Bill Siegel

“If Americans could see a balloon above every American company that had been hacked by China, they’d be flabbergasted!” is essentially what @nicoleperlroth said on @FareedZakaria’s GPS. It’s shocking how easy it has been for US adversaries to hack major US corporations.

As criminals extort #healthcare victims with #ransomware, victims urged to prepare rather than pay, especially for false data-wiping promises bit.ly/3uTvvk5 by @euroinfosec POV: @coveware @John_Fokker @Trellix @Sophos @uuallan @RecordedFuture

Wish Elon had bought Teams

Next up, Lizzie Cookson of @coveware discusses the cyber extortion impact curve. #BRUNCHCON

In Coveware's Q3 Ransomware report, we unpack the Uber verdict and discuss what it means for how data exfiltration extortion incidents are treated: bit.ly/3TEP4rn #ransomware

Spotted on the sidewalk in NYC

Start up founders take note: THIS is how you roll freemium -> paid conversion strategy. arstechnica.com/tech-policy/20…

@rseroter @googlecloud Culture eats security for breakfast

"One thing we found surprising was that the biggest predictor of an organization's software security practices was cultural, not technical." cloud.google.com/blog/products/… < new Accelerate State of DevOps (DORA) report from @googlecloud has new findings on security and reliability.

This is staggering. Roughly 8.52% of Zelle transactions are fraud /theft. By comparison, that number is 0.013% for all cryptocurrency. So by the numbers Zelle is 639x more likely to be stolen than crypto.

Today’s @dotMudge testimony is a milestone for CISOs. Execs and boards are on notice that if they expect CISOs to defend the indefensible, they could create a whistleblower who reveals all their dirty laundry before Congress or other legislative or government entities.

@BrettCallow @LawrenceAbrams Neither. Business interruption is the largest cost component of a claim -> causes the largest swings in carrier loss rates -> causes policy prices to increase upon renewal.

Cause or effect?

Can't say where I saw it, but this is kinda sadly awesome: “Any sufficiently complicated system has at its root an unmaintainable flat text file.” :-) #random

🚨 ACTIVE CYBERSECURITY THREAT TO SCHOOL DISTRICTS‼️ @FBI, @CISAgov & the MS-ISAC released a joint #cybersecurity advisory detailing #IOCs and #TTPs associated with the #ViceSociety #ransomware group. cisa.gov/uscert/ncas/al… #StopRansomware #InfoSec

@royalhansen Adding a zero to those bounty amounts would be one of the highest ROI actions Google could manufacture. The gap between illicit Oday pricing and legit bug bounties has to narrow if the truly dangerous exploits are going to surface in legit fashion.

"Rewards will range from $100 to $31,337, depending on the severity of the vulnerability and the project's importance." zdnet.com/article/google…

@r0wdy_ 10 years from now when ~50% of SMB's have finally upgraded to this version, it will make a difference...sigh

Coworker: (seeing me drink coffee) You should try low caffeine green tea instead. It will change your life. Me: you should try having 3 kids Coworker: Me: it will change your life! Coworker: Me: I'm going to get more coffee.

@beajammingh @WeldPond @thegrugq TOO SOON

@WeldPond @thegrugq CFAA only covers over $5,000, and $9M of crypto is probably not worth that much.

Attacker negotiates $1.6M bounty after exploiting smart contract bug to get $9M. What is the legality of this? We never see these types of negotiations in non-crypto compromises. Does the CFAA not cover smart contract exploits or is it "no cop, no law?" livemint.com/news/world/cre…

@OrlandoBravoTB founders panic googling

Staffers run the US government....this is fact.