A Review of the Best News of the Week on Cybersecurity Management & Strategy
Musk: Tesla Was Target of Russian Ransomware Conspiracy (Infosecurity Magazine, Aug 28 2020)
Employee at car giant allegedly offered $1m to help deploy malware
Three places for early warning of ransomware and breaches that aren’t the dark web (Help Net Security, Aug 25 2020)
For better or worse, a lot of cybercrime sleuthing and forecasting tends to focus on various underground sites and forums across the deep and dark web corners of the Internet. Whenever a report cites passwords, contraband or fraud kits trafficked in these underground dens, it makes elusive fraudsters and extortion players sound tangible.
MITRE Releases ‘Shield’ Active Defense Framework (Dark Reading, Aug 24 2020)
Free knowledge base offers techniques and tactics for engaging with and better defending against network intruders.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
What It’s Like for a Hacker to Get Back Online After a Two-Year Internet Ban (VICE, Aug 24 2020)
Kane Gamble, aka Cracka, hacked former CIA chief John Brennan in 2018. Earlier this year, he was finally allowed back on the internet.
How CISOs Can Play a New Role in Defining the Future of Work (Dark Reading, Aug 27 2020)
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
Higher Education CISOs Share COVID-19 Response Stories (Dark Reading, Aug 26 2020)
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.
Cyber Attack Halts New Zealand Stock Market for Third Straight Day (SecurityWeek, Aug 27 2020)
Cyber attacks forced New Zealand’s stock exchange to halt trading Thursday for the third time in as many days, its operator said Thursday, just as the country’s corporate reporting season gets underway.
Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms (VICE, Aug 21 2020)
A group of hackers claims to have breached three Chinese companies that specialize in social media surveillance.
Why Should Physical Security Professionals Learn Cybersecurity Skills? (Dark Reading, Aug 24 2020)
In the first of a series of columns set to be hosted exclusively on IFSEC Global, Sarb Sembhi, CISM, CTO & CISO, Virtually Informed outlines why physical security professionals should be investing in their cyber security skillset.
Average Cost of a Data Breach in 2020: $3.86M (Dark Reading, Aug 24 2020)
When companies defend themselves against cyberattacks, time is money.
Most organizations have no Active Directory cyber disaster recovery plan (Help Net Security, Aug 25 2020)
Although 97% of organizations said that Active Directory (AD) is mission-critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all, a Semperis survey of over 350 identity-centric security leaders reveals.
US Makes Second Espionage Arrest in a Week (Infosecurity Magazine, Aug 24 2020)
Former US Army Special Forces officer charged in Russian espionage conspiracy
Lessons from Uber: Be crystal clear on the law and your bug bounty policies (SC Media, Aug 25 2020)
Aside from following the law, companies should also take care that their bug bounty payments are adhering to responsible corporate policies that define what constitutes a legit payment and what constitutes extortion.
Lessons from 15 years of bug bounties (SC Media, Aug 24 2020)
SC Media talked with the Zero Day Initiative Director Brian Gorenc about how the project came to be, what the last 15 years have taught him about disclosure, and that time he inadvertently rendered NSA spy tools useless.
Secretive Palantir Lifts Veil Before Wall Street Stock Sale (SecurityWeek, Aug 26 2020)
Palantir Technologies Inc., a data-mining company with deep ties to U.S. intelligence and military agencies, has shed a good deal of its trademark secrecy about its business in filing for a Wall Street stock offering.
Local Government Organizations Most Frequently Targeted by Ransomware (Infosecurity Magazine, Aug 27 2020)
Nearly half of ransomware attacks this year have targeted municipalities
Vulnerability reporting is returning to normal (Help Net Security, Aug 28 2020)
Vulnerability reporting, still impacted by COVID-19, is beginning to return to normal, Risk Based Security reveals. Out of 11,121 vulnerabilities aggregated during the first half of 2020, 818 were the result of the Vulnerability Fujiwhara Effect, a term that describes the events when Microsoft and Oracle vulnerability disclosure schedules collide. “Risk Based Security sounded the alarm back in January.
Data protection critical to keeping customers coming back for more (Help Net Security, Aug 28 2020)
Although consumers remain concerned about sharing personal data with companies, the results of a Privitar survey highlight an opportunity for businesses to take a leadership role and build brand loyalty by protecting their customers. The report found that more than three-quarters of respondents are concerned or very concerned about protecting their personal data…
Justice Dept: North Korean Hackers Stole Virtual Currency (SecurityWeek, Aug 28 2020)
North Korean hackers stole millions of dollars from virtual currency accounts and then laundered the stolen funds in hopes of making the crime untraceable, according to a Justice Department civil forfeiture complaint filed Thursday.