A Review of the Best News of the Week on Cybersecurity Management & Strategy

Hackers Dump Personal Data of Hundreds of German Politicians (Bloomberg, Jan 04 2019)
Data was leaked over the past weeks via a Twitter account calling itself “G0d”.

The Dark Overlord Decrypts More 9/11 Insurance Files (Motherboard, Jan 04 2019)
After apparently raising thousands of dollars through a crowdfunding effort, The Dark Overlord have decrypted a set of the 9/11 attack connected litigation documents.

The Elite Intel Team Still Fighting Meltdown and Spectre (Wired, Jan 03 2019)
One year after a pair of devastating processor vulnerabilities were first disclosed, Intel’s still dealing with the fallout.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Start Preparing Now for the Post-Quantum Future (Dark Reading, Dec 28 2018)
So, breaking RSA and other common encryption schemes sounds pretty bad. But if large-scale quantum computers are still 10 to 15 years away, as even optimistic researchers believe, we have plenty of time to develop post-quantum cryptography solutions, right? Not really. There are two issues.

Vietnam’s New Cyber Law Threatens Free Speech (Infosecurity Magazine, Jan 02 2019)
Repressive legislation came into force on January 1

Ryuk Ransomware Suspected in U.S. Newspaper Attack (SecurityWeek, Jan 02 2019)
The recent cyberattack that disrupted the delivery of several major newspapers in the United States may have involved Ryuk, a piece of ransomware that has typically been used in targeted operations.

Ex-NSA Contractor Was a Suspect In Shadow Brokers Leak (Dark Reading, Jan 02 2019)
New court document shows law enforcement suspected possible involvement of Harold Martin in Shadow Brokers’ release of classified NSA hacking tools.

SOAR’s myopic focus may be its undoing (SC Magazine, Jan 03 2019)
Practically every CISO I speak with ranks the difficulty in getting multiple vendors “best of breed” security products working together and returning any measurable ROI as a constant entry in their Top-5 daily gripes. As access to experienced security professionals become scarcer and more expensive, the need to get security products working in harmony and reducing the overall energy needed to respond to and mitigate threats grows more pressing.

Hacker Promoting PewDiePie Stops Hacking Because They’re Getting Harassed (Motherboard, Jan 03 2019)
“Well, here I am, burned and roasted, awaiting my maybe-coming end,” HackerGiraffe wrote.

Fewer Affected in Marriott Hack, but Passports a Red Flag (SecurityWeek, Jan 04 2019)
Fewer Marriott guest records that previously feared were compromised in a massive data breach, but the largest hotel chain in the world confirmed Friday that approximately 5.25 million unencrypted passport numbers were accessed.

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack (Krebs on Security, Jan 02 2019)
“Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.”

25 Years Later: Looking Back at the First Great (Cyber) Bank Heist (Dark Reading, Jan 02 2019)
The Citibank hack in 1994 marked a turning point for banking — and cybercrime — as we know it. What can we learn from looking back at the past 25 years?

North Korea Defectors’ Details Leaked in Hacking (SecurityWeek, Dec 28 2018)
Personal details of nearly 1,000 North Korean defectors living in the South have been leaked in a hacking case, officials said Friday, exposing them to potential threats from the North.

Happy 9th Birthday, KrebsOnSecurity! (Krebs on Security, Dec 29 2018)
This past year featured some 150 blog posts, but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and wisdom in more than 10,000 comments.

Australian government worker info hacked (SC Magazine, Jan 02 2019)
Hackers accessed a limited amount of about information on 30,000 Australian government workers when a local directory was accessed and downloaded. The partial directory contained work emails, job titles and work phone numbers and the person’s mobile phone number if it is part of the staffer’s profile, reported Australian ABC News.

Website of Dublin Tram Service, Luas, Hacked (Infosecurity Magazine, Jan 03 2019)
The attacker is demanding a payment of one Bitcoin within five days.

Legislation 2018 (SC Magazine, Dec 27 2018)
2018 may go down as the year the EU’s GDPR went into effect but legislators domestically kept busy introducing and passing legislation meant to bolster the U.S.’s cybersecurity and privacy postures.

EU Looks to Reduce Exposure to Chinese 5G Risk: Report (Infosecurity Magazine, Jan 02 2019)
Brussels wants a more coordinated response to security challenges

South Carolina cybersecurity 6 years after 6 million tax records stolen (The State, Jan 02 2019)
Six years after hackers stole millions of South Carolina tax records, the state has ended a program to monitor victims’ credit records, and is still working to improve cybersecurity.

HHS Releases Best Practice Healthcare Cybersecurity Guidelines (HealthITSecurity, Jan 02 2019)
HHS released a four-volume publication, outlining best practices for healthcare cybersecurity. Each volume is tailored to a specific organization size, written for the security and or IT leadership.