A Review of the Best News of the Week on Cybersecurity Management & Strategy

CISA Launches JCDC, the Joint Cyber Defense Collaborative (Dark Reading:, Aug 05 2021)
“We can’t do this alone,” the new CISA director told attendees in a keynote at Black Hat USA today.

#BHUSA: Researchers Criticize Apple Bug Bounty Program (, Aug 05 2021)
While Apple pays well, researchers at Black Hat argue there is a clear lack of transparency on when, or even if, reported vulnerabilities will be fixed

Ransom demands reaching $1.2M, smaller companies increasingly targeted (Help Net Security, Aug 03 2021)
Ransom demands have grown substantially over the past year, smaller companies are increasingly targeted, and cyber criminals continue to take advantage of dislocations in how we work, according to a Coalition report. From the first half of 2020 to 2021, the average ransom demand made to Coalition policyholders increased nearly threefold, from $450,000 to $1.2 million per claim.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

92% of pharmaceutical companies have at least one exposed database (Help Net Security, Aug 03 2021)
Reposify released its Pharmaceutical Industry Attack Surface Exposures Report examining the security posture of the world’s leading pharmaceutical companies. The report analyzed eighteen leading pharmaceutical companies and their nine hundred plus subsidiaries worldwide to assess the prevalence of exposures of services, sensitive platforms, unpatched CVEs and other security issues.

Paragon: Yet Another Cyberweapons Arms Manufacturer (Schneier on Security, Aug 03 2021)
“Forbes has the story:
Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted.”

Black Hat 2021 – non‑virtual edition (WeLiveSecurity, Aug 04 2021)
How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?

Ransomware Gangs and the Name Game Distraction (Krebs on Security, Aug 05 2021)
“It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.”

CISA launches US federal vulnerability disclosure platform (Help Net Security, Aug 02 2021)
Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) platform offered by the Cybersecurity and Infrastructure Security Agency (CISA). “Through this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to fac

Organizations still rely on weak security for remote workers (Help Net Security, Aug 02 2021)
A new survey of enterprise IT security leaders showed almost 80 percent believe remote workers are at more risk for phishing attacks now because they’re isolated from their organizations’ security teams. Despite the significant threat increase, more than 59 percent of respondents felt solutions such as video training (27%), email reminders (20%), and VPNs (12%), were sufficient solutions by themselves to keep organizations safe from what those surveyed said were the biggest security breach fears

New Normal Demands New Security Leadership Structure (Dark Reading:, Aug 02 2021)
At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.

Justice Department Says Russians Hacked Federal Prosecutors (SecurityWeek, Aug 01 2021)
The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said.

The State Department and 3 other US agencies earn a D for cybersecurity (Ars Technica, Aug 03 2021)
Two years after a damning cybersecurity report, auditors find little has improved.

Chinese Cyberspy Group APT31 Starts Targeting Russia (SecurityWeek, Aug 04 2021)
China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and — for the first time — Russia, according to enterprise cybersecurity firm Positive Technologies.

US Senate: Seven out of Eight Agencies Are Failing on Cyber (, Aug 05 2021)
Report finds little progress over the past decade

#BHUSA: DHS Chief: ‘We are Competing for the Future of Cyberspace’ (, Aug 05 2021)
In a keynote address, the Secretary of the U.S. Department of Homeland Security identifies the future of the internet as a challenge of two very different visions

Sophisticated Group’ Behind Alaska Cyberattack, Agency Says (SecurityWeek, Aug 06 2021)
A “highly sophisticated group” known for cyberattacks against governmental and other entities is believed to be behind the attack this spring that targeted the Alaska health department, a spokesperson for the department said.

Tech Titans Join US Cyber Team to Fight Ransomware (SecurityWeek, Aug 05 2021)
US cybersecurity officials on Thursday said Amazon, Google and Microsoft have enlisted to help them fight ransomware and defend cloud computing systems from hackers.

U.S. Infrastructure Bill Allocates $2 Billion to Cybersecurity (SecurityWeek, Aug 05 2021)
U.S. senators recently unveiled the finalized version of a $1.2 trillion bipartisan infrastructure bill, which the White House says will allocate roughly $2 billion to improving the country’s cybersecurity capabilities.