Cynthia Brumfield

README | Cynthia Brumfield

Rapid7 vs JetBrains: A vulnerability disclosure process gone bad
A recent conflict between Rapid7 and JetBrains over how to disclose vulnerabilities was marred by blame, confusion and conflicting philosophies.
AlphV’s bid to report its victim to the SEC could backfire
The ransomware group AlphV reported a victim to the SEC for failing to report a cybersecurity incident, placing government regulators in a precarious position.
Wartime muddies waters for 'hacktivist' threat
The rise of hacktivism in a world mired in two significant wars blurs the lines between military and citizen combatants, and holding them accountable won't be easy.
The problems with vulnerability reporting
Several recent incidents in the U.S. system for reporting vulnerabilities highlight the importance of accurate, comprehensive bug reports for defenders
Bad torts: Law firms feel the heat from rising cyber threats
Experts say the sensitive data law firms hold and their lagging attention to cybersecurity make them prime targets.
AI’s peril and promise for policymakers and cyber defenders
At this year’s Billington Summit, experts highlighted the risks and benefits that AI poses for national security and the cybersecurity sector.
Postcards from Hacker Summer Camp 2023
The promise and threat of AI, government policy and surprising revelations about the Viasat hack were among the major takeaways from Black Hat and DEF CON.
Dark Caracal: A bumbling, yet surprisingly effective, cyber mercenary group
At DEF CON, EFF security researcher Cooper Quintin discussed a mysterious group called Dark Caracal that has proven effective despite making many mistakes.
Spyware vendors stagger as the U.S. and allies land a punch
The Biden administration’s executive order to restrict government use of commercial spyware put the spyware industry on notice, but experts say global collaboration will be needed to truly limit the spread of these invasive toolkits.
Fungi fallout? Ore. psilocybin data bill draws cybersecurity scrutiny
Oregon is the first U.S. state to have legalized psilocybin for adult use. However, a new bill proposing data collection from psilocybin users could expose vulnerable populations to cybersecurity and legal risks and create a template for other states to emulate.
New strategies, “soul-searching” needed to secure critical infrastructure
At this year’s S4 conference in Miami Beach, top industrial control system experts offered various solutions that could replace the increasingly obsolete security through obscurity method for protecting ICS.
Cyberthreats, AI-enabled disinformation loom over 2024 elections
Cyberthreats and AI-enabled disinformation loom over the upcoming 2024 elections
2022 was the year of crippling ransomware attacks on small countries
The country of Vanuatu is the latest victim in a string of crippling ransomware attacks on small countries this year. Experts say various motives underlie these incidents but disagree on whether this trend reflects a shift in threat actors away from well-resourced Western nations.
Cybercrime is more of a threat than nation-state hackers
Back-to-back security conferences detailed the latest threats posed by malicious nation-states on the one hand and cybercriminals on the other. One takeaway is that cybercrime volumes are more massive and more persistent than the higher profile advanced persistent threats.
Feds eye virtual reality as the next privacy and security battleground
At the Federal Trade Commission’s annual PrivacyCon this week, a top regulator and outside experts zeroed in on digital risks posed by the nascent virtual reality industry.