A Review of the Best News of the Week on Cybersecurity Management & Strategy

Three major gaps in the Cyberspace Solarium Commission’s report that need to be addressed (Help Net Security, Jul 09 2020)
Released in March 2020, the Cyberspace Solarium Commission’s report urges for the U.S. government and private sector to adopt a “new, strategic approach to cybersecurity,” namely layered cyber deterrence. Among the Commission’s lengthy 182-page report’s recommendations are that security vendors must be responsible for providing security updates for their products or services as long as they are providing usability updates and bug fixes.

Report: Israeli cyberattack caused Iran nuclear site fire, F35s hit missile base (The Times of Israel, Jul 03 2020)
Kuwaiti newspaper cites unnamed senior source as saying Jerusalem behind recent incidents in Iran, following an alleged attempt by Tehran to hack Israel’s water infrastructure

Manufacturing Sector Paid Out 62% of Total Ransomware Payments in 2019 (Infosecurity Magazine, Jul 07 2020)
The manufacturing sector made 62% of ransomware payments last year

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Building Security Strategies in Sub-Saharan Africa: Trends and Concerns (Dark Reading, Jul 02 2020)
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.

Hackers Are Finding Footage on Police Body Cams They Bought on eBay (VICE, Jul 08 2020)
Hackers are buying used body cameras on eBay and finding troves of video evidence.

Pen Testing ROI: How to Communicate the Value of Security Testing (Dark Reading, Jul 09 2020)
There are many reasons to pen test, but the financial reasons tend to get ignored.

The Secret Service Tried to Catch a Hacker With a Malware Booby-Trap (VICE, Jul 10 2020)
The attempt failed, but so-called "network investigative techniques"—the U.S. government’s term for law enforcement hacking tools—are not limited to the FBI, according to newly unsealed court records.

CCPA enforcement to put pressure on financial organizations’ IT resources (Help Net Security, Jul 02 2020)
Enforcement of the California Consumer Privacy Act (CCPA), which begins on July 1, 2020, is going to put additional pressure on already overstretched IT resources and budgets, Netwrix reveals. Increase in DSARs According to the survey, 32% of financial organizations have already seen an increase in data subject access rights requests (DSARs) since the CCPA came into force on January 1, 2020.

Volume and Size of Fines for Data Breaches Expected to Rise (Infosecurity Magazine, Jul 06 2020)
37% of workers expect the number and size of fines for their employers to increase

North Korean Hackers Behind Magecart Attacks (Infosecurity Magazine, Jul 06 2020)
Sansec claims Pyongyang-sponsored attackers struck Claire’s

Google VP Withdraws from Black Hat 2020 Over its Name (Infosecurity Magazine, Jul 06 2020)
Heated debate in infosec community after calls for change in terminology

LeBron James among the 1st stars to have their stolen law firm files put up for auction (SC Media, Jul 02 2020)
The Sodinokibi/REvil ransomware gang has apparently made good on its threat to auction off files it lifted from celebrity law firm Grubman Shire Meiselas & Sacks. The group on July 1 reportedly placed legal documents corresponding to Nicki Minaj, Mariah Carey and LeBron James up for bid, with the starting price set at $600,000 per…

Ransomware Operators Demand $14 Million From Power Company (SecurityWeek, Jul 02 2020)
The threat actor behind the Sodinokibi (REvil) ransomware is demanding a $14 million ransom from Brazilian-based electrical energy company Light S.A.

The rise and fall of Adobe Flash (Ars Technica, Jul 07 2020)
Before Flash Player sunsets this December, we talk its legacy with those who built it.

Business efficiency metrics are more important than detection metrics (Help Net Security, Jul 07 2020)
With cyberattacks on the rise, today’s security professionals are relying primarily on detection metrics – both key performance indicators (KPIs) and key risk indicators (KRIs) – as the primary means to measure the success of their security programs. However, focusing on detection metrics alone is not enough to fully optimize organizational productivity and security over time.

Microsoft takes legal action against COVID-19-related cybercrime  – Microsoft on the Issues (Microsoft on the Issues, Jul 08 2020)
A U.S. court unsealed detaiils of Microsoft’s work disrupting cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers  around the world.

UK Cyber Startups Raise Almost £500m During First Half of 2020 (Infosecurity Magazine, Jul 08 2020)
UK startups have nearly eclipsed the total raised last year already despite COVID-19

Police Are Buying Access to Hacked Website Data (VICE, Jul 08 2020)
The sale is “an end-run around the usual legal processes.”

Up Close with Evilnum, the APT Group Behind the Malware (Dark Reading, Jul 09 2020)
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.

Google Updates Policies to Reject Ads for Spyware (SecurityWeek, Jul 10 2020)
Google this week announced that, starting next month, an update to its policy will effectively result in the rejection of ads for surveillance technology.