, NV.
• Gartner: Security & Risk Management is taking place on Jun 8, 2025 in National Harbor, MD.
• Re:Inforce on June 15, 2025 in Philadelphia, PA.
• Black Hat is taking place on Aug 2-7, 2025 in Las Vegas, NV.
• InfoSec World is taking place on Sep 22, 2025 in Orlando, FL.
• SecTor is taking place on Oct 23, 2025 in Toronto, Canada.
• Re:Invent is taking place on Dec 2, 2025 in Las Vegas, NV.
• Gartner: Identity & Access is taking place on Dec 8, 2025 in Grapevine, TX.
• Black Hat is taking place on Dec 9, 2025 in London, UK.

Attending or hosting an event? Let us know!

Bad actors have been busy recently ??:

• Singapore-based Crypto exchange company, Phemex, was hacked last Thursday, leading to the theft of $70 million in crypto assets.
• Hackers breached education tech giant PowerSchool, stealing the personal data of over 62.4 million students and 9.5 million teachers across 6,500 school districts in the United States.
• NoOnes confirms a cyberattack on New Year’s Day which exploited a Solana bridge flaw, siphoning $8 million in crypto and laundering it through Tornado Cash.
• CloudSEK researchers report a threat actor has reportedly targeted low-skilled hackers, compromising over 18,000 devices across five countries.
• Handala, a pro-Palestine hacktivist group, breached the Israeli Ministry of National Security, sending false missile alerts to schools and kindergartens.
• Millions of Georgian citizens' personal information was exposed in a data leak on an Elasticsearch server owned by a German cloud provider, before disappearing mysteriously.
• Over 500 websites, including those from governments and universities, were hacked with malicious scripts for black hat SEO, all loaded from the same ScriptAPI.
• UK-based Telecommunications company, TalkTalk, is investigating a third-party data breach claimed to have exposed nearly 19 million subscriber details on a hacking forum.
• Conduent confirms a cyberattack on its operating systems, triggered by a third-party breach, led to a recent disruption in its services.
• Cyble, a threat intelligence firm, uncovered thousands of leaked credentials from 14 cybersecurity vendors on the dark web, likely stolen and sold for as little as $10.

But a handful of guys were nabbed ??♀?:

• Former British museum employee caught after causing chaos with IT shut down: a former British Museum employee who shut down IT systems, disrupting ticket bookings and closing exhibitions, has been arrested. The cyberattack led to major operational disruptions, leaving several exhibitions closed on Friday.
• Malaysian scam ring busted for duping Singaporeans of $1.4M: Malaysian authorities have detained 16 locals involved in a cyber scam targeting Singaporeans. The gang posed as officials to trick victims into transferring over $1.4 million into their accounts.
• North Korean IT workers charged in $866K scam: the US DOJ has indicted two North Koreans who posed as Westerners to land jobs at US companies and funnel over $866,000 to the country’s weapons program. Two Americans were also charged for helping the workers conceal their locations.
• Infamous BreachForums boss back in sentence: BreachForums founder Conor Fitzpatrick, also known as Pompompurin, faces resentencing after violating court terms by leaking personal data and joking about it. Initially given leniency due to his age and autism diagnosis, he now risks harsher consequences.

Stay safe.

Misha Sobolev

Aphinia

=> to get the full version of the newsletter, subscribe here: https://aphinia.substack.com/

Are you a CISO, VP- or Director-level cybersecurity executive looking to level up, to enhance your personal brand, to network, to mentor and to find mentors?

Cybersecurity is a team sport, join the team of cyber superheroes!

=> Join 2,000+ cybersecurity executives in Aphinia (it is free)!