#security

What do folks know?

Now this? Who’s in charge of Nike’s Cyber Security??

Nike Data Breach Under Investigation as WorldLeaks Claims 1.4TB Theft

https://sentrybay.com/nike-data-breach-investigation/

Anyone know anything? noticed it in B1 today…

We know you're watching

What does this mean? I now can’t access secure from sparq. No meeting invite yet so am I cooked?

Not a safe area to be after dark, unless you are carrying:
Police say a man fired shots after an altercation with a security guard outside a Corktown bar early Saturday morning. The incident happened at around 1:17 a.m. in the 2100 block of Trumbull Avenue near Michigan Avenue. The security guard, a licensed CPL holder, returned fire and struck the man.

With Brad Arkin at the helm, Salesforce's security team reportedly shrank from ~300+ to 188 engineers over two years, aligning with company-wide restructurings amid AI adoption and efficiency drives. No public data specifically attributes incident spikes to these cuts, but one has to ask. The volume of breaches has fueled speculation about under-resourcing in security.

Do they regret the security headcount drop? No explicit statements, but the incident surge (from sporadic in 2024 to widespread in 2025) and AI backpedaling suggest possible hindsight regrets and prioritizing efficiency over robust defense in a high-threat landscape like Salesforce.

Major Incidents-
Late 2024 – Early 2025 Vishing Wave (UNC6040)
June–July 2025 Major Vishing Campaign (UNC6040)
August 2025 Salesloft Drift OAuth Breach (UNC6395)
September–October 2025 Extortion & Leak Escalation (Scattered LAPSUS$ Hunters)
Late 2025 – Early 2026 Follow-On Incidents

Oh boy. The outcome of this won’t be good.

Just in case my matters to you, Truist is working with Palantir. Do with that what you will 🤷🏻‍♀️

I was impacted by the recent layoff after nearly seven years as a cloud security engineer. During that time, I worked hands-on across architecture, automation, and platform security, often supporting end-to-end execution.

One reflection I’m sitting with is how, during reorganizations, decision-making can shift toward newer leadership roles that may not always have deep technical context — even when long-tenured engineers have been heavily involved in keeping systems running and helping teams ramp up.

Curious how others have seen this play out:
• How do experienced technical ICs stay effective as orgs change?
• In security teams, how much does deep technical ownership still factor into decisions today?

Appreciate any perspectives.

I was thinking about applying for a tech security position.

Until I saw the hiring manager.

I am familiar with her. There is no way that she knows anything about tech security... And, she's a director. Like, she's an 'expert' in the field.

First time I've ever been like, "Yeah, Fidelity has D . E . I . but they have enough people to fill roles with talented people."

What people are saying is true. No way is this company doing well when I see this.

A HS dropout with ChatGPT would be a better fit for director than this individual. Just wow.

title

What exactly is the purpose of this Authenticator every day asking you to put some numbers before you can continue with teams or outlook.

Is this about trying to confirm if you are in front of your computer?

What happened at this garage? I saw an email about a security incident. WTH?

So we all keep track in our store how many times we are required to log in....... ya, we spend the majority of the day logging in and trying to get out of customers accounts. Ya, trying to get out of an account when your done. Might as well start the hot pocket in the microwave and log onto AOL dial up. And fix the security on it too, it's the most unsecure application we have used yet.

For those that don’t know, the Verizon stores in the houston area have had armed security in their stores for the last 10+ years.

Today we were told that beginning 01/01/2026, the following stores (Cinco Ranch, Aliana, Fulshear) will no longer need police officers due to the restructuring.

I do not know if the stores will be converting to third party or shutting down but figured it would be good to give employees a heads up to start getting their personal affairs in order.

Strong rumors of an upcoming acquisition in the security sector

“Our belief [is] that the industrial base can only handle going fast on one programme at this time, and the presidential priority [is] to go all-in on F-47 and get that programme right while maintaining the option for F/A-XX in the future,” the source said.

After years of hollowing and forcing out at Boeing's experienced Engineers chief executive of Boeing Defense, Space & Security, Steve Parker, lied (is anyone surprised) saying Boeing was capable of supporting both F-47 and F/A-XX fighter efforts simultaneously.

US lawmakers approve 84% funding cut to US Navy’s F/A-XX sixth-generation fighter.
Ending a major point of uncertainty for the US aerospace industry, elected lawmakers in Washington say they will support a Trump Administration plan to provide only minimal funding to the US Navy’s (USN’s) sixth-generation fighter programme.

