A Review of the Best News of the Week on Cybersecurity Management & Strategy

Former Uber CSO Charged in Hack Cover-up (Dark Reading, Aug 20 2020)
Joe Sullivan, Uber’s former CSO, has been charged with obstruction of justice and misprision of a felony following a 2016 hack of the ride-share company. If convicted, Sullivan faces a maximum of five years in prison for the obstruction charge and a maximum of three years in prison for the misprision charge.

Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay (Dark Reading, Aug 20 2020)
Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.

Microsoft Put Off Fixing Zero Day for 2 Years (Krebs on Security, Aug 17 2020)
A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Thousands of Taiwan Government Email Accounts ‘Hacked by China’ (SecurityWeek, Aug 19 2020)
Chinese hackers infiltrated at least 10 Taiwan government agencies and gained access to around 6,000 email accounts in an attempt to steal data, officials said Wednesday.

Jack Daniel’s-Maker Suffers REvil Ransomware Breach (Infosecurity Magazine, Aug 17 2020)
Attackers claim to have 1TB of stolen data in their possession

Maze delivers on threat to publish data stolen from Canon (SC Media, Aug 14 2020)
Canon apparently didn’t pay up as previously believed after it fell victim to a Maze ransomware attack, because the company’s stolen data has cropped up online. On the site where Maze leaks data from its conquests, attackers said that they would release five percent of the data stolen from Canon during the late July attack,…

US liquor giant hit by ransomware – what the rest of us can do to help (Naked Security – Sophos, Aug 18 2020)
If blackmailers dump data stolen from a company that refused to pay – don’t even peek at the data, Reward the refusal…

Carnival Corp. Hacked; Guest and Worker Information Accessed (SecurityWeek, Aug 19 2020)
Carnival Corp. says it was the victim of a ransomware attack that likely got some personal information about the cruise company’s guests and employees.

University of Utah Pays $457,000 to Ransomware Operators (SecurityWeek, Aug 21 2020)
The University of Utah on Thursday revealed that it paid approximately $457,000 to ransomware operators after servers in its College of Social and Behavioral Science (CSBS) were compromised.

The IT Backbone of Cybercrime (Dark Reading, Aug 17 2020)
Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.

Reported Data Breaches Down by 52% in 2020 (Infosecurity Magazine, Aug 17 2020)
The number of reported data breaches are down year-on-year

SANS Institute Says Multiple Employees Targeted in Recent Attack (SecurityWeek, Aug 17 2020)
The SANS Institute says the recently disclosed security incident involved phishing emails being sent to several of its employees.

Firms Still Struggle to Prioritize Security Vulnerabilities (Dark Reading, Aug 17 2020)
Security debt continues to pile up, with 42% of organizations attributing remediation backlogs to a breach, a new study shows.

Companies left dangling until US, EU hash out data protection differences (SC Media, Aug 17 2020)
With no common framework in place defining how to protect personal information across the Atlantic, U.S. companies may be forced to silo data about European customers.

Using Disinformation to Cause a Blackout (Schneier on Security, Aug 18 2020)
“Interesting paper: “How weaponizing disinformation can bring down a city’s power grid”: Abstract: Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale.”

Marriott Hit by Another Class Action Lawsuit After Breach (Infosecurity Magazine, Aug 19 2020)
Tech journo files on behalf of victims in England and Wales

Former CIA Officer Charged with Espionage (Infosecurity Magazine, Aug 18 2020)
Hawaii resident who worked for the CIA in the 1980s indicted for espionage

Report: 2015 Twitter breach targeted Saudi dissidents, led to arrests (Ars Technica, Aug 19 2020)
A sister is speaking out after her brother has been in prison for two years.

62% of blue teams have difficulty stopping red teams during adversary simulation exercises (Help Net Security, Aug 20 2020)
New Exabeam research shows that 62 percent of blue teams have difficulty stopping red teams during adversary simulation exercises. Respondents named threat detection, incident response and flexibility/openness to change while working remotely as the top three areas that blue teams must improve upon. This indicates an increase in technical and adaptability challenges since the same study was performed in 2019, where the focus fell heavily on teamwork and communication.

Black Hat USA 2020 Recap: Experts Discuss Election Security Questions, but Offer Few Answers (Dark Reading, Aug 20 2020)
The U.S. election in November is once again expected to be a target of digital adversaries. Experts at Black Hat USA 2020 highlighted the many election security questions authorities must address.