Press — Media Packet

Press

ZERO DAY INITIATIVE CHANGES DISCLOSURE POLICY FOR FAULTY PATCHES

The Zero Day Initiative announced a policy change regarding disclosure of vulnerabilities with faulty or incomplete patches, as reported by Duo Security. Casey Ellis noted the initiative's shift to provide clearer timelines and expectations for vendors releasing defective patches to address coordination gaps.

Press

Taiwan Hit By Multiple DDoS Attacks Following Arrival of Pelosi

IT Security Guru reported on multiple DDoS attacks targeting Taiwan following House Speaker Nancy Pelosi's arrival in the country. Casey Ellis commented on the incident's geopolitical implications and the operational security challenges such coordinated attacks pose to critical infrastructure during politically sensitive events.

Press

U.S. Doubles Reward for Information on North Korea Cyberattackers

A Channel Futures report covers the U.S. government's decision to double its reward to $10 million for information on North Korean state-sponsored cyberattackers. The piece documents the government's escalating efforts to identify and hold accountable those responsible for major cyber operations attributed to North Korea.

Press

Builders and Breakers

Security Boulevard published an opinion piece by Casey Ellis examining the relationship between software developers and security researchers and their need for stronger collaboration. Ellis argues that builders and breakers must work together more effectively to improve overall software security outcomes.

Press

Crypto Firms Make Thieving Hackers an Offer: Keep a Little, Give Back the Rest

A Wall Street Journal article from July 2022 examines the practice of cryptocurrency firms negotiating directly with hackers following thefts, offering them financial incentives to return most of the stolen funds. Casey Ellis is cited on the rationale behind such negotiations and their implications for security practices in the crypto industry.

Press

Latest Atlassian Confluence vulnerability raises concerns

A Computer Weekly news item addresses security concerns following discovery of a critical vulnerability in Atlassian's Confluence software. Casey Ellis comments on the vulnerability's implications and the importance of prompt remediation for affected organizations.

Press

T-Mobile to Pay $350 Million Settlement in Data Breach Class-Action Lawsuit

Channel Futures reported that T-Mobile agreed to pay $350 million to settle a class-action lawsuit stemming from a major data breach. Casey Ellis commented on the settlement's implications for corporate accountability and data protection standards in the telecommunications industry.

Press

Messaging Apps That Are Secure: Signal vs. WhatsApp

TheStreet published an article comparing the security and privacy features of messaging apps including Signal and WhatsApp. Casey Ellis contributed analysis on how these platforms protect user data and the technical differences in their encryption approaches.

Press

Why Current Events Can and Will Affect Your Security Posture

A CISO Series article examines how current geopolitical and social events directly impact organizational security posture and threat landscape. Casey Ellis discusses the connection between real-world events and evolving security risks that organizations must monitor and address in their defense strategies.

Press

Hardcoded password in Confluence app has been leaked on Twitter

Ars Technica reported on a critical vulnerability in Atlassian's Confluence software stemming from a hardcoded password that Atlassian warned was likely to be actively exploited. Casey Ellis contributed analysis on the security implications and exploitation risk of the flaw for the article.

Press

Atlassian warns of several new critical vulnerabilities potentially being exploited in wild

The Record by Recorded Future reported on Atlassian's advisory regarding multiple critical vulnerabilities in its products being potentially exploited in the wild, including a hardcoded password flaw. Casey Ellis commented on the significance of the vulnerabilities and their potential impact on affected organizations.

Press

Labor Department announces 120-day cybersecurity apprenticeship sprint

Fed Scoop reported on the U.S. Department of Labor's launch of a 120-day Cybersecurity Apprenticeship Sprint to address the shortage of cyber professionals. Casey Ellis contributed to the initiative as part of efforts to expand apprenticeship pathways in the cybersecurity field.

Press

Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists

Dark Reading published an analysis of the LAPSUS$ extortion group and their operational tactics in July 2022. The article examines the group's social engineering and data theft methods, with Casey Ellis contributing insight on the persistence of the threat despite the group's irregular activity patterns.

Press

Labor and Commerce departments launch new cybersecurity apprenticeship scheme

Silicon Angle reported in July 2022 on the U.S. Departments of Labor and Commerce launching a new cybersecurity apprenticeship program designed to address a significant workforce shortage. Casey Ellis contributed perspective on the initiative's potential to build a stronger pipeline of skilled cybersecurity professionals into the market.

Press

New cyber apprenticeship initiative to develop & train cybersecurity workforce

Security Magazine published a piece on the Cybersecurity Apprenticeship Sprint, a federal initiative designed to build the U.S. cybersecurity workforce through registered apprenticeships. Ellis contributed to the effort as an advocate for practical, hands-on training models that address the cybersecurity skills gap.

Press

First CSRB Report Tackles on Ongoing Log4j Risk

A Security Boulevard article from July 2022 covers the Cyber Safety Review Board's inaugural report examining the Log4j vulnerability and its sustained threat to organizations. Casey Ellis contributed to the CSRB's findings on Log4j's systemic risk and the need for coordinated remediation efforts across the technology sector.

