A Review of the Best News of the Week on Cybersecurity Management & Strategy

Elite hackers target WHO as coronavirus cyberattacks spike (Reuters, Mar 24 2020)
WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear and the effort was unsuccessful.

What’s preventing organizations from making pragmatic security decisions? (Help Net Security, Mar 24 2020)
Human beings are poor judges of risk. For example, we perceive the risk of air travel to be higher than it actually is after a fatal aviation-related accident happens.

AMD Confirms Hacker Stole Information on Graphics Products (SecurityWeek, Mar 26 2020)
AMD has confirmed that a hacker has stolen files related to some of its graphics products, but the company says it’s not too concerned about the impact of the leak.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

FBI Shuts Down Hacker Platform, Arrests Administrator (SecurityWeek, Mar 25 2020)
The Federal Bureau of Investigation recently took down a Russian-based online platform where various cybercrime products and services were being sold, the Department of Justice announced on Tuesday.

Pwn2Own hackers go remote, then crack macOS and Oracle machines anyway (CyberScoop, Mar 26 2020)
The winning team, called Fluoroacetate, made up of researchers Amat Cama and Richard Zhu, demonstrated ways to crack Microsoft Windows and Adobe Reader with local privilege escalation techniques, in which hackers leverage one flaw to access other areas of an affected system. They won a combined $90,000 for the successful hacks.

Three-Quarters of Large Firms Suffered Security Breach Last Year (Infosecurity Magazine, Mar 26 2020)
UK government study claims companies are getting better at mitigating threats

US Government Sites Give Bad Security Advice (Krebs on Security, Mar 25 2020)
“Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.”

Virgin Media Facing Huge Compensation Bill Over Data Breach (Infosecurity Magazine, Mar 27 2020)
Virgin Media could be facing a bill of up to 4.5bn

GitHub Paid Out Over $1 Million in Bug Bounties (SecurityWeek, Mar 27 2020)
GitHub this week announced that it has paid out over $1 million in rewards to the security researchers participating in its bug bounty program on HackerOne.

Vulnerability Management Isn’t Just a Numbers Game (Dark Reading, Mar 24 2020)
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.

What Is the Most Secure Video Conferencing Software? (VICE, Mar 24 2020)
Now that we can’t meet IRL, is Zoom as good as it gets for video calling?

Internet Voting in Puerto Rico (Schneier on Security, Mar 24 2020)
“Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill.”

Inside an Instagram Celebrity Hacking Campaign (VICE, Mar 24 2020)
Hackers targeted an adult film star. A white hat hacker decided to help.

On Cyber Warranties (Schneier on Security, Mar 26 2020)
“Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof’s “market for lemons”) or a marketing trick.”

Insurance Giant Chubb Might Be Ransomware Victim (Dark Reading, Mar 26 2020)
A ransomware operator claims to have successfully attacked Chubb Insurance databases.

UK Government Uses Zoom Despite MoD Security Concerns (Infosecurity Magazine, Mar 27 2020)
Question marks over Cabinet use of commercial conferencing tool

Story of Gus Weiss (Schneier on Security, Mar 27 2020)
“This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion somewhere in Siberia in the 1980s.

Lots of information about the origins of US export controls laws and sabotage operations.”