Search Results for “Kate Fazzini”

November 18, 2019
Kate Fazzini / CNBC

Kate Fazzini / CNBC  
More Than 6,500 Government Officials, Industry Players Conducted Simulated ‘Black Swan’ Cyberattack on Electric Grid at GridEx

More than 6,500 government officials and big players in the energy sector came together last week to conduct a simulated cyberattack on the electrical grid in an event known as GridEx, which takes place every two years. The participants tested what is known as a “black swan” event, one that is unlikely but could have devastating impacts if it came to fruition. In an imagined scenario based on real-world events, an attack on the Northeast corridor of the U.S. rippled beyond the energy sector to the biggest telecommunications companies and the financial sector.

Related: EEI, ERO Insider, Cyberscoop, Security Week

Tweets:@veracode @samrozenberg @setdeep @jdchristopher @chrissistrunk @brysonbort @mpetrova92

ERO Insider: GridEx V Throws New Tech Curveball
Cyberscoop: ‘GridEx’ offers stiff security test for an industry that welcomes the challenge
Security Week: Security of North American Energy Grid Tested in GridEx Exercise

@veracode: Government officials and big players in the energy sector came together this week to participate in “GridEx,” an event that simulates a #cyberattack on the electrical grid: @CNBC @KateFazzini
@samrozenberg: Coming off my #GridEx high, I very much appreciate this comic as it makes me remember the most common threat to the sector!
@setdeep: #GridEx one of the biggest tests of the #utilities #oilandgas ability to withstand wave upon wave of hypothetical #cyberattacks commences . #cyberresilience #penetrationtesting #ethicalhacking #cybersecurity #CISO #infrastructure
@jdchristopher: For those recently recovering from #GridEx and capturing lessons learned— don’t forget this throwback @_LittleBobby_ comic to include in your corporate presentations!
@chrissistrunk: This is a nice article & well-produced video from @CNBC @KateFazzini @mpetrova92 about threats to electric power systems & how the industry is defending against these threats. Comments in the article by myself and @EddieHabibi. I also did a small PLC demo. Shout out to #GridEx.
@brysonbort: .@chrissistrunk talks about #GRIDEX.
@mpetrova92: With over 9,000 power plants in the US with various operators and owners, protecting our power grid from a cyberattack is a tough task. @KateFazzini and I dug into the fascinating topic for our latest video.

May 24, 2019
Kate Fazzini / CNBC

Kate Fazzini / CNBC  
In a First, Moody’s Slashes Equifax’s Credit Rating From Stable to Negative Due to Fallout From Massive 2017 Breach

Investor rating giant Moody’s slashed its rating outlook on consumer credit rating company Equifax from stable to negative as the company experiences the fallout from its massive 2017 consumer data breach, the first time cybersecurity issues have been cited as the reason for a downgrade. Moody’s cited Equifax’s recent $690 million first-quarter charge for ongoing legal costs and regulatory fines as contributing to the downgrade. Looking ahead, Moody’s doesn’t see the breach-related cost picture improving for Equifax, estimating the company will incur breach-related expenses and capital investments of $400 million in 2019 and 2020.

Related:, Cyberscoop, SecurityWeek, SC Magazine,, Gizmodo, Dark Reading, ZDNet,

June 27, 2019
Kate Fazzini / CNBC

Kate Fazzini / CNBC  
Medtronic MiniMed 50 Insulin Pump Recalled Over FDA Concerns It Could Be Hacked, Flaws in Firmware Can’t Be Patched

Medical device giant Medtronic is recalling its MiniMed 508 insulin pump, which connects wirelessly to other insulin equipment, including glucose meters, a monitoring system, and controls that pump insulin, due to cybersecurity vulnerabilities in the device’s firmware that can’t be patched. The Food and Drug Administration (FDA) has raised concerns about the device, fearing that attackers could gain access to it and change settings. Medtronic urged customers to speak with their healthcare providers about whether to change the pump. For those continuing to use it, the company recommends they keep insulin pump and devices connected to it “within your control at all times” and advises customers not to share the pump’s serial number, among other recommendations.

