Tag Archive for: hires

ICBC pumps funds into US unit after ransomware attack to pay US$9 billion for unsettled trades, hires cybersecurity firm

/in


ICBC’s US unit told market participants on Friday it was hoping to finish the cyber review over the weekend, but the sources said they expected it would spill into next week. Meanwhile, the bank is using manual processes to trade, they said.

The details, including the cash injection for unsettled trades, have not been previously reported.

The ransomware attack was claimed by cybercrime gang LockBit, a widely deployed ransomware first seen on Russian-language-based cybercrime forums in January 2020. It is the latest in a string of ransom demands by hackers this year.

Ransomware attack on ICBC unit disrupts US Treasury market trades

The cyberattack sent ripples through the US Treasuries market, where ICBC acts as a broker for hedge funds and other market participants, helping them trade in the securities. While the extent of disruption to market was limited, it brought into focus the resilience of a market that underpins global finance.

When the hack happened earlier this week, ICBC was unable to access its systems, leaving it temporarily owing BNY US$9 billion for unsettled trades, two of the sources said. The custody bank is the sole settlement agent for Treasuries.

The Chinese parent then injected capital into the US unit, allowing it to settle the trades and pay back BNY Mellon, the sources said. That has now happened, they said.

ICBC did not respond to a request for comment. ICBC Financial Services, the bank’s US unit, has said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.

Industrial and Commercial Bank of China near Pudong South Road, Shanghai. ICBC says it hopes to complete the assessment of its systems as soon as this weekend after a ransomware attack. Photo: Future Publishing via Getty Images

ICBC’s representatives told market participants on a call organised by the Securities Industry and Financial Markets Association (SIFMA), a trade group, on Friday afternoon that they had hired a cybersecurity firm to do an assessment to ensure that its systems are safe, three sources familiar with the matter said.

ICBC said it hopes to be done as soon as this weekend, the sources said, noting that it could take longer,…

Source…

Arnold & Porter law firm hires CIA lawyer for national security work

/in


(Reuters) – Law firm Arnold & Porter Kaye Scholer said Tuesday that it hired a top lawyer from the U.S. Central Intelligence Agency to join its white-collar practice, as the Biden administration spotlights national security issues in its corporate enforcement efforts.

Deborah Curtis, a former CIA deputy general counsel, will be a partner in the firm’s white-collar defense and investigations group in Washington, D.C. Curtis said she will specialize in national security matters including export control restrictions, foreign influence laws and supply chain regulations.

Curtis’ arrival comes as the Biden administration prepares to heighten enforcement of economic sanctions and export controls, targeting corporate conduct that may undermine U.S. efforts to counter adversaries like Russia and China.

Curtis said multinational companies are still “coming to grips” with government enforcement and regulatory actions carried out with the aim of protecting national security.

“National security wields such a heavy hammer,” Curtis said. “If the government raises the national security specter, it has a real chilling effect on your ability to counter.”

Curtis said she joined Washington-founded Arnold & Porter because the 1,000-lawyer firm has credibility within the U.S. intelligence community and already has a national security dimension to its white-collar practice.

At the CIA, Curtis handled litigation and investigations, responding to congressional inquiries and lawsuits involving the U.S. intelligence agency, and started a task force to provide rapid legal advice during intelligence crises.

She was previously chief counsel for industry and security at the U.S. Department of Commerce, where she worked on export control policy and helped draft restrictions on China-headquartered Huawei Technologies’ access to computer chips.

Curtis also worked at the U.S. Justice Department as a supervisor in the National Security Division and as a prosecutor in the U.S. attorney’s office in Washington.

While not a member of U.S. Special Counsel Robert Mueller’s team that investigated possible coordination between Russia and individuals connected to Donald Trump’s election campaign, Curtis worked…

Source…

CISA hires Navy cyber expert to help oversee vulnerability management

/in


The Cybersecurity and Infrastructure Security Agency tapped a Navy leader in cyber and network operations Wednesday to lead its efforts to mitigate potential vulnerabilities and information security weaknesses. 

The nation’s cyber defense agency named Sandy Radesky as the associate director of vulnerability management in a statement posted to CISA’s official Twitter account.

Radesky, who previously served as the deputy command information officer for the U.S. Fleet Cyber Command since December 2020, is a longtime veteran of cyber operations, has spent most of her career supporting the Department of Defense.

She served as the director of analytics for the COVID-19 Countermeasures Acceleration Group beginning in June 2021, where she led a team of “data scientists, logisticians and technologists” to help optimize the process of distributing 400 million vaccinations as part Operation Warp Speed, according to her Navy profile

Prior to that, Radesky served as deputy director of operations at Joint Force Headquarters Department of Defense Information Network at Fort Meade, Maryland, helping oversee enterprise-wise command and control and cyberspace missions. 

A seven-year tenure at the Defense Information Systems Agency ultimately saw her lead the Global Operations Command Defensive Cyber Operations Security Center, its largest operational command tasked with safeguarding the DODIN network. 

The news comes as CISA and the entire federal government face an ever-increasing threat landscape of cyber vulnerabilities. Radesky’s appointment was announced just days after the agency added another Microsoft zero day vulnerability to its catalog of known vulnerabilities that the company said can allow an attacker to gain system privileges after successfully logging in and running a specially crafted application. 

CISA has given all federal agencies until January 31 to patch the bug, titled CVE-2023-21674.

Radesky has also worked as an engineer and project manager for multiple information security and cybersecurity firms in the private sector, including as an engineer for MITRE and an information security analyst at CSC. She previously served as a communications operator in the U.S. Air…

Source…

Finite State hires Thomas Bain as EVP of Marketing

/in


Finite State announced it has hired Thomas Bain as Executive Vice President of Marketing.

Finite State Thomas Bain

Bain will be responsible for building out Finite State’s strategic go-to-market framework to help strengthen the brand, drive pipeline, and increase awareness to further Finite State’s unique leadership position in securing the connected product ecosystem.

Too few organizations have considered the downstream impact product security has on today’s threat landscape. In a recent survey, more than half of respondents said their customers don’t even request detailed information about the components in their devices. Risk has grown so large that the Justice Department recently disrupted a Russian-controlled botnet of thousands of infected network hardware devices.

“The cybersecurity industry protects our global economy, yet many organizations are still not paying enough attention to threats against IoT devices,” Bain said. “Finite State is uniquely positioned to secure this emerging market and help organizations automate the risk assessment and management process for connected devices. By automating the generation and review of the Software Bill of Materials (SBOMs) for these devices for both device manufacturers and asset owners, Finite State supports organizations in preventing firmware vulnerabilities from being exploited, while addressing a massive-scale cybersecurity market opportunity.

“The cybersecurity landscape has changed considerably since I started out more than 18 years ago. Threats have become much more complex and dynamic. Product security teams are struggling to keep up, and we need to show them that we can help build security into their solutions. This has the potential to substantially reduce risk and support efficient device innovation and device management at scale across many verticals.”

Bain has held senior marketing positions at leading cybersecurity firms including Cyware, RiskRecon (acquired by Mastercard), Morphisec, CounterTack (now GoSecure), Security Innovation, and Application Security, Inc. (acquired by Trustwave). He’s an established thought leader, having presented at cybersecurity conferences including Evanta, Hacker Halted, Global…

Source…