Former Uber Chief Security Officer Joe Sullivan in happier times (Photo: National Institute of Standards and Technology website)

Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up

David Perera • October 5, 2022

A U.S. federal jury found Joe Sullivan, former chief security officer of Uber, guilty of covering up a 2016 data breach that exposed the personal information of tens of millions of account holders. The trial was a landmark, likely marking the first time a chief security officer has faced criminal charges over an

Governance & Risk Management

It's 2022. Do You Know Where Your Old Hard Drives Are?

Latest

Attack Surface Management

Pen Test Firm NetSPI Gets $410M Boost From KKR to Fuel M&A

Michael Novinson • October 5, 2022

Rising offensive cyber star NetSPI has received a massive follow-up investment from KKR to pursue acquisitions and expand its technological and geographic footprint. KKR's $410 million bet comes on the heels of 50% organic sales growth for NetSPI in 2021 and 61% sales growth thus far in 2022.

Leadership & Executive Communication

Why Aren't More Women in Security Leadership Positions?

Anna Delaney • October 5, 2022

A man in the cybersecurity field is seven times more likely than a woman to have applied for or been offered the job of CISO, according to a new report from Accenture on the need for more inclusion in the workplace. Experts discuss strategies to close the gap and make hiring more inclusive.

Cloud Security

Lacework Co-CEO David Hatfield Out 4 Months After Layoffs

Michael Novinson • October 5, 2022

David "Hat" Hatfield has exited the co-CEO role at Lacework just four months after the cloud security vendor laid off 20% of its employees. The move will bring Lacework's co-CEO experiment to an end after just 14 months, with Facebook engineering head Jay Parikh moving forward as sole CEO.

3rd Party Risk Management

How to Deal With Endemic Software Vulnerabilities

Steve King • October 5, 2022

In this episode of "Cybersecurity Unplugged," Amit Shah, director of product marketing at Dynatrace, discusses the implications of the Log4Shell software vulnerability and the need for organizations to take an observability-led approach to software development and security going forward.

Artificial Intelligence & Machine Learning

Qualys Buys Blue Hexagon to Aid Secure Public Cloud Adoption

Michael Novinson • October 4, 2022

Qualys has purchased a startup founded by longtime Qualcomm leaders to help detect supply chain infections, crypto miners and unauthorized activity in the cloud. The deal will allow customers to detect active exploitation, identify advanced threats and create an adaptive risk mitigation program.

Blockchain & Cryptocurrency

US Regulators Identify Cybersecurity Risks in Crypto Trading

Rashmi Ramesh • October 3, 2022

A council chaired by Treasury Secretary Janet Yellen and comprised of the heads of major federal financial regulatory agencies called on Congress to more closely regulate the spot market for crypto assets. A report from the council identifies risks in digital assets, including cybersecurity.

Application Security

Tim Eades of vArmour on Expanding From Banking to Government

Michael Novinson • October 3, 2022

While vArmour has enjoyed success in banking, the U.S. government is now the fastest-growing part of its business. CEO Tim Eades says much of the government doesn't understand the relationships and dependencies among vArmour's applications or the consequences of an application going down.

API Security

Why Is Akamai an Appealing M&A Target for Private Equity?

Michael Novinson • October 3, 2022

The steady barrage of acquisition reports around publicly traded digital experience vendor Akamai has intensified in recent weeks. The latest salvo landed Monday when StreetInsider reported that the intelligent edge platform provider held talks with a private equity firm about a potential takeover.

Business Continuity Management / Disaster Recovery

Pentagon Bug Bounty Program Uncovers 350 Vulnerabilities

Prajeet Nair • October 1, 2022

The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day. The weeklong bug bounty challenge called "Hack U.S." ran from July Fourth to July 11.

Fraud Management & Cybercrime

North Korea Trojanizing Open-Source Software

Mihir Bagwe • September 30, 2022

North Korea is using weaponized versions of open-source utilities to spy on the technology, defense and entertainment sectors worldwide. Microsoft says it spotted fake profiles of supposed job recruiters who really are Pyongyang hackers manipulating victims into downloading Trojans.

Cloud Security

Cloudflare, VCs Join Forces to Give Away $1.25B to Startups

Michael Novinson • September 30, 2022

Cloudflare has joined forces with 26 venture capital firms to provide up to $1.25 billion in financing to startups building on the company's developer platform. The Workers Launchpad Funding Program will connect developers with investors around the world to scale their startups faster.

3rd Party Risk Management

ISMG Editors: Will Others Follow US Lead to Legislate SBOMs?

Anna Delaney • September 30, 2022

In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.