A Review of the Best News of the Week on Cybersecurity Management & Strategy

2017 Data Breach Will Cost Equifax at Least $1.38 Billion (Dark Reading, Jan 15 2020)
Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today to file a claim.

Fancy Bear’ Targets Ukrainian Oil Firm Burisma in Phishing Attack (Dark Reading, Jan 14 2020)
The oil & gas company is at the heart of the ongoing US presidential impeachment case.

A case for establishing a common weakness enumeration for hardware security (Help Net Security, Jan 13 2020)
Due to these missing reference materials for hardware vulnerabilities in the CWE, researchers do not have the same standard taxonomy that would enable them to share information and techniques with one another. If we expect hardware vendors and their partners to collectively deliver more secure solutions, we must have a common language for discussing hardware security vulnerabilities.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Microsoft to Officially End Support for Windows 7, Server 2008 (Dark Reading, Jan 13 2020)
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.

#THIREurope: How Target Improved its Threat Hunting Capabilities (Infosecurity Magazine, Jan 13 2020)
Program focus – change focus to align with what Target needed the program to do
Operational consistency – so they know how things are running
Hunt topic strategy – to gain a layer of strategy on top of hunting

Christmas Ransomware Attack Hit New York Airport Servers (SecurityWeek, Jan 10 2020)
An upstate New York airport and its computer management provider were attacked by ransomware over Christmas, officials said.

Dustman Attack Underscores Iran’s Cyber Capabilities (Dark Reading, Jan 14 2020)
For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain’s national oil company, Bapco, before it executed a destructive payload.

What Questions Should I Keep in Mind to Improve My Security Metrics? (Dark Reading, Jan 13 2020)
If you can answer these six questions, you’ll be off to a great start.

Website Collecting Australian Fire Donations Hit by Magecart (Dark Reading, Jan 13 2020)
The attack may have compromised donors’ payment information.

Five Key Cyber-Attack Trends for This Year (Infosec Island, Jan 14 2020)
Every single smart device within an IoT ecosystem, for example, is ultimately interacting with an API. And far less bandwidth is needed to attack APIs, and they can rapidly become hugely disruptive bottlenecks.

TSA Desires “Cybersecurity by Design” (Infosecurity Magazine, Jan 13 2020)
US Transport Security Administration wants cybersecurity factored into new technology

Cloudflare Rethinks How to Secure Employee Experience (IT Pro, Jan 13 2020)
Cloudflare for Teams provides fast, secure employee access to internal apps, web browsing and collaboration with dispersed team members.

Resilient Governance for Boards of Directors: Considerations for Effective Oversight of Cyber Risk – CLTC UC Berkeley Center for Long-Term Cybersecurity (Berkeley, Jan 15 2020)
A new report from CLTC and Booz Allen Hamilton provides a framework to help boards of directors approach cybersecurity governance and oversight

Pete Buttigieg’s Campaign Cybersecurity Chief Resigns (WSJ, Jan 16 2020)
The cybersecurity chief for Democratic candidate for president Pete Buttigieg’s campaign has resigned, as concerns mount about attempts by foreign governments and hackers to interfere in the 2020 election.

NY Fed Reveals Implications of Cyberattack on US Financial System (Dark Reading, Jan 16 2020)
A “pre-mortem analysis” sheds light on the potential destruction of a cyberattack against major US banks.

Why Firewalls Aren’t Going Anywhere (Dark Reading, Jan 15 2020)
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.

Bill for New Orleans Cyber-Attack $7m and Rising (Infosecurity Magazine, Jan 16 2020)
Cyber-attack on New Orleans will cost the city over $7m to fix

Hackers Earn $275,000 for Vulnerabilities in U.S. Army Systems (SecurityWeek, Jan 17 2020)
A total of 146 valid vulnerabilities were reported as part of the second Hack the Army bug bounty program, and more than $275,000 were paid in rewards.

Cloudflare Announces Free Security Services for Political Campaigns (SecurityWeek, Jan 17 2020)
Security and web performance company Cloudflare has announced a suite of services for the cyber-protection of political campaigns in the United States and worldwide.

Whatever Happened to Anonymous? (VICE, Jan 16 2020)
It was once the hacking bogeyman, but now it seems no more.