Incident-Response

When the Negotiator Is on Both Sides of the Table: Rethinking IR Trust After the BlackCat Sentencings

1 May 2026·1822 words·9 mins

Incident Response Incident-Response Insider-Threat Ransomware Third-Party Risk

On April 30, 2026, two former incident response professionals were sentenced to four years in federal prison each for conducting BlackCat ransomware attacks against U.S. companies. One had been an IR manager at a well-known IR firm. The other had been a ransomware negotiator at a separate well-known firm. The case forces a question most organizations have never seriously asked: what is the actual control model for the people you call when everything is on fire?

FIRESTARTER and the Detection Gap CISA Just Made Official

28 April 2026·1417 words·7 mins

Threat-Intelligence Threat-Intelligence Edge-Security Detection-Engineering Incident-Response

On April 23, 2026, CISA and the UK NCSC published a malware analysis report on FIRESTARTER, a custom backdoor that survives patching, reboots, and firmware upgrades on Cisco Firepower and Secure Firewall devices. The federal directive itself states that Sigma rules are not effective against it. That admission has implications well beyond the federal civilian executive branch.

↑