Matthew Rosenquist

Information Security Strategy

Russia is one of the most aggressive nations when it comes to state coordinated cyberattacks – and Ukraine has been at the center of their crosshairs for 3 years.  This report, provided the State Service of Special Communications and Information Protection of Ukraine contains an incredible amount of cybersecurity insights, ... Read More

 As cryptocurrency becomes more popular and the adoption rises, we see a related increase in the number of cybercrimes, fraud, and malware schemes. Criminals like to hunt and plunder where there is money! If you hold cryptocurrency or are using Web3 platforms, you need to be careful.Among other risks, the ... Read More

 This is how you handle cybercrime digital extortion! Coinbase was compromised by trusted 3rd party partners, which exposed customer data — but customer keys to their assets were still safe. The cyber criminals then attempted to extort $20 million from Coinbase, to keep the attack secret.Coinbase’s answer: NO! Instead, they are creating ... Read More

Compromising the hardware layer, especially the CPU, is the Holy Grail of cyberattacks. Recent work by Christiaan Beek, a leading cybersecurity researcher at Rapid7, into developing a ransomware proof-of-concept that infects at the hardware layer, inside the CPU, is truly scary. The research demonstrates just how real this threat could ... Read More

 The PowerSchool data breach nightmare of 2024 doesn’t end. Here is a quick rundown to catch up, before I call out some key learnings:In December 2024, PowerSchool was breached by ransomware attackers who claimed to have copied 62 million records, a figure that PowerSchool has declined to specify. Forensic assessments ... Read More

 Misuse of the newly announced Microsoft OneDrive synchronization feature puts corporate security and personal privacy at serious risk in ways not likely understood by the users. Microsoft wants people to connect their personal OneDrive file share with their work systems, synchronizing potentially private files onto their enterprise managed PCs.The problem ... Read More

 Many don’t realize that cyberattacks against Critical Infrastructure sectors, can cause more than an inconvenience of a temporary power outage.   Critical Infrastructures are a favorite of aggressive Nation State cyber threats.  In addition to communications disruptions, power outages, and healthcare billing, these attacks can also seek to disrupt food ... Read More

 Nations are investing heavily in offensive cyber capabilities. The proposed 2026 US defense budget earmarks an additional $1 billion in funding for offensive cyber operations, specifically to the US Indo-Pacific Command (USINDOPACOM). In 2025, the Department of Defense spent over $14 billion on cyber, with $6.4 billion allocated to offensive ... Read More

 Something happened this weekend — starting on Monday my cellphone has been lighting up with unknown callers — a 30x increase! I rarely give out the number so I assume one of the following:Ended up on a cybercriminal call-list because of a Data Breach from one of the few vendors that actually do have my ... Read More

 I am very glad that the Common Vulnerabilities and Exposures (CVE) program was re-funded by the US Government, specifically CISA (Cybersecurity and Infrastructure Security Agency), but this last-minute catch has raised serious concerns with the recent government cuts to cybersecurity programs that benefit US Critical Infrastructures, businesses, and individuals.The CVE ... Read More