red team SEC data security privacy How to Bring DevOps and Security Teams Closer Together

Change is Coming to the SEC’s Proposed Infosec Rules

The Security and Exchange Commission (SEC)’s proposed changes could have a substantive impact on how companies describe and project their cybersecurity readiness. This SEC Fact Sheet tells us that the proposed rules are to “enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by public companies.” ... Read More
Security Boulevard
Hydra MedusaLocker

US Disrupted Russian GRU’s Hydra and Sandworm

The United States has been largely mum on its offensive capabilities when it comes to cybersecurity operations. But recently, the Director of the National Security Agency and Cyber Command, General Nakasone, referenced such capabilities and described how his operational elements were engaged in assisting Ukraine in their cybersecurity defense before ... Read More
Security Boulevard
China GE

Former GE Engineer Convicted of Economic Espionage

On April 1, 2022, the Department of Justice (DoJ) announced the conviction of Xiaoqing Zheng of conspiracy to commit economic espionage following a four-week jury trial. Zheng will be sentenced on August 2, 2022, and faces up to 15 years in prison and a fine of up to $5 million ... Read More
Security Boulevard
framework ethical Best Practices for Data Security

US and EC Forge Trans-Atlantic Data Privacy Framework

On March 25, the White House and the European Commission announced they had agreed to a new Trans-Atlantic Data Privacy Framework which addresses the EU Court of Justice’s concerns. The United States has committed to reform the manner in which it conducts U.S. signals intelligence activities to ensure privacy safeguards ... Read More
Security Boulevard
Crowdstrike Qualcomm threat Linux security XDR Kubernetes open source security

Qualcomm: ‘We’d Like Our IP Back, Please’

It was the third week of January 2022 and the offer letter was signed and accepted; Guarav Kathuria was on his way out the door to start the next chapter in his career and closing out his 12-plus years at Qualcomm. Nothing to see here—this scenario happens to thousands of ... Read More
Security Boulevard
Lichtenstein and Morgan bitcoin hack

Lichtenstein and Morgan: The Stolen Virtual Currency Laundry

If you’ve been scratching your head while you read about the money laundering escapades of Ilya Lichtenstein and his wife Heather Morgan, let me assure you that you are not alone. The Department of Justice told us that this duo created a “labyrinth of cryptocurrency transactions” in their attempts to ... Read More
Security Boulevard
threat Russia Russian critical infrastructure APTs

Russian Threat Actors Targeting Infrastructure

In January 2022, BlackBerry’s researchers published findings about the Prometheus traffic direction system (TDS) efforts to target U.S. infrastructure through their crimeware-as-a-service (CaaS) offering. The Prometheus effort was originally identified by the Russian entity Group-IB in August 2021. The BlackBerry report goes on to note that “Prometheus can be considered ... Read More
Security Boulevard
mobile workforce Salesforce supply chain MY2022 JumpCloud Confronting Mobile Security Issues

China’s MY2022 App Could Do More Than Trace COVID-19 Exposure

Researchers at The Citizen Lab at the University of Toronto dug into the MY2022 COVID-19 exposure tracing application mandated for use by attendees and participants in the Beijing Winter Olympic Games—and what they found wasn’t pretty. The app is required to be used by any member of the press, athlete ... Read More
Security Boulevard
Palo Alto Networks insider threat security teams

Teachable Moment: An Insider Threat on Your Team

No manager or executive wants to receive a phone call informing them that a team member has engaged in suspicious activities that require a security investigation. But that’s just what happened to Code42’s vice president of portfolio strategy and product marketing, Mark Wojtasiak. Code42’s internal instance of its insider risk ... Read More
Security Boulevard
NSO Group FSB ransomware FCUK REvil

Russia’s FSB Arrests REvil Players at US Request

The morning of January 14, 2022, the Russian Federal Security Service (FSB) issued a statement that announced the demise of the hacker group REvil. The FSB, in a joint effort with the Ministry of Internal Affairs (MVD) executed a successful takedown of individuals associated with REvil in a series of ... Read More
Security Boulevard