A Review of the Best News of the Week on Cybersecurity Management & Strategy

Resources for Measuring Cybersecurity (Schneier on Security, Nov 01 2019)
Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity.

The Ransomware Superhero of Normal, Illinois (ProPublica, Oct 28 2019)
Thanks to Michael Gillespie, an obscure programmer at a Nerds on Call repair store, hundreds of thousands of ransomware victims have recovered their files for free.

Russian Hackers Are Still Targeting the Olympics (Wired, Oct 28 2019)
Fancy Bear has attacked 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

2,000 Georgia Websites Hit by Cyber Attacks (SecurityWeek, Oct 28 2019)
Some 2,000 websites in Georgia, including those of the president, courts, and media came under a massive cyber attack on Monday, officials and media said.

Want to overcome patching challenges once and for all? Automation is the key (Help Net Security, Oct 30 2019)
An automated patching solution can automatically investigate which patches are most appropriate for each system, cross-reference previous successful patches, give the go-ahead to a full patch management process, and automate post-patch verification and testing. Minimising manual steps helps reduce the chance of human error and ensure effective patch deployment.

Can You Trust Security Vendor Surveys? (SecurityWeek, Oct 30 2019)
Surveys in the information security industry are popular. They tell us what our peers are doing in similar circumstances, and they can highlight common pitfalls we may have missed. Surveys are different to the reports that analyze known data from known sources, such as the prevalence of a specific malware as shown by a vendor’s own telemetry. In this article, we are defining surveys as an analysis of people-provided information, not data-provided facts.

Nuclear Power Plant in India Hit by North Korean Malware: Report (SecurityWeek, Oct 30 2019)
India’s largest nuclear power plant was reportedly hit recently by a piece of malware linked by experts to North Korean hackers, but officials said control systems were not compromised.

Facebook spyware lawsuit opens a new front in encryption battle (Washington Post, Oct 30 2019)
Facebook launched a new front in the battle over encryption yesterday by suing the Israeli spyware firm NSO Group for allegedly hacking WhatsApp, its encrypted messaging service, and helping government customers snoop on about 1,400 victims.

Norsk Hydro Receives First Insurance Payout Following Cyberattack (SecurityWeek, Oct 31 2019)
Norwegian aluminum giant Norsk Hydro recently published its financial results for the third quarter of 2019 and revealed that it received its first insurance payout related to the cyberattack that hit the company in March

UniCredit says personal data of 3 million customers was compromised (Help Net Security, Oct 28 2019)
Italian global banking and financial services giant UniCredit has announced that its cybersecurity team has identified “a data incident” that resulted in the compromise of personal data of 3 million of its customers.

New BBC ‘dark web’ Tor mirror site aims to beat censorship (Naked Security – Sophos, Oct 28 2019)
A mirror copy of the BBC’s international news website is now available to users on the so-called dark web.

Palo Alto Networks Blames Tariffs for Firewall Price Hikes (SecurityWeek, Oct 25 2019)
Network security firm Palo Alto Networks is planning to increase the price of its hardware products by a 5%, citing impact from recent tariffs for imported components. 

Major Florida Health System Fined $2M for HIPPA Breach (SecurityWeek, Oct 25 2019)
A major Florida health system with six hospitals must pay over $2 million after federal officials determined its HIPPA compliance program was in disarray for years.

Here’s what keeps British cybersecurity officials up at night (Washington Post, Oct 25 2019)
Martin touted the center’s success increasing the number of threat indicators it shares tenfold, to more than 1,000 per month, and the speed of sharing those indicators “from days to seconds.”

US Lawmakers Fear Chinese-Owned TikTok Poses Security Risk (Dark Reading, Oct 28 2019)
The popular video app has more than 110 million downloads in the United States and could give China access to users’ personal data, they say.

U.S. Fast-Food Chain Krystal Investigating Payment Card Breach (SecurityWeek, Oct 29 2019)
Krystal, a fast-food restaurant chain based in Atlanta, Georgia, informed customers recently that it has launched an investigation into a cybersecurity incident involving the payment processing systems used by some of its restaurants.

Takeaways from the $566M BriansClub breach (Krebs on Security, Oct 29 2019)
“Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world’s largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States. Also, a great deal of cybercrime seems to be perpetrated by a relatively small number of people.”

The count of managed service providers getting hit with ransomware mounts (Ars Technica, Oct 30 2019)
Threat researchers tracking public reports of MSP ransomware incidents up count to 13 this year.

Leading domain name registrars suffered data breach (Help Net Security, Oct 31 2019)
Web technology company Web.com and its subsidiaries – domain name registrars Register.com and Network Solutions – have suffered a data breach.

Major Cyber-Attack on APAC Ports Could Cost $110bn (Infosecurity Magazine, Oct 31 2019)
Lloyd’s-backed report warns of under-insurance in the region