Press

There is a cybersecurity talent gap across the US. Here's what to put on your résumé to a land high-paying job in the industry.

Business Insider published a 2022 article on building a cybersecurity career resume amid industry talent shortages. Casey Ellis discusses the skills and qualifications employers seek when hiring for high-paying roles in the field.

Press

There is a cybersecurity talent gap across the US. Here's what to put on your résumé to a land high-paying job in the industry.

Business Insider published a careers article on landing high-paying cybersecurity roles in the US job market. Casey Ellis contributed advice on résumé strategies and in-demand skills needed to address the industry's talent shortage.

Press

Log4j incident response within the community shows collaboration & dedication to security

Security Magazine published an article examining the collaborative response from the global cybersecurity community to the Log4j vulnerability crisis. The piece highlights the collective efforts and dedication demonstrated by security professionals in addressing this widespread threat.

Press

Crime Watch: Why Are Ransomware Attacks Intensifying?

Bank Info Security published "Crime Watch: Why Are Ransomware Attacks Intensifying?" discussing ransomware trends and the Cyber Safety Review Board's Log4j vulnerability investigation. Casey Ellis contributes analysis on the escalating ransomware threat landscape and factors driving increased attack frequency against organizations.

Press

CYBER SAFETY REVIEW BOARD: EXPLOITATION OF ‘ENDEMIC’ LOG4J FLAW WILL EVOLVE

Duo Security published coverage of the Cyber Safety Review Board's report on the Log4j vulnerability, which characterizes the flaw as an endemic risk to critical infrastructure. Casey Ellis contributed analysis on how attacker exploitation methods will continue to adapt and evolve over time.

Press

Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict

A July 2022 article in The Record by Recorded Future examines concerns among security leaders following Joe Sullivan's conviction, with worry that CISOs will face increased legal liability for breaches. Casey Ellis is quoted discussing the risks of scapegoating security executives and the need for clearer accountability frameworks across organizations and boards.

Press

US Department of Defense invites hackers to help harden its security systems

Tech Radar reported on the U.S. Department of Defense's launch of "Hack U.S.," a bug bounty program that crowdsources security testing to ethical hackers. Casey Ellis contributed to the coverage by discussing how coordinated vulnerability disclosure and bug bounty initiatives strengthen defense systems against emerging threats.

Press

Researchers, NSA cybersecurity director warn of hackers targeting Zyxel vulnerability BriefsCybercrimeGovernmentTechnology Researchers, NSA cybersecurity director warn of hackers targeting Zyxel vulnerability BriefsCybercrimeGovernmentTechnology Researchers, NSA cybersecurity director warn of hackers targeting Zyxel vulnerability

A report from The Record by Recorded Future covers warnings from cybersecurity researchers and the NSA regarding active exploitation of a critical Zyxel firewall vulnerability. The alert details the remotely exploitable flaw and advises organizations on mitigation steps to protect their network infrastructure from ongoing attacks.

Press

DoD announces launch of a new bug bounty program

VentureBeat reported on the Department of Defense's launch of a new bug bounty program focused on strengthening security collaboration with ethical hackers. Casey Ellis contributed to the announcement, supporting the DoD's effort to engage the broader security research community in identifying and addressing vulnerabilities across federal systems.

Press

Security Pros Lured to Bug Bounties by Big Pay Days

TechNews World published a 2022 article on the expanding appeal of bug bounty hunting as a career path for security professionals. The piece explores how competitive payouts and flexible work arrangements draw security talent to the bug bounty model.

Press

LockBit 3.0 Ransomware Emerges With Bug Bounty Program

Security Week reported on the emergence of LockBit 3.0 ransomware in June 2022, noting the operation's unusual creation of its own bug bounty program to identify flaws in its malware. Casey Ellis commented on the development as part of industry analysis of the ransomware threat landscape and emerging tactics used by criminal operations.

Press

There are 24.6 billion pairs of credentials for sale on dark web

The Register published a security news roundup in June 2022 covering the proliferation of stolen credentials on dark web marketplaces and emerging threats like LockBit 3.0 ransomware-as-a-service operations. Casey Ellis was cited for insights on credential compromise risks and the evolving threat landscape affecting organizations worldwide.

Press

Former Uber security chief found guilty of covering up 2016 cyberattack

A Brussels Times article reports that Uber's former security chief Joe Sullivan was convicted of obstruction and misprision of felony charges related to covering up a 2016 data breach. The case examined corporate handling of cybersecurity incidents and accountability for disclosure failures.

Press

Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day

Security Boulevard published Microsoft's official guidance and mitigation steps for the Follina zero-day vulnerability affecting the Microsoft Support Diagnostic Tool. Casey Ellis provided context on the severity and impact of the flaw, helping organizations understand the threat level and recommended remediation approaches.