To get in touch about speaking at your event, email [email protected]
Media Packet
1,042 items across 6 categories — press, broadcast, stage, and paperwork. Captured, displayed, and archived for posterity.
139 items · 2022
Press
A Threatpost article from March 2022 documents an actively exploited zero-day vulnerability in Google Chrome that prompted an emergency security patch. Casey Ellis commented on the severity of the vulnerability and the importance of rapid patching in response to in-the-wild exploitation.
Press
Threatpost published an article examining how automakers are adopting connected vehicle technology faster than they are implementing adequate cybersecurity protections. Casey Ellis contributed expert commentary on the gap between automotive innovation and security maturity in the industry.
Press
Dark Reading published an article on strategies for aspiring cybersecurity professionals to enter the field and secure employment. Casey Ellis discusses hiring challenges in cybersecurity and offers perspective on what companies seek when recruiting talent for security roles.
Press
Dark Reading published an article on nation-state-backed cyberattacks leveraging Ukraine war-themed phishing lures to compromise targets. Casey Ellis contributed analysis on the threat landscape and tactics being employed by state-sponsored actors in response to geopolitical tensions.
Press
VentureBeat published an article on the critical Spring4Shell vulnerability affecting the Java Spring Framework and the need for organizations to prepare despite limited evidence of active exploitation. Casey Ellis comments on the vulnerability's severity and recommends that companies take preventive action rather than wait for widespread attacks to materialize.
Press
LinuxInsider published an article examining recent security vulnerabilities affecting Linux systems, including the Dirty Pipe privilege escalation flaw and DNS tunneling techniques used for command-and-control communications. Casey Ellis is cited for insights on the security threats and their implications for Linux infrastructure protection.
Press
The Record by Recorded Future reported on Google's emergency security update for Chrome to address the second actively exploited zero-day vulnerability of 2022. Casey Ellis commented on the significance of the vulnerability and the importance of timely patching for users.
Press
TheStreet published an article about phishing scams and cyber threats that exploit March Madness bracket participation. Casey Ellis discusses how hackers leverage the tournament's popularity to target consumers and outlines practical security measures for protecting personal information during the event.
Press
A March 2022 article in The Register examines the activities of the LAPSUS$ extortion group and its breaches of major technology companies including Microsoft, Okta, and Nvidia. Casey Ellis comments on the group's reckless approach and its failure to represent a professional model for the cybercriminal underground.
Press
BankInfoSecurity published an article examining how international sanctions on Russia and Belarus have disrupted bug bounty payments to security researchers in those countries. Casey Ellis discusses the operational and ethical challenges these restrictions create for vulnerability disclosure platforms and their researcher communities.
Press
CSO published an article on March 15, 2022, examining seven longstanding attack vectors that cybercriminals still exploit effectively, including phishing and unpatched software. Casey Ellis contributed analysis on why these older methods remain dangerous despite years of security awareness and patching efforts.
Press
Channel Futures reported on an SEC proposal requiring public companies to disclose cyberattacks within four days of discovery. Casey Ellis commented on the implications of the stricter reporting timeline for corporate security practices and incident response protocols.
Press
CyberWire's policy briefing newsletter from March 2022 covered the Biden administration's digital assets executive order, the Strengthening American Cybersecurity Act, and the SEC's incident reporting proposal. The briefing included Bugcrowd's designation as a CVE Numbering Authority, a recognition of the platform's role in coordinating vulnerability disclosures.
Press
Dark Reading reported on Vice Society's publication of sensitive data stolen from the Los Angeles public school system, including student psychological evaluations. Casey Ellis commented on the breach's implications for school cybersecurity and the need for improved data protection measures in educational institutions.
Press
ZDNet reported on security research from Palo Alto Networks identifying over 100,000 medical infusion pumps vulnerable to two significant security flaws. Casey Ellis contributed analysis of the vulnerabilities and their potential impact on healthcare device security and patient safety protocols.
Press
A Cybernews article examines the ongoing legal risks that ethical hackers encounter despite the expansion of bug bounty programs. Casey Ellis discusses how the disconnect between security research and legal frameworks leaves researchers vulnerable to prosecution and advocates for clearer protections.
Press
VentureBeat published Casey Ellis's analysis of Ukraine's volunteer IT Army formed in response to the Russian invasion. Ellis examines the ethical tensions and long-term consequences of state-endorsed hacktivism, arguing that while Ukraine's defensive response is justified, the precedent raises complex questions about accountability and international norms.
Press
An SC Media report details research showing that supply chain integration problems are costing 38 percent of companies $500,000 or more annually. Casey Ellis contributed to the findings on the financial impact of supply chain security gaps and integration challenges affecting enterprise operations.
Press
VentureBeat published an analysis of escalating cyber attacks during the Russian invasion of Ukraine, examining the involvement of hacktivist groups and distributed denial-of-service operations. Casey Ellis provided commentary on the nature and scope of the cyber conflict unfolding alongside conventional military operations.
Press
Threatpost published an article examining how the Russia-Ukraine conflict is fracturing the cybercriminal underground and forcing ransomware groups to take geopolitical stances. Casey Ellis is quoted discussing the implications of these divisions for threat intelligence and the evolving landscape of organized cybercrime.
Press
TheStreet published an article titled "How to Avoid Being Hacked By the Russians" offering cybersecurity advice and best practices for individuals and businesses. Casey Ellis contributed guidance on protecting against potential Russian-sponsored cyber threats.
Press
A TheStreet article from February 2022 reports on a major data breach at Nvidia in which the LAPSUS$ hacking group claimed to have stolen approximately one terabyte of proprietary data from the chipmaker. Casey Ellis commented on the incident and the broader implications of the breach for corporate security practices.
Press
NBC Bay Area published a local news segment offering practical tips for protecting personal information and devices from cyberattacks. Casey Ellis contributed expert guidance on cybersecurity precautions that individuals can implement to reduce their vulnerability to attacks.
Press
Security Boulevard published an article in February 2022 examining the absence of widespread cybercriminal exploitation tied to Russia-Ukraine tensions at that time. Casey Ellis provided analysis on threat actor behavior and the evolving security landscape during the geopolitical crisis.
Press
A CSO article from February 2022 examines how cryptocurrency and Web3 companies are offering substantial bug bounty rewards to attract security researchers. Casey Ellis comments on the competitive dynamics of these high-value bounties and their impact on talent recruitment in the emerging blockchain security sector.
Press
PortSwigger Daily Swig reported on New Zealand's mandate requiring federal agencies to establish formal vulnerability reporting processes for security researchers. Casey Ellis was cited as supporting the policy initiative, emphasizing the importance of structured bug disclosure channels for government entities.
Press
A ZDNet article reports on CISA's addition of a Microsoft Win32k privilege escalation vulnerability to its list of known exploited bugs requiring federal agency patching. Casey Ellis commented on the vulnerability's severity and the importance of timely remediation for affected systems.
Press
The Telegraph published a feature article examining how corporations pay large sums to ethical hackers, including teenagers, through bug bounty programs to identify security vulnerabilities. Casey Ellis is cited as a key figure in legitimizing and scaling this practice through his work in the bug bounty space.
Press
SC Media reported on the discovery of multiple vulnerabilities in 42Gears' SureMDM platform that could have enabled supply chain attacks against its customers. Casey Ellis contributed analysis of the security findings and their potential impact on enterprise mobile device management deployments.
Press
A Dice article examines why ransomware continues to rank as a critical concern for IT and security professionals due to its potential for widespread disruption and financial damage. Casey Ellis discusses the persistent threat ransomware poses to organizations and the strategies security teams employ to defend against evolving attack methods.