A Review of the Best News of the Week on Cybersecurity Management & Strategy

Perspective | I found your data. It’s for sale. (Washington Post, Jul 18 2019)
As many as 4 million people have Web browser extensions that sell their every click. And that’s just the tip of the iceberg.

FBI Publishes GandCrab Decryption Keys (Dark Reading, Jul 16 2019)
Publishing the keys should render existing versions of the ransomware far less dangerous for victims.

Facebook Set For Record $5bn FTC Fine (Infosecurity Magazine, Jul 15 2019)
Social network penalized after Cambridge Analytica scandal

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Premera Blue Cross to cough up $10 million to 30 states over data breach (SC Magazine, Jul 12 2019)
Premera Blue Cross has consented to pay $10 million as compensation for a nearly year-long data breach that impacted more than 10.4 million health patients

Revealed: This Is Palantir’s Top-Secret User Manual for Cops (VICE, Jul 12 2019)
Motherboard obtained a Palantir user manual through a public records request, and it gives unprecedented insight into how the company logs and tracks individuals.

Trump is rattling sabers in cyberspace — but is the U.S. ready? (Politico, Jul 13 2019)
While cyber defenses are improving, some experts worry about how the U.S. would recover from an even larger strike.

Alan Turing – the face of the new £50 note (Graham Cluley, Jul 15 2019)
The Bank of England has announced that Alan Turing’s face will grace the new £50 note.

Alarm sounds over census cybersecurity concerns (TheHill, Jul 17 2019)
Lawmakers are raising concerns that the upcoming 2020 census, which people are expected to fill out primarily online for the first time, is opening the door to potential cyber vulnerabilities.

Bulgaria Probes Russia-Linked Leak of Taxpayer Data (SecurityWeek, Jul 16 2019)
Bulgaria ordered Tuesday a probe into the leak of a trove of taxpayer data in a Russia-linked cyberattack that was disclosed on the same day the former Soviet satellite nation moved to buy US-made F-16 jet fighters.

Meet the World’s Biggest ‘Bulletproof’ Hoster (Krebs on Security, Jul 16 2019)
“For at least the past decade, a computer crook variously known as “Yalishanda,” “Downlow” and “Stas_vl” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers. What follows are a series of clues that point to the likely real-life identity of a Russian man who appears responsible for enabling a ridiculous amount of cybercriminal activity on the Internet today.”

Party Like a Russian, Carder’s Edition (Krebs on Security, Jul 17 2019)
“KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement for a popular credit card fraud shop likely takes the cake.”

4 years after data breach, Slack resets 100,000 users’ passwords (Help Net Security, Jul 19 2019)
Roughly 100,000 Slack users are getting their password reset and will have to choose a new one. The reason? During the data breach the company suffered in 2015, the attackers have apparently not only accessed a database with user profile information and “irreversibly encrypted” passwords, but have also “inserted code that allowed them to capture plaintext passwords as they were entered by users at the time.”

Avast appoints Jaya Baloo as CISO (Help Net Security, Jul 15 2019)
Avast announced it has appointed Jaya Baloo to the position of Chief Information Security Officer (CISO), effective October 1, 2019. Jaya Baloo joins Avast from KPN, the largest telecommunications carrier in the Netherlands, where she held the position of CISO.

Microsoft warns 10,000 customers they’re targeted by nation-sponsored hackers (Ars Technica, Jul 17 2019)
Hacking remains a tool of choice for influencing elections, company warns.

MITRE ATT&CK Framework Not Just for the Big Guys (Dark Reading, Jul 17 2019)
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK’s common language.

A Lawyer’s Guide to Cyber Insurance: 4 Basic Tips (Dark Reading, Jul 12 2019)
The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.

Indiana County Pays $130,000 in Response to Ransomware Attack: Reports (SecurityWeek, Jul 15 2019)
LaPorte County in the U.S. state of Indiana has reportedly paid cybercriminals over $130,000 after they infected its systems with a piece of ransomware. The mayors of two major cities in LaPorte recently pledged not to give in to ransomware demands.

18% of Enterprises Holding Back on Windows 10 Upgrade (Dark Reading, Jul 15 2019)
Microsoft will officially end support for Windows 7 on January 14, 2020. Many large businesses aren’t ready.

Data dump suggests that Evite data breach affected 100M accounts (SC Magazine, Jul 17 2019)
A new addition to the data breach reference website “Have I Been Pwned?” seemingly reveals that more than 100 million accounts were compromised in this year’s data breach of the event-planning service Evite.

The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike (Dark Reading, Jul 19 2019)
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.