A Review of the Best News of the Week on Cybersecurity Management & Strategy
Google Shares Data on State-Sponsored Hacking Attempts (SecurityWeek, Nov 27 2019)
Google’s Threat Analysis Group (TAG) this week shared some data on government-backed hacking and disinformation attempts targteting its customers
Champagne, shotguns, and surveillance at spyware’s grand bazaar (MIT Technology Review, Nov 26 2019)
The world’s leading surveillance and spyware companies gathered in Paris to meet growing demand from governments around the world.
Five Years Later, Who Really Hacked Sony? (The Hollywood Reporter, Nov 27 2019)
The massive cyberattack just before Thanksgiving 2014 crippled a studio, embarrassed executives and reshaped Hollywood. The FBI blamed a North Korea scheme to retaliate for the comedy ‘The Interview,’ but many whose lives were upended have doubts. Says Seth Rogen: “The fact that [co-director Evan Goldberg and I] were never really specifically targeted always raised suspicions in my head.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Target Seeks $74M in Data Breach Reimbursement from Insurance Company (Dark Reading, Nov 22 2019)
The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.
It’s Way Too Easy to Get a .gov Domain Name (Krebs on Security, Nov 26 2019)
“Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain.”
Church’s Chicken Restaurants Hit by Payment Card Breach (SecurityWeek, Nov 25 2019)
At least 160 Church’s Chicken restaurants across 11 U.S. states are impacted by a data breach that involved unauthorized access to payment processing systems.
110 Nursing Homes Cut Off from Health Records in Ransomware Attack (Krebs on Security, Nov 23 2019)
A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States.
The overlooked part of an infosec strategy: Cyber insurance underwriting (Help Net Security, Nov 26 2019)
“On average we provide between $500K – $1M in limits for cyber insurance coverage for SMBs. In order for a business to secure this coverage we evaluate potential risk by leveraging data and analytics to provide a forensics-level report on current and predictive risk.”
UK Government Invites Bids for New Cybersecurity Platform (Infosecurity Magazine, Nov 25 2019)
The UK’s Ministry of Justice is inviting bids for the creation of a single, centralized cybersecurity log collection and aggregation platform.
Court says suspect can’t be forced to reveal 64-character password (Naked Security – Sophos, Nov 26 2019)
We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.
5 Ways to Champion and Increase Your 2020 Security Budget (Dark Reading, Nov 26 2019)
Give your organization’s leadership an impactful, out-of-office experience so they know what’s at stake with their budgeting decisions.
New Bill Could Cost US Companies Data (Infosecurity Magazine, Nov 26 2019)
New bill proposes granting US citizens the right to request companies delete data
Splunk customers should update now to dodge Y2K-style bug (Naked Security – Sophos, Nov 27 2019)
Splunk has issued a critical warning regarding a showstopping Y2K-style date bug in one of the platform’s configuration files.
EU raises eyebrows at possible US encryption ban (Naked Security – Sophos, Nov 27 2019)
EU officials have warned that they may not take kindly to a US encryption ban or insertion of crypto backdoor technology.
Meet Kilos, a New Search Engine for the Dark Web (SecurityWeek, Nov 27 2019)
Kilos is a new dark web search engine that goes where Google doesn’t.
Cryptocurrency exchange loses US$50 million in apparent hack (WeLiveSecurity, Nov 27 2019)
UPbit has announced that, as a precaution, all transactions will remain suspended for at least two weeks
Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains (Krebs on Security, Nov 26 2019)
“On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.”
Practical Principles for Security Metrics (Dark Reading, Nov 27 2019)
A proactive approach to cybersecurity requires the right tools, not more tools.