InfoSecSherpa Newsletter — 03 June 2021
3 min readJun 3, 2021
- Ring Limits the Way Police Can Ask for Your Home Security Camera Recordings
(Consumer Reports, 03 June 2021)
The Amazon subsidiary will allow only public messages asking for help rather than private emails to individual users. - US Army Apparently Rescinds IoT Device Ban
(Gov Info Security, 02 June 2021)
The U.S. Army has deleted from its website a directive requiring all remote workers to remove or turn off IoT devices, according to the security firm Bitdefender. - Stanford student who recovered $27,000 for ransomware victims talks ethical hacking
(Stanford Today, 02 June 2021)
The ransomware, which Cable said likely originated from eastern Europe, locked victims’ files until they paid the hackers. - IRS Needs Cybersecurity Tools to Secure Its COBOL Apps
(NextGov, 02 June 2021)
The tax collection agency runs some of the oldest IT systems in government and needs cybersecurity tools to match. - TSA Security Directive Requires 30-Day Cybersecurity Assessments, Rapid Incident Notification for “Critical” Pipeline and LNG Facilities
(Lexology, 02 June 2021)
Less than a month after the high-profile ransomware attack against Colonial Pipeline, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) has issued its first-ever set of mandatory cybersecurity rules for pipelines and liquefied natural gas (LNG) facilities. - Certified Public Accounting Firm; Interview with David Lam, Partner, and Chief Information Security Officer, at Miller Kaplan
(TechBullion, 02 June 2021)
Miller Kaplan is one of the top certified public accounting firms in the United States with a dedicated information security department. The Chief Information Security Officer David Lam will be sharing more details and security insights with us in this exclusive interview with TechBullion. - Meat Producer’s Hack Ups Pressure to Regulate Crypto Payments
(Bloomberg Law, 03 June 2021)
“De-anonymizing payments would create a huge disincentive for criminals to continue these ransomware extortion schemes,” said Dmitri Alperovitch, former chief technology officer at cybersecurity company CrowdStrike Inc. and current co-founder and executive chairman of think tank Silverado Policy Accelerator. - As cybersecurity evolves, so should your board
(MIT Technology Review, 02 June 2021)
Executives need to clearly communicate risks but also bring context to data. Tech talk is out: speaking the same language will win the day. - Lawmakers seek IG probes of telework cybersecurity
(FCW, 02 June 2021)
A group of six House Democrats heading up the committee and subcommittees for Oversight and Reform are asking nearly a dozen inspectors general to conduct audits of their agencies and departments to assess what vulnerabilities may have arisen from the mass rise in telework during the coronavirus pandemic. - Research finds malware will sit for around 83 hours in an employees inbox before being noticed
(Security Brief Asia, 02 June 2021)
Barracuda researchers have found it takes, on average, three and half days (83 hours) from when a malicious email attack arrives in an employees inbox, to the point where it’s discovered by a security team or reported by the end-user and removed.