Known officially as the Next Generation Fighter and colloquially as the F/A-XX, the aircraft development programme intends to deliver a carrier-based fighter to succeed the navy’s large fleet of Boeing F/A-18E/F Super Hornet and EA-18G electronic attack jets.

However, in what lawmakers describe as the final version of the annual defense policy bill known as the National Defense Authorization Act (NDAA), Congress appears poised to enact significant funding cuts to the F/A-XX programme, as requested by the Trump Administration.

The administration’s fiscal year 2026 budget request to Congress was decidedly cool toward the naval fighter, including only $74 million for F/A-XX development – 84% less than the $453 million approved for the programme in FY2025.

On 10 December, the US House of Representatives voted to pass the 2026 NDAA with only $74 million directed toward the Next Generation Fighter programme. The Senate already passed its own version of the legislation in October containing similar cuts.

The White House and Pentagon say they want to pool resources behind the US Air Force’s F-47 development effort, while keeping the US Navy’s sixth-generation F/A-XX programme on life support

A Pentagon official who spoke to FlightGlobal in June on condition of anonymity said the administration has opted to maximise resources going to the US Air Force’s (USAF’s) land-based sixth-generation fighter and to effectively keep the navy’s F/A-XX on life support.

“We did make a strategic decision to go all-in on F-47,” the defense official said of the FY2026 budget request.

Boeing was selected as the winner of the USAF’s Next Generation Air Dominance competition in March, with the company’s design designated F-47.

That programme is set to receive more than $2.5 billion in development funding in FY2026, under the latest (and allegedly final) draft of the NDAA. An additional $400 million was allocated to the F-47 development effort under a one-time budget reconciliation spending package passed in July.

Boeing and Northrop Grumman are the presumptive finalists for the Next Generation Fighter programme, more commonly known as F/A-XX

The Armed Services Committee of the House of Representatives says the FY2026 NDAA includes “full funding” for both the F-47 and F/A-XX, indicating the bill will go along with the administration’s requests.

What that means for the future of the sixth-generation naval fighter is unclear.

The defense official who spoke to FlightGlobal earlier this year said the goal was to provide enough financial support for the navy to make source selection for the Next Generation Fighter, but not necessarily advance into production.

“Our belief [is] that the industrial base can only handle going fast on one programme at this time, and the presidential priority [is] to go all-in on F-47 and get that programme right while maintaining the option for F/A-XX in the future,” the source said.

Industry officials, including the chief executive of Boeing Defense, Space & Security, Steve Parker, have said they are capable of supporting both fighter efforts simultaneously.

The navy has not announced its choice of a final supplier for the still-unnamed F/A-XX, although Boeing and Northrop Grumman are presumptive finalists after Lockheed Martin was eliminated early in 2025.

For much of the summer and autumn, it seemed likely Congress would override the White House and provide more robust levels of funding to the F/A-XX programme.

That appears to be the case for the air force’s Boeing E-7A Wedgetail programme, which the White House and Pentagon chief Pete Hegseth are seeking to end before moving into full procurement. The FY2026 NDAA would prevent that, at least in the short term.

An earlier draft of the FY2026 defence budget released by the House appropriations committee in June would have circumvented the administration’s cuts and restored F/A-XX funding. Lawmakers at the time even expressed a preference for increasing the programme’s FY2026 budget to $971 million.

In response, the White House issued a memo outlining its rationale for an emphasis on the F-47 at the expense of the carrier-based sixth-generation fighter.

“Awarding the F/A-XX contract as written is likely to delay the higher-priority F-47 programme, with low likelihood of improving the timeline to field a navy sixth-generation fighter,” the executive office of the president said.

Although Congress has not yet approved the NDAA, and must separately pass appropriations legislation with actual spending authorisations, a legislative override of the White House’s wishes on F/A-XX now appears less likely – though certainly not impossible.

Boeing Defense, Space & Security, Steve Parker, lying out his teeth stating Boeing was capable of supporting both F-47 and F/A-XX fighter efforts simultaneously.

Get rid of it ! You are wasting everyone's time. Whoever purchased the application is getting kickbacks on or in the back end. Siebel ran better than this. And we all know where that got us. I have never seen a more inept application. Have you ever counted the number of screens that flash on your tablet when trying to run salesforce just to have it transfer the customers account into opus ? Screens that just go nuts and serve no purpose. 9 different screens that go crazy and bouncing ba--s too. And security.......... total lack of security. We took a step backwards in securing customer accounts.

