A Review of the Best News of the Week on Cybersecurity Management & Strategy
China Taking Control of Zero-Day Exploits (Schneier on Security, Jul 14 2021)
“China is making sure that all newly discovered zero-day exploits are disclosed to the government.
Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer.
No one may “collect, sell or publish information on network product security vulnerabilities,” say the rules issued by the Cyberspace Administration of China and the police and industry ministries.”
REvil Ransomware Site Goes Offline (VICE, Jul 13 2021)
The prolific ransomware group is responsible for the wide-ranging attack on Kaseya.
Iranian State-Sponsored Hacking Attempts (Schneier on Security, Jul 13 2021)
Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IRGC) intelligence collection efforts, established backstopping for their credential phishing infrastructure by compromising a legitimate site of a highly regarded academic institution to deliver personalized credential harvesting pages disguised as registration links. Identified targets included experts in Middle Eastern affairs from think tanks, senior professors from well-known academic institutions, and journalists specializing in Middle Eastern coverage.”
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
U.S. Government Offers $10 Million for Info on Hackers Targeting Critical Infrastructure (VICE, Jul 15 2021)
But the reward may not apply to lots of ransomware gangs.
Paving the way for women in industrial cybersecurity research (Help Net Security, Jul 12 2021)
The professional journey an individual takes is heavily influenced by the people they are surrounded with throughout their life. From an early age, I knew I wanted to study computer science and I was probably one of five girls in my class.
79% of organizations identify threat modeling as a top priority in 2021 (Help Net Security, Jul 12 2021)
Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large sized, $1B + enterprises, with a specific focus on the challenges organizations face in scaling threat modeling for the applications they build and deploy. Individuals directly involved in threat modeling efforts within their organizations provided insights on their companies’ approach as well as gaps and vulnerabilities.
Kroger reaches $5M settlement with breach victims, as Supreme Court defines ‘actual harm’ (SC Media, Jul 08 2021)
Health care providers are increasingly facing the risk of lawsuits amid the rise in data breaches. The recent Supreme Court decision on “actual harm” may curtail the financial impact.
The Trouble With Automated Cybersecurity Defenses (Dark Reading, Jul 13 2021)
While there’s enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword.
Build an insider threat management program that involves everyone (SC Media, Jul 13 2021)
The International Monetary Fund holds a Zoom call last fall about forging closer ties with Africa. Today’s columnist, Deborah Watson of Proofpoint, says with so much work conducted via virtual meetings, risk has increased and businesses have to pay more attention to an insider threat management program.
EDR (alone) won’t protect your organization from advanced hacking groups (SC Media, Jul 12 2021)
A team of academic researchers in Greece tested 11 different endpoint detection systems and found plenty of ways to evade them.
Did the Cybersecurity Workforce Gap Distract Us From the Leak? (Dark Reading, Jul 14 2021)
Cyber games can play a critical role in re-engaging our workforce and addressing the employee retention crisis.
54% of businesses now have a policy in place to deal with ransomware attacks (Help Net Security, Jul 13 2021)
54% of businesses now have a defined policy in place to deal with ransomware attacks – whether this means paying a ransom, relying on insurance policies or refusing to pay at all, according to Databarracks. The report surveys over 400 IT decision-makers in the UK on critical issues relating to cybersecurity, IT resilience, cloud and remote working.
Fashion brand Guess hacked, DarkSide ransomware group the likely culprit (SC Media, Jul 13 2021)
The company’s investigation determined that social security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.
Firm Hacked to Spread Ransomware Had Previous Security Flaws (SecurityWeek, Jul 14 2021)
For 21 years, the software company Kaseya labored in relative obscurity — at least until cybercriminals exploited it in early July for a massive ransomware attack that snarled businesses around the world and escalated U.S.-Russia diplomatic tensions.
Seven Attributes of a Great Security Team (SecurityWeek, Jul 14 2021)
Lessons from a great tour guide can help you in your efforts to improve your organization’s security posture
Hackers Move to Extort Gaming Giant EA (VICE, Jul 13 2021)
After trying to sell a cache of stolen data, hackers are now dumping some of the information publicly in the hopes of forcing EA to pay a ransom.
What to Look for in an Effective Threat Hunter (Dark Reading, Jul 15 2021)
The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.
22% of exploits for sale in underground forums are more than three years old (Help Net Security, Jul 15 2021)
Trend Micro released a research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old. Older exploits for sale more popular with criminals The research found that 22% of exploits for sale in underground forums are more than three years old.
The real cost of MSSPs not implementing new tech (Help Net Security, Jul 15 2021)
Enterprises have plenty to manage as their infrastructures scale with a growing and increasingly complex cloud computing environment. They often bring in expert help to ensure a strong security posture, outsourcing jobs to managed security service providers (MSSPs). Contracting with firms whose sole focus is cybersecurity makes a lot of sense for organizations that are feeling the pinch from the growing shortage of skilled cyber professionals.
What’s next on the agenda for Chief Compliance Officers? (Help Net Security, Jul 15 2021)
As demands on the compliance function grow more intense, Chief Compliance Officers (CCOs) must proactively embrace new leadership responsibilities for their role and reposition how their function is thought of among stakeholders, according to Gartner. We sit down with Chris Audet, Senior Director at Gartner, to see what’s next on the agenda for global compliance leaders.