Related: ICS-CERT Advisory Feed,, isssource.comCNBC, Reuters, Medtronics,,, The Hill: Cybersecurity, Investor’s Business Daily

July 26, 2019
Kate Fazzini / CNBC

Kate Fazzini / CNBC  
FBI Director Wray ‘Strongly’ Supports Attorney General’s Call for Encryption Backdoors, Says It’s a ‘Fundamental Public Safety Issue’

Speaking at the International Conference on Cyber Security at Fordham University’s law school FBI Director Christopher Wray said that he strongly supported Attorney General William Barr’s comments earlier this week that tech companies need to provide encryption backdoors so that law enforcement can access criminals’ and suspects’ encrypted phones and apps. “This is not just a national security issue, it’s a fundamental public safety issue. If it is not addressed, it impedes not only federal law enforcement, but our state and local partners as well,” Wray said.

Related:, The Register – Security

Tweets:@dnvolz @kevincollier @ericgeller

April 9, 2019
Kate Fazzini / CNBC News

Kate Fazzini / CNBC News  
Abrupt Departures of Secret Service Director, DHS Secretary Could Negatively Affect Government’s Role in Critical Infrastructure Cybersecurity Functions, Financial Cyberthreat Investigations

The abrupt leadership vacuums following the resignations of DHS Secretary Kirstjen Nielsen and Secret Service Director Randolph “Tex” Alles could affect the government’s role in advancing “critical infrastructure” cybersecurity functions as well as protections against private-sector cyberthreats, particularly those involving financial fraud. The U.S. government is already faced with a severe shortage of qualified cybersecurity experts and the departures of two government executives with large cybersecurity portfolios could hamper efforts to unite private-sector and government security efforts into a more streamlined approach. Although Alles did not have the cybersecurity background that Nielsen did, his tenure saw significant progress on cyber investigations in which the Secret Service played a key role.

Related: VICE News, The Inquisitr News,, Daily Kos, TIME, Al Jazeera, Washington Free Beacon, POLITICO, Fortune, The Sun, AP Breaking News, POLITICOZero Hedge, Bloomberg Politics,, Vox, Fox News

VICE News: Trump has pushed out the Secret Service director
The Inquisitr News: Chuck Schumer Calls On Ousted Service Director Randolph Alles To Testify About Security Lapses At Mar-A-Lago Randolph ‘Tex’ Alles: 5 Fast Facts You Need to Know
Daily Kos: Trump fires Secret Service director amid ‘near-systematic purge’ of Homeland Security Department
Axios: Behind Trump’s decision to oust his Secret Service chief
TIME: Secret Service Chief Out Over Reported Personality Conflict in Trump Administration
Al Jazeera : US Secret Service director to leave Trump administration: WH
Washington Free Beacon: Trump Fires Secret Service Director, Picks James Murray as Replacement
POLITICO: White House says Secret Service director will be ‘leaving shortly’
Fortune: Secret Service Director Randolph ‘Tex’ Alles Out After Mar-a-Lago Security Breach
The Sun: Donald Trump ‘fires’ Secret Service director Randolph ‘Tex’ Alles and three more top officials ‘quit’ after Kirstjen Nielsen ousted
AP Breaking News: Secret Service head Alles leaving, career official tapped
POLITICO: White House says Secret Service director will be ‘leaving shortly’
Zero Hedge: Trump Fires Head Of Secret Service
Bloomberg Politics: Secret Service Chief to Depart Amid Shakeup at Homeland Security Homeland Security Secretary Nielsen Resigns Amid Trump Anger Over Border
Vox: Secret Service director is the latest casualty in DHS shake-up
Fox News : Nielsen leaving DHS after White House meeting with Trump – Fox News

November 13, 2019
Kate Fazzini / CNBC

Kate Fazzini / CNBC  
Two Cybersecurity Pen Testers Still Face Charges for Burglary in Iowa Despite Having a Contract to Break Into Building

In a case causing fears of unwarranted liability by cybersecurity professionals, the state of Iowa contracted with a prominent cybersecurity company called Coalfire to conduct “penetration tests” of certain municipal buildings in September, particularly courthouses. In September, two employees of the company, Justin Wynn and Gary Demercurio, were arrested in the course of doing their jobs. After successfully testing the physical security of two other courthouses, the Coalfire employees were attempting to circumvent the security system at a courthouse in Dallas County, Iowa, to gain entry by entering via a propped-open door and then waiting for authorities to arrive after an alarm was triggered. The sheriff, however, arrested them for burglary instead. The charges still have not been dropped despite the firm having a clear contract outlining that it was hired by the state’s judicial branch to break into the building.

