A Review of the Best News of the Week on Cybersecurity Management & Strategy

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam (Krebs on Security, Oct 01 2020)
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.

Large US hospital chain hobbled by Ryuk ransomware (Help Net Security, Sep 29 2020)
US-based healtchare giant Universal Health Services (UHS) has suffered a cyberattack on Sunday morning, which resulted in the IT network across its facilities to be shut down. Location of UHC facilities What happened? UHS operates nearly 400 hospitals and healthcare facilities throughout the US, Puerto Rico and the UK.

Fraud Schemes Exploit Weak Spots in Unemployment Claims System (The New York Times, Oct 01 2020)
Pandemic programs have lowered the barriers to collecting benefits, and the usual security methods haven’t kept up.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Meet the researcher who wants employers to write better infosec help wanted ads (SC Media, Sep 25 2020)
Alyssa Miller, a security advocate at Snyk and a longtime hacker and researcher, is researching the phenomenon of bad job descriptions in an effort to better match qualified workers with would be employers.

Gartner Security & Risk Management Summit, Day 4 Highlights (Gartner, Sep 17 2020)
On Day 4 from the conference, we are highlighting crisis culture hacking and how to keep employees sane over the long haul.

McAfee Files for IPO (SecurityWeek, Sep 29 2020)
A registration statement filed by McAfee on Monday with the U.S. Securities and Exchange Commission (SEC) shows that the company is planning on returning to public markets.

Attacker Dwell Time: Ransomware’s Most Important Metric (Dark Reading:, Sep 30 2020)
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.

Who’s Behind Monday’s 14-State 911 Outage? (Krebs on Security, Sep 29 2020)
“Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft’s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls…”

HP Offering Big Rewards for Cartridge Vulnerabilities (SecurityWeek, Oct 01 2020)
HP announced on Thursday that it has expanded its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink and toner cartridges.

Anthem to Pay Nearly $40M Settlement Over 2015 Cyberattack (SecurityWeek, Oct 01 2020)
Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people.

Measuring impact beyond a single incident (Help Net Security, Sep 28 2020)
Determining the true impact of a cyber attack has always and will likely be one of the most challenging aspects of this technological age. In an environment where very limited transparency on the root cause and the true impact is afforded we are left with isolated examples to point to the direct cost of a security incident.

What one company’s deal with the feds tells us about the long tail of data breaches (SC Media, Sep 25 2020)
A recently published corrective action plan between HHS and CHSPSC over a 2014 hack underscores how long companies must deal with the fallout of a harmful breach.

More Than Two-Thirds of Orgs Plan to Adopt Zero-Trust Architecture (Infosecurity Magazine, Sep 29 2020)
84% of IT and security decision makers report seeing an increase in threats this year

KPMG: Consumers Vote to Ditch Breached Firms (Infosecurity Magazine, Sep 29 2020)
COVID-19 surge in online activity is putting pressure on organizations

Hacking Voting Systems to Be a Federal Crime in US (Infosecurity Magazine, Sep 28 2020)
House unanimously approves legislation to make hacking voting systems a federal crime

REvil ransomware crew dangles $1,000,000 cybercrime carrot (Naked Security – Sophos, Sep 28 2020)
When a company pays a multimillion dollar ransomware blackmail demand, where do you think the money goes?

MITRE Shield shows why deception is security’s next big thing (Help Net Security, Sep 30 2020)
Seasoned cybersecurity pros will be familiar with MITRE. Known for its MITRE ATT&CK framework, MITRE helps develop threat models and defensive methodologies for both the private and public sector cybersecurity communities.

Rise in Remote MacOS Workers Driving Cybersecurity ‘Rethink’ (Dark Reading, Oct 01 2020)
With twice as much malware now targeting Macs, IT pros need to scramble to adapt to a large, and likely permanent, work-from-home population, experts say.

Union Warns of Surge in Employee Monitoring at Home (Infosecurity Magazine, Oct 02 2020)
Calls for government regulation and “right to disconnect”

Blackbaud Says Bank Account Data, SSNs Impacted in Ransomware Incident (SecurityWeek, Oct 02 2020)
Documents filed by cloud software provider Blackbaud with the United States Securities and Exchange Commission (SEC) this week reveal that bank account details and social security numbers might have been affected in a ransomware attack earlier this year.