A Review of the Best News of the Week on Cybersecurity Management & Strategy
Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security (Krebs on Security, Jan 31 2020)
“On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview with the two accused…”
The Colorado Mystery Drones Weren’t Real (VICE, Jan 29 2020)
“In all of these cases,” Iovinella wrote in this statement, “it is unknown who owns the drone or what their purpose is.”
That’s because the drones never existed.
Maze Ransomware Hits Law Firms and French Giant Bouygues (Infosecurity Magazine, Feb 03 2020)
Stolen data already being leaked online to force payment
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Brazil Judge Rejects Hacking Accusation Against Greenwald (SecurityWeek, Feb 07 2020)
A judge in Brazil’s capital on Thursday dismissed accusations that journalist Glenn Greenwald was involved in hacking phones of officials, following weeks of criticism that his prosecution would infringe on constitutional protections for the press.
AIG must cover client’s $5.9 million in cyber-related losses, judge rules (CyberScoop, Feb 03 2020)
Insurance giant AIG must cover nearly $6 million in losses for a client that was fleeced by an email scam carried out by suspected Chinese hackers, a federal court has decided. A judge in the Southern District of New York ruled Wednesday that AIG was in breach of contract when it previously denied a claim from SS&C Technologies, a $6 billion financial technology firm.
Cybersecurity lacking at most of the world’s major airports (SC Media, Jan 30 2020)
The study found 97 of the world’s 100 largest airports have have security risks related to vulnerable web and mobile applications, misconfigured public cloud, dark web exposure or code repositories leaks. Some of the most egregious findings were:
The CIA’s Infamous, Unsolved Cryptographic Puzzle Gets a ‘Final Clue’ (VICE, Jan 31 2020)
“Even once it’s cracked, it’s gonna be a riddle, something that’s still controversial and hard to figure out,” the creator of the Kryptos puzzle sculpture says.
Cloudflare + Remote Browser Isolation (The Cloudflare Blog, Feb 04 2020)
Cloudflare announced today that it has purchased S2 Systems Corporation, a Seattle-area startup that has built an innovative remote browser isolation solution unlike any other currently in the market.
Missile Engineer Arrested After Taking Secret Info to China (Infosecurity Magazine, Feb 03 2020)
Chinese-born former Raytheon employee behind bars
You’re the new CISO — Now what? (SC Media, Feb 03 2020)
Once a new CISO joins an organization, onboarding can be daunting. Where should a new CISO even begin? Let’s break down the three initiatives CISOs can implement in order to be more proactive and successful, right from the start.
What WON’T Happen in Cybersecurity in 2020 (Dark Reading, Feb 04 2020)
Predictions are a dime a dozen. Here are six trends that you won’t be hearing about anytime soon.
Australian Shipping Giant Toll Hit by Ransomware (SecurityWeek, Feb 04 2020)
Australian transportation and logistics giant Toll Group was forced to shut down some of its online services in response to a ransomware attack and customers are not happy with the way the company has handled the incident.
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom (Dark Reading, Feb 04 2020)
For cities, states and towns, paying up is short-sighted and only makes the problem worse.
Booter Boss Busted By Bacon Pizza Buy (Krebs on Security, Feb 04 2020)
“Investigators say the onetime booter boss’s identity became clear after he ordered a bacon and chicken pizza delivered to his home using the same email address he originally used to register his criminal attack service.”
Lack of .GOV validation and HTTPS leaves states susceptible to voter disinformation campaigns (Help Net Security, Feb 05 2020)
There’s a severe lack of U.S. government .GOV validation and HTTPS encryption among county election websites in 13 states projected to be critical in the 2020 U.S. Presidential Election, a McAfee survey reveals.
Over 80% of UK Firms Don’t Have Specialist Cyber Insurance (Infosecurity Magazine, Feb 05 2020)
Gallagher study warns that traditional policies may not cover breaches
Malware attacks destroy Fondren Orthopedic Group patient records (SC Media, Feb 05 2020)
The Fondren Orthopedic Group is notifying its patients that their personal health information was compromised during a November 2019 malware incident.
Forescout to be acquired by a pair of private equity firms for $1.9B (TechCrunch, Feb 06 2020)
Forescout, the network security company that has been publicly traded since 2017, announced today it was going private again. Private equity firms Advent International and Crosspoint Capital are acquiring the company in an all-cash purchase of $1.9 billion.
90% of CISOs Would Cut Pay for Better Work-Life Balance (Dark Reading, Feb 06 2020)
Businesses receive $30,000 of ‘free’ CISO time as security leaders report job-related stress taking a toll on their health and relationships.
CISOs burdened by unhealthy stress levels, survey study finds (SC Media, Feb 06 2020)
In a recent survey of 400 U.S.- and UK-based chief information security officers, an overwhelming number, 88 percent, said they find themselves under a moderate or high amount of job-related stress.