Cyber security executives have recently been firing people because they have been putting their own spin on executive orders and thus individuals have been terminated for not meeting company expected standards. Starting in quarter one management is further informed to start cutting manpower based on personal perception and end of year reviews. It's not about your job it's about popularity contest and thus as long as you make your manager and managers above them happy then you're in a good place but if you try to protect the bank or do something that is against the CISO new secure design plan they are going to terminate you without a chance to redeem yourself. Management is further encouraged to get rid of people who do not get above meets.

In short the new management chain wants nothing more than mindless monkeys to push buttons and follow scripts where pictures match the words this is why cybersecurity management is incapable of protecting its employees and throwing them underneath the bus.

Majority of the roles that cybersecurity fulfills will be replaced by AI and managers will be displaced or move to another team to fulfill another role depending on if that executive likes them or not. For managers who are not near a hub location and were promised a year and a half to two year extension to keep their job that's expected to end in quarter one and those managers are expected to be laid off or terminated.

To those individuals in the cyber security line of business good luck now that you are forced to compete like a model competes in a beauty pageant there is no reason for you to even willingly stay here now that you are degraded even more.

And for those who are not aware of cyber security is making this adjustment in quarter one because they're taking advantage of the PTO burn for the holiday season.

If you are not liked by your manager or your manager has given you biased end of year reviews in the last 2 years then your ticket is punched you are going to be gone quarter one

Fiserv faces security issue lawsuit : A civil complaint alleges the payment processor misled its customers about the use of two-factor authentication to access systems containing sensitive information.

USB drive appears under This PC, but will show 0 bytes capacity, 0 bytes used regardless of format.

Email puts everything out there for inspection and company retention.

Anyone get this when the logged in this morning. Of course makes me ultra paranoid to have seen a security patch reboot prompt as soon as I unlocked my computer

Has anyone heard anything about the CISO org?

Layoff notices today in chief security org in ct and ga. (Great economy, we are so winning).

Att quickly discovered some unauthorized access to customer online accounts in August. User is and answers to security questions were obtained from outside of att and used to log in. Impacted accounts have been locked by att.

Has anyone heard if the security teams will be affected, specifically those working under Mike Russo? Many of these teams are brand new teams build over the last year.

I saw an armed policeman on the upper floor of the cube. I noticed him still there couple of hours later. I asked some people in my class about what he could be doing there.
One guy said the policeman stops every person that goes to the elevator and checks if there name is on a list.
There was obviously such an important meeting at the top level of the cube that employees were not allowed on the same floor as the meeting.

What are they discussing such that an armed guard is required to keep employees off that whole floor?

I'm talking about laptops, cell phones, etc.

Are laid off people's devices locked up and wiped out the day of? Or are laid off employees still considered employees until the end of the year with limited access to their devices?

So here’s the story, folks. This company, a very smart company, didn’t care about security for years. Total disaster. Then bo-m! They get hacked. Suddenly, they “find” all this money for cybersecurity, like it was hiding under the CEO’s golf clubs. Now they’re bragging about their “massive investment” in security and even rolled out a shiny new “promise to customers”. Very touching, very emotional stuff. But behind the scenes? They cut the budget for training the people who actually use and develop the systems. Brilliant strategy! They say it’s about protecting customers, but everybody knows it’s just about protecting their image. “We take security very seriously,” they say. Sure they do. About as seriously as they took it the day before the breach. Sad!

Why the extra security in the buildings on campus today?

Security is G2s domain. Lets see PANW next week.
Hyperscalers just consume chips ( Silicon One)

I’m happy our stock is up - but markets are over-rewarding hyperscaler AI exposure; ( we know the Hyperscaler ) Kudos to Martin ‘s Silicon One team and let’s hope they continue to deliver else will be punish harder next year - AI infra is the hottest narrative in tech.

Top-heavy CPO office not done much here - btw NO SECURITY headlines !!! What’s going on there ?

This got buried in another post but it's worth restating.

There are now social engineering attacks on this site. Whether they are internal or not, consider what you're replying to. Stop revealing what YOU do, onboarding and generally how security and monitoring work.

Long story short, they will fire you for this. Not rif you. Fire you. I'm not a troll or from HR. I just want to offer a warning on the social engineering seems to be happening more frequently on this site.

This is not related to posts initiated about rifs or company complaints, although be careful not to out yourself there either.

It appears as if security at Home Office is being more aggressive lately. We have been told to report anyone who we do not recognize on our floor immediately to firm security. We have also been told to not hold the door open for anyone after we have badged into the building and/or onto our floors. Is there a security concern at Home Office that anyone knows about that we may need to know about? Is the Home Office safe to work at?

Never seen such a clear excuse to use to cut people who arent aware of not being in compliance