• Matross Edwards

CyberJudicata Weekly Debrief (3/2–6)

This week's Weekly Debrief covers DoJ's new non-binding guide for internet cyber research, how to write an effective infosec policy, DoppelPaymer ransomware in the aerospace industry, the crypto panel at RSA, Ring dinged for its privacy policy, and a possible DC data breach bill.


FCW – DOJ's totally non-binding guide to legal cyber research

  • ​"Private security researchers and threat intelligence firms that visit black market online forums for research should create internal rules, document their work and have established relationships with law enforcement, according to new guidance from the Department of Justice. The document offers non-binding legal guidance for how to navigate cyber intelligence gathering on the internet, particularly for sites that 'openly advertise illegal services and the sale of stolen credit card numbers, compromised passwords, and other sensitive information.'"

CSO Online – How to write an effective information security policy

  • ​"An information security policy is the foundation of an enterprise security program, ideally establishing in clear language what the organization expects from its security operations based on both its tolerance for risk and on its regulatory obligations. Yet security advisers say many organizations fail to give adequate attention to writing and maintaining strong information security policies, instead filling in blanks on generic templates and filing them away."

ThreatPost – DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla​

  • "A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved the attacker accessing and stealing company data after a security researcher found some of the company’s stolen files leaked online."

InfoSec Mag – CIA Accused of Mounting 11-Year Cyber-Attack Against China

  • "A security company has accused America's Central Intelligence Agency (CIA) of waging an 11-year campaign of cyber-espionage against critical industries in the People's Republic of China. Qihoo 360 announced yesterday that it had 'discovered and revealed cyber-attacks by the CIA hacking group (APT-C-39) which lasts for eleven years against China.'"

DataBreachToday – 8 Takeaways: The Cryptographer's Panel at RSA 2020

  • "One of the highlights of the annual RSA Conference in San Francisco is the opening keynote session that gathers together a world-class panel of cryptography experts to discuss and debate today's top cybersecurity issues."


The Hill – Ring gets 'dinged' for its video doorbell privacy

  • "While “Internet of Things” (IoT) devices open up new worlds of convenience, they’ve also introduced new security vulnerabilities. At the risk of overgeneralizing, many of these vulnerabilities stem from the ease of set-up and use that make these singular-purpose devices so attractive. They tend to be scaled down, with little internal memory, and lack strong out-of-the-box security, often shipped with default accounts and passwords enabled."

GovTech – Opinion: Washington Should Pass Privacy Bill Without Changes

  • ​"Washington state has an opportunity to create a groundbreaking privacy law, placing guardrails around facial-recognition technology and giving consumers control over personal information collected online. As passed by the Senate, Bill 6281 could be a standout accomplishment of this year’s Legislature. It would increase consumer protection and enable the Attorney General to enforce violations, while providing clear guidelines and responsibilities for companies handling large amounts of personal data."

Bloomberg Law – D.C. Data-Breach Enforcement Bill Gains Council Approval

  • ​"The District of Columbia’s attorney general would get new authority to sue companies that fail to protect consumer data, under legislation approved by the city council."

. . .

#cyberjudicata #weeklydebrief

Recent Posts

See All

Weekly Debrief (6/21–25)

This week's Weekly Debrief covers the CMMC, defense contractor vulnerabilities and supply chain logistics, FAA legislation, possible IRS spending boost, and a GMU study regarding financial dynamics of

Weekly Debrief (6/14–18)

This week's Weekly Debrief covers the Juneteenth federal holiday, federal data strategy, GSA STARS III awards, Army modernization, and "BRAC for VA." White House GovExec – Most Federal Employees Will

Weekly Debrief (6/7–11)

This week's Weekly Debrief covers the Biden administration's spending plans, Defense software issues, CMMC costs, joint DoD/VA medical center, Space Force digital workforce, and DoD wants funding for