A Review of the Best News of the Week on Cybersecurity Management & Strategy

FBI “ransomware warning” for healthcare is a warning for everyone! (Naked Security – Sophos, Oct 29 2020)
The US government has warned of a ransomware escalation against the healthcare sector.

Compromised CMS Credentials Likely Used to Hack Trump Campaign Website (SecurityWeek, Oct 28 2020)
Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump’s campaign website.

The Story of McAfee: How the Security Giant Arrived at a Second IPO (Dark Reading, Oct 26 2020)
Industry watchers explore the story of McAfee, from its founding in 1987, to its spinoff from Intel, to how it’s keeping up with competitors.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Hackers behind life-threatening attack on chemical-maker are sanctioned (Ars Technica, Oct 23 2020)
It’s now unlawful for US persons to transact with lab owned by the Russian government.

Judge Signs Off on $7.75m Equifax Settlement (Infosecurity Magazine, Oct 23 2020)
$7.75m Equifax settlement with financial institutions over 2017 data breach ratified by judge

Women in tech: A strategy for change (SC Media, Oct 25 2020)
Mentorship and corporate diversity efforts in hiring are often the tactics used to land more women in technical roles. But they’re not working.

ICE, IRS Explored Using Hacking Tools, New Documents Show (VICE, Oct 28 2020)
A cache of documents shared with Motherboard show much broader interest from the U.S. government in using malware in criminal investigations.

Female CISOs lead global enterprises through unprecedented change (SC Media, Oct 28 2020)
Supporting organizations that stretched from Colorado to China, security leaders detail COVID tech response.

Hackers Make Off With Millions From Wisconsin Republicans (Dark Reading, Oct 29 2020)
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo (Krebs on Security, Oct 28 2020)
“In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.”

Act of War’ Clause Could Nix Cyber Insurance Payouts (Dark Reading, Oct 29 2020)
The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance “is not a get-out-of-jail-free card.”

U.S. Shares Information on North Korean Threat Actor ‘Kimsuky’ (SecurityWeek, Oct 29 2020)
An alert released by the United States this week provides information on Kimsuky, a threat actor focused on gathering intelligence on behalf of the North Korean government.

IT Services Giant Sopra Steria Hit by Ransomware (SecurityWeek, Oct 26 2020)
European IT services provider Sopra Steria on Monday said its systems were recently infected with a new variant of the notorious Ryuk ransomware.

PE Firm to Acquire Forcepoint From Raytheon (SecurityWeek, Oct 26 2020)
Francisco Partners to Buy Forcepoint from Raytheon Technologies for Undisclosed Sum

Survey Uncovers High Level of Concern Over Firewalls (Dark Reading, Oct 27 2020)
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.

The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products (Schneier on Security, Oct 28 2020)
Senator Ron Wyden asked, and the NSA didn’t answer:
The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.”

Montreal Metro Hacker Demands $2.8m Ransom (Infosecurity Magazine, Oct 30 2020)
Montreal’s transit agency will not meet hacker’s US $2.8m ransom demand

Taiwanese Company Admits Stealing US Trade Secrets (Infosecurity Magazine, Oct 29 2020)
UMC fined $60m for stealing trade secrets of US semiconductor business

Britain Fines US Hotel Chain Marriott Over Data Breach (SecurityWeek, Oct 30 2020)
Britain’s data privacy watchdog on Friday said it has fined US hotels group Marriott over a data breach affecting millions of customers worldwide.

The Legal Risks of Security Research (Schneier on Security, Oct 30 2020)
Sunoo Park and Kendra Albert have published “A Researcher’s Guide to Some Legal Risks of Security Research.”
From a summary:
Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions (DMCA §1201), electronic privacy law (ECPA), and cryptography export controls, as well as broader legal areas such as contract and trade secret law.