Related: Ubergizmo, Ars Technica, Engadget, Washington Post

Tweets:@SwiftonSecurity @webster @kurtopsahl @veracode @evanderburg

Ubergizmo: State Of Iowa Hires Security Firm To Break Into A Courthouse, Arrests Them Later
TechSpot : Iowa hired a cybersecurity firm to do penetration testing, then arrested its workers
Ars Technica: How a turf war and a botched contract landed 2 pentesters in Iowa jail
Engadget: Iowa asked researchers to break into a courthouse, then it arrested them
Washington Post: The Cybersecurity 202: Arrested Iowa hackers spark alarm among security pros

@SwiftonSecurity: Absolutely outstanding on-the-ground reporting by ?@dangoodin001?. I too noted the discrepancy in authorized testing times across disjointed documents | How a turf war and a botched contract landed 2 pentesters in Iowa jail
@webster: This is ridiculous. The Iowa Courts hired security testers. They explicitly authorized attempts to gain physical access and leave behind malicious devices. The testers get arrested in the process, and two months later the prosecutor is still charging them. …
@kurtopsahl: Pen testing is not a crime. …
@veracode: Professionals within the #cybersecurity community are expressing concerns as a pair of researchers face criminal charges after they were hired on to test the digital defenses of Iowa county courthouses: @CNBC @KateFazzini
@evanderburg: Iowa paid a security firm to break into a courthouse, then arrested employees when they succeeded

February 7, 2020
Kate Fazzini / CNBC

Kate Fazzini / CNBC  
GAO Raps CISA for Not Completing Strategic and Operations Plans to Help Safeguard 2020 Elections

In a letter, the U.S. Government Accountability Office (GAO) has criticized the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) for not yet completing “its strategic and operations plans to help state and local officials safeguard the 2020 elections or documented how it will address prior challenges.” The newly formed DHS agency took on the challenge of helping secure elections from cyberattacks in 2017. GAO recommended CISA take three actions. The first is for Chris Krebs, the CISA Director, to urgently finalize the strategic plan and the supporting operations plan for securing election infrastructure for the upcoming elections.  Krebs should also ensure that the operations plan fully addresses all lines of effort in the strategic plan for securing election infrastructure for the upcoming elections, GAO says. The final recommendation is for CISA to document how the agency intends to address challenges identified in its prior election assistance efforts and incorporate appropriate remedial actions into the agency’s 2020 planning.

September 13, 2019
Kate Fazzini, Amanda Macias, Kevin Brueninger / CNBC

Kate Fazzini, Amanda Macias, Kevin Brueninger / CNBC  
Treasury Department Imposes Sanctions on Three North Korean State-Sponsored Hacking Groups

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions targeting three North Korean state-sponsored malicious cyber groups, Lazarus Group and two of Lazarus Group’s sub-groups known as Bluenoroff, and Andariel, which the government said is responsible for North Korea’s malicious cyber activity on critical infrastructure. All three groups are controlled by the U.S.- and United Nations (UN)-designated RGB, which is North Korea’s primary intelligence bureau. Lazarus Group was, among other things, involved in the destructive WannaCry 2.0 ransomware attack which the United States, Australia, Canada, New Zealand, and the United Kingdom publicly attributed to North Korea in December 2017. Bluenoroff has attempted to steal over $1.1 billion dollars from financial institutions and, according to press reports, had successfully carried out such operations against banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam. Andariel has committed a host of financial crimes and was observed by cybersecurity firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market, the Treasury Department stated in its announcement.

Related: Axios, Wall Street Journal, The Hill,, Cyberscoop, AP Breaking News, YonhapNews, CNET News, South China Morning Post, Washington Post,,, Fifth Domain | Cyber,,, Affairs,, Channel News Asia, The Chosun Ilbo, Voice of America,  ZDNet Security, Firstpost, CGTN, CERT-EU , Law & Disorder – Ars Technica, SC Magazine, SC Magazine, RAPPLER, Digital Journal, SecurityWeek, CNET, Wall Street Journal, The Next Web, Infosecurity Magazine, Glock Takes Stock, The Chosun Ilbo

