CISO View – The Week’s Best News – 2020.08.07

A Review of the Best News of the Week on Cybersecurity Management & Strategy

2019 Breach Leads to $80 Million Fine for Capital One (Dark Reading, Aug 06 2020)
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.

Trump Targets WeChat and TikTok, in Sharp Escalation With China (The New York Times, Aug 07 2020)
The government cited national security concerns in announcing sweeping restrictions on two popular Chinese social media networks, a move that is likely to be met with retaliation.

More than 20GB of Intel source code and proprietary data dumped online (Ars Technica, Aug 06 2020)
“Exconfidential Lake” leak includes docs Intel provided under NDA as recently as May.


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


‘We want to have more protection’: Arrested pen testers push for Good Samaritan law (SC Media, Aug 05 2020)
Prosecutors dropped felony criminal charges against a pair of ethical pen testers arrested while assessing the security of an Iowa courthouse. But the the two men are not ready move on just yet. Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a…

The Feds Want These Teams to Hack a Satellite—From Home (WIRED, Aug 06 2020)
Meet the hackers who, this weekend, will try to commandeer an actual orbiter as part of a Defcon contest hosted by the Air Force and the Defense Digital Service.

Data Security in the SaaS Age: Quick Wins (Securosis Blog, Aug 05 2020)
“As we wrap up our series on Data Security in the SaaS age, let’s work through a scenario to show how these concepts apply in a specific scenario. We’ll revisit the “small, but rapidly growing” pharmaceutical company we used as an example in our Data Guardrails and Behavioral Analytics paper. The CISO has seen the adoption of SaaS accelerate over the past two years.”

#BHUSA: How Nation States Hack Public Opinion (Infoscurity Magazine, Aug 07 2020)
Keynote speaker explains how nation state threat actors manipulate social media to extend disinformation, division and propaganda

Chinese Hackers Have Pillaged Taiwan’s Semiconductor Industry (Wired, Aug 06 2020)
A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.

NSO Spyware Was Used to Hack Clergy in Togo (VICE, Aug 03 2020)
Citizen Lab reveals that a Catholic bishop, a priest, and two politicians were targets of hackers leveraging a WhatsApp vulnerability.

How Should I Securely Destroy/Discard My Devices? (Dark Reading, Aug 03 2020)
While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.

Three Charged in July 15 Twitter Compromise (Krebs on Security, Jul 31 2020)
Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. 

Why Data Ethics Is a Growing CISO Priority (Dark Reading, Aug 03 2020)
With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.

Facebook Seen as Riskiest Online Platform (Infoscurity Magazine, Aug 04 2020)
Internet users believe their personal data is most at risk on Facebook

Retooling the SOC for a Post-COVID World (Dark Reading, Aug 04 2020)
Residual work-from-home policies will require changes to security policies, procedures, and technologies.

Federal Program Offers New Cybersecurity Tool for Elections (SecurityWeek, Aug 05 2020)
State and local officials are receiving additional tools from the federal government to help defend the nation’s election systems from cyberthreats ahead of the November vote, as intelligence officials continue to warn about foreign efforts to interfere in the U.S. election.

Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020 (Dark Reading, Aug 05 2020)
Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus.

State Department offers $10 million for info on hackers targeting U.S. elections (Help Net Security, Aug 06 2020)
As the day of the U.S. presidential elections is quickly approaching, election security is again becoming a topic of more and more security discussions. Are the polling booth systems secure? Could attackers interfere with them? What about voting by mail? Is it a secure option?

How can security leaders maximize security budgets during a time of budget cuts? (Help Net Security, Aug 06 2020)
It’s no secret that the current pandemic is causing a major strain on consumers and businesses alike. As the U.S. teeters on the verge of a recession, companies are cutting their spending wherever they can — including in cybersecurity. Gartner estimates that security faces cuts as high as $6.7 billion — an unfortunate outcome, particularly since most organizations are also experiencing an expansion of their attack surface as a result of more people working from home.

Researchers Create New Framework to Evaluate User Security Awareness (Dark Reading, Aug 06 2020)
Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.

Blackbaud data breach: What you should know (WeLiveSecurity, Aug 07 2020)
Here’s what to be aware of if your personal data was compromised in the breach at the cloud software provider

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn