A Review of the Best News of the Week on Cybersecurity Management & Strategy
Report: Russian-sponsored hackers could have modified U.S. voter data, but didn’t (SC Magazine, Jul 26 2019)
Russian state-sponsored cyber actors “conducted an unprecedented level of activity against state election infrastructure in the run-up to the 2016 U.S. elections,” the U.S. Senate Select Committee on Intelligence concludes in the first volume of its report on Russia’s efforts to interference in America’s most recent presidential election.
WannaCry slayer, malware author Marcus Hutchins won’t go to prison (Ars Technica, Jul 26 2019)
Hutchins helped stop the WannaCry outbreak, but he had a dark past.
Silicon Valley Issues Election Security Report (Infosecurity Magazine, Jul 26 2019)
A grand jury finds that San Mateo email and online communications platforms are vulnerable.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Post-Equifax settlement, NY updates data breach notification laws (Naked Security – Sophos, Jul 30 2019)
Equifax is fined $675 million, while New York data breach notification law now covers biometrics, passwords, and more.
You’ll Get Your Equifax Money. It Just Might Take a While (Wired, Jul 31 2019)
Despite the FTC pushing people away from an Equifax cash payout, there’s a good chance you’ll get all $125. Eventually.
The dynamic of modern security challenges: Issues security leaders face today (Help Net Security, Jul 29 2019)
We sat down with Neil Weicher, CTO & Founder, NetLib Security, to discuss encryption technologies, the threat of legacy applications, the complexity of cloud security, medical IoT, and more.
Trump’s Cyber Czar Is Back—and He Wants to Make Hackers Suffer (Wired, Jul 29 2019)
Trinity’s tricks, the founders claim, include meddling with the authentication between a hacker’s command-and-control server and his or her malware, so that the malicious code mysteriously breaks. They can swap the data a hacker steals on its way out of the network, so that it appears valid but can’t be read or executed. They can intercept a command sent to a malware implant and replace it with one that tells the malware to uninstall itself, or swap a response back from the malware to the server with one that tricks the server into beaconing out its location and revealing itself. All of this is intended to foil hackers without ever giving them clear feedback about why they’re failing, turning even a simple operation into a drain on time and resources.
Suffering SOC Saga Continues (Dark Reading, Jul 30 2019)
More than half of IT and security professionals consider their security operations center (SOC) ineffectual, and the long hours, alert overload, and incomplete visibility into their IT infrastructure has 65% considering quitting their jobs.
CISOs Must Evolve to a Data-First Security Program (Dark Reading, Jul 30 2019)
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Sephora Offers Monitoring Services in Wake of Data Breach (Dark Reading, Jul 29 2019)
The data breach compromised data belonging to customers in parts of Southeast Asia, Australia, and New Zealand.
Personal info on 2,500 LAPD members, 17.5K applicants stolen (SC Magazine, Jul 29 2019)
A hacker contacted the Los Angeles Information Technology Agency last week and claiming to have stolen personal information of 2,500 members of the LAPD and 17,500 applicants to the police force.
Georgia State Patrol agency infected with ransomware (SC Magazine, Jul 29 2019)
The Georgia State Patrol was reportedly the target of a July 26 ransomware attack that has necessitated the precautionary shutdown of its servers and network.
53% of enterprises have no idea if their security tools are working (Help Net Security, Jul 31 2019)
Companies deploy on average 47 different cybersecurity solutions and technologies . Less than half of IT experts are confident that data breaches can be stopped with their organization’s current investments in technology and staff
Cyberattack forces Houston County schools to postpone opening day (SC Magazine, Jul 31 2019)
Several thousand school children in Alabama had their summer vacation extended by two weeks as the Houston County School District was forced for the second time to delay opening day due to a cyberattack.