Tweets:@DAlperovitch @nakashimaE @shanvav @mikko

Axios: U.S. sanctions North Korea-tied hackers known as “Lazarus Group”
Wall Street Journal: U.S. Treasury Sanctions North Korean Cyber Groups
The Hill: Treasury sanctions three North Korean cyber groups for targeting critical infrastructure Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups
Cyberscoop: North Korean government hackers sanctioned by U.S. Treasury
AP Breaking News: Treasury imposes sanctions on 3 North Korean hacking groups
YonhapNews: (LEAD) U.S. sanctions 3 state-sponsored N.K. hacking groups
Reuters: U.S. imposes sanctions on North Korean hacking groups blamed for global attacks
CNET News: US levies sanctions against North Korean hacking groups – CNET
South China Morning Post: US sanctions North Korean hackers behind WannaCry, Sony cyberattacks
Washington Post: U.S. imposes sanctions on North Korean hackers accused in Sony attack, dozens of other incidents US Moves to Sanction Shadowy North Korean Hacking Groups
Fifth Domain | Cyber: WannaCry hackers face sanctions from Treasury Department North Korea’s legion of hackers is raking in money North Korean Hackers Behind WannaCry and Sony Hack Sanctioned by USA
Security Affairs: The US Treasury placed sanctions on North Korea linked APT Groups U.S. hits North Korea, Uganda in new rounds of sanctions
Channel News Asia: US imposes sanctions on North Korean hacking groups blamed for global attacks
The Chosun Ilbo: U.S. Imposes Sanctions on N.Korean Hacking Groups Blamed for Global Attacks
Voice of America: US Imposes Sanctions on North Korean Hacking Groups Blamed for Global Attacks
ZDNet Security: US Treasury sanctions three North Korean hacking groups
Firstpost: U.S. imposes sanctions on North Korean hacking groups blamed for global attacks
CGTN: U.S. sanctions three state-sponsored DPRK hacking groups
Brief.Kharon : North Korean Hacker Groups Sanctioned by US – Kharon Brief
Law & Disorder – Ars Technica: Meet the three North Korean hacking groups funding the country’s weapons programs
SC Magazine: U.S. sanctions North Korea hacking groups, says attacks funded missile program | SC Media
RAPPLER: U.S. puts sanctions on North Korea hacking groups behind major thefts
Digital Journal: US puts sanctions on N.Korea hacking groups behind major thefts
SecurityWeek: US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts
Digital Journal: US puts sanctions on N.Korea hacking groups behind major thefts
SecurityWeek: US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts
CNET News: US levies sanctions against North Korean hacking groups – CNET
Wall Street Journal: U.S. Targets North Korean Hacking as National-Security Threat
The Next Web: US sanctions 3 North Korean hacking groups behind Sony and WannaCry attacks
Infosecurity Magazine: US Slaps Sanctions on Three North Korean Cyber Groups
Glock Takes Stock: US imposes WannaCry sanctions on North Korean hacking groups
The Chosun Ilbo: U.S. Imposes Sanctions on N.Korean Hacking Groups Blamed for Global Attacks

@DAlperovitch: North Korean Cyber Sanctions by @USTreasury . Groups that @CrowdStrike tracks as SILENT CHOLLIMA and STARDUST CHOLLIMA, attributed by USG to RGB intelligence agency. On the heels of @USCYBERCOM DPRK malware release this weekend
@nakashimaE: It's becoming routine: U.S. imposes sanctions on North Korean hackers accused in Sony attack, dozens of other incidents. Unclear how much impact but it helps illuminate the threat. w/ @CMorelloWP
@shanvav: The U.S. Treasury Dept is sanctioning 3 North Korean hacking groups it says are backed by KJU, including Lazarus Group and 2 of its subgroups Bluenoroff and Andariel. They support Pyongyang's illicit weapon/missile programs. Details on @CyberScoopNews
@mikko: Sanctions on LAZARUS GROUP (a.k.a. "APPLEWORM"; a.k.a. "APT-C-26"; a.k.a. "GROUP 77"; a.k.a. "GUARDIANS OF PEACE"; a.k.a. "HIDDEN COBRA"; a.k.a. "OFFICE 91"; a.k.a. "RED DOT"; a.k.a. "TEMP.HERMIT"; a.k.a. "WHOIS HACKING TEAM"; a.k.a. "ZINC")