Welcome reader to your CybersecurityHQ report.

Headlines

The interior ministry in Germany has blamed the Russian military intelligence service GRU for a series of cyber attacks. The attacks targeted the country’s governing Social Democratic Party, along with the logistics, defense, aerospace, and IT sectors. It’s claimed that the threat actors, APT 28, carried out the hack in 20222 using a vulnerability in Microsoft Outlook.

The group has been active since 2004, mostly carrying out cyber espionage campaigns. In light of their effective infiltration of German governmental and corporate systems, Foreign Minister Annalena Baerbock said Russia would face consequences for the “absolutely intolerable” attack.

On April 26th, the US Department of Homeland Security (DHS) announced it would launch an AI safety and security board in response to an executive order by President Biden. The board will feature 22 representatives, coming from various backgrounds including software, infrastructure, civil rights, and more.

Of course, CEOs of multiple tech giants will also be involved. Among the inaugural board members are the heads of OpenAI, Anthropic, Nvidia, IBM, Microsoft, Adobe, Alphabet, and Amazon Web Services. Read the official announcement for more details.

Dropbox disclosed a major data breach for its Sign electronic signature service. The Wednesday disclosure revealed that the threat actor gathered customer information including email addresses, usernames, phone numbers, hashed passwords, general account settings, and authentication data.

The company’s official blog on the matter described the attack. “The actor compromised a service account that was part of Sign’s back-end, which is a type of non-human account used to execute applications and run automated services. As such, this account had privileges to take a variety of actions within Sign’s production environment. The threat actor then used this access to the production environment to access our customer database.”

Interesting Read

Two leading Chief Information Security Officers (CISOs), Geoff Belknap of LinkedIn and Guy Rosen of Meta, discuss their career paths from their beginnings to the top of their field in this discussion with SecurityWeek. The discussion goes beyond the technical aspects of being a CISO for some of the most cybersecurity-demanding companies on the planet. Belknap and Rosen also touch on the human side of their experience with burnout, mentoring, and navigating their teams through an ever-more difficult threat landscape.

As SEC regulations tighten and hackers use more sophisticated tools to rapidly deploy new strategies, having a competent CISO has never been more important for companies. And with this discussion, we get to hear about these challenges from the inside.

Employment Tip: Mock Interviews

When an upcoming career opportunity has you stressed — remember to practice with mock interviews. To do this right, prepare in-depth by researching the company. Practice common questions and your response to them, and try to enroll a friend to help simulate the interview for you.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team