Last week, exploitation of a maximum severity React2Shell vulnerability compelled Cloudflare to force an outage while the rapidy advancing fintech space drew the attention of global regulators, and Sysdig CFO Karen Walker underscores the importance of CFOs, CISOs and General Counsels working together to reduce risk and maximize the value of cyber tools.
Sysdig CFO On Collaborating with General Counsel and CISO to Build Strong Cybersecurity Front
As AI moves at the speed of light with the potential to both improve and compromise security, it’s all hands on deck. Members of the C-Suite must work in concert to protect their organizations. And CISOs must find ways to cut through the noise of alerts and focus on those vulnerabilities that could compromise their companies’ must valuable assets. Karen Walker, CFO at Sysdig, brings a unique perspective to cybersecurity, advocating for collaboration between the CFO, General Counsel and CISO to better understand and reduce risk for boards well-versed in cybersecurity. With a degree in accounting from Southern Methodist University, Walker made her way to the Bay Area where she found a natural fit among tech companies. She initially focused on investor relations at companies like PagerDuty and Pandora Media before moving into finance positions.
Regulators Eye Rapidly Advancing Fintech Companies
Fintech startups are in the sights of regulators in large part the transformation they have brought to the flow of money have raised concerns over heightened risk. Rapid change without strong regulation can create fertile ground for customer data privacy and cybersecurity weaknesses, the potential of money laundering and terrorist financing and the risk of manipulation of the digital asset market. To meet those risks some global regulators are customizing regulatory systems to the particular issues raised by emerging fintech companies.
UK Competition and Markets Authority Greenlights $22.7 Billion Payments Mega-merger
After months of exhaustive regulatory scrutiny, British authorities have given the green light to one of the biggest fintech mergers of recent years—in this case, Global Payments $22.7 billion acquisition of Worldpay. While both organizations are headquartered in the US, they have significant operations and hold various legal entities and subsidiaries in the UK, giving the UK’s Competition and Markets Authority (CMA) jurisdiction over the merger. The acquisition brings together two of the biggest payment processing companies in the world. Global Payments, a US-based technology company, offers services and technology to merchants, issuers, and consumers around the world, while Worldpay, formerly part of the Royal Bank of Scotland but since acquired by US multinational FIS in 2019, provides a similar suite of offerings. The combined entity has a global reach of more than six million merchants and an annual volume of $94 billion transactions.
Brickstorm Backdoor, a Way Into Government, IT Orgs for China Hackers
China-linked hackers are using the Brickstorm backdoor to access the assets of U.S. companies in law, software-as-a-service (SaaS), business process outsourcing, and technology, government agencies, IT companies and other sectors, according to researchers from Google Threat Intelligence Group and Mandiant. And they have been playing the long game, often taking a year or more hanging around inside these organizations doing everything from espionage and IP theft to created zero-day vulnerabilities. The backdoor lets the hackers worm their way into VMWare vCenter servers, VMware ESXi instances and Microsoft Windows.
React2Shell Max Severity Bug Just Shook Up Defense in the AI Age
The recent chaos caused by the maximum severity React2Shell vulnerability that prompted Cloudflare to force an outage shows just how short the time from disclosure to exploitation (in this case by China-affiliated threat groups like Earth Lamia and Jackpot Panda) has become—and how difficult it is for security teams to mitigate. It also is prompting security to reimagine how to defend in the age of AI—whether that is changing patching schedules or raising questions about 24-7-365 uptime from service providers.
.