SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume XXI - Issue #98
December 17, 2019****************************************************************************
SANS NewsBites Dec. 17, 2019 Vol. 21, Num. 098
****************************************************************************
Top of The News
Facebook Tracks Users' Purchases in the Physical World
New Jersey Hospital System Victim of Ransomware Attack
SANS Awards 2019 Cybersecurity Difference Maker's Awards
The Rest of the Week's News
Introducing SANS Holiday Hack Challenge 2019
Personal Data of Facebook Employees Exposed on Stolen Unencrypted Hard Drives
Google Hands Feds 1,500 Phone Locations In Unprecedented 'Geofence' Search
Internet of Things Gear is Generating Easy-to-Crack Keys
New Orleans Mayor Declares State of Emergency After City Cyberattack
Blue Cross Blue Shield of Minnesota Scrambling to Improve Cybersecurity
Many phishing sites spotted in global government focused campaign
FTC advice on checking Internet-connected toys before buying
Relaunched Toys R Us uses technology to monitor customersArticle
Plundervolt Voltage Attack Steals Data from Intel Chips
Some Hardware based password managers store passwords in plaintext
Last patches for Windows 10 Mobile released
London Metropolitan Police Trained to Fight Cybercrime
Internet Storm Center Tech Corner
****************************************************************************
Cybersecurity Training Update
SANS NewsBites Default Training Update for Tuesday, December 17, 2019 (NB 21.098)
-- SANS Security East 2020 | New Orleans, LA | February 1-8 | https://www.sans.org/event/security-east-2020
-- SANS Miami 2020 | January 13-18 | https://www.sans.org/event/miami-2020
-- SANS Threat Hunting & IR Summit & Training | London, UK | January 13-19, 2020 | https://www.sans.org/event/threat-hunting-europe-2020
-- SANS Tokyo January 2020 | January 20-25 | https://www.sans.org/event/tokyo-january-2020
-- SANS Amsterdam January 2020 | January 20-25 | https://www.sans.org/event/amsterdam-january-2020
-- Cyber Threat Intelligence Summit & Training | Arlington, VA | January 20-27 | https://www.sans.org/event/cyber-threat-intelligence-summit-2020
-- SANS Scottsdale 2020 | February 17-22 | https://www.sans.org/event/scottsdale-2020
-- Open-Source Intelligence Summit & Training 2020 | Alexandria, VA | February 18-24 | https://www.sans.org/event/osint-summit-2020
-- SANS Secure Singapore 2020 | 16-28 March | https://www.sans.org/event/secure-singapore-2020
-- SANS OnDemand and vLive Training
Get a Free GIAC Certification Attempt or Take $350 Off through December 25 with OnDemand or vLive training.
https://www.sans.org/online-security-training/specials/
-- Can't travel? SANS offers online instruction for maximum flexibility
-- Live Daytime training with Simulcast - https://www.sans.org/simulcast
-- Evening training 2x per week for 6 weeks with vLive | https://www.sans.org/vlive
-- Anywhere, Anytime access for 4 months with OnDemand format | https://www.sans.org/ondemand/
Single Course Training
-- Single Course Training
SANS Mentor | https://www.sans.org/mentor/about
Community SANS | https://www.sans.org/community/
-- View the full SANS course catalog and Cyber Security Skills Roadmap
https://www.sans.org/cyber-security-skills-roadmap
****************************************************************************
Free technical content sponsored by Mimecast
Protecting the User: A Review of Mimecast's Web Security Service. Unsuspecting employees remain in the firing line despite security awareness training and increasingly intelligent security controls. SANS instructor David Szili will discuss his perspectives on best practices for securing the web in general and his experience using the Mimecast Web Security cloud service in particular. http://www.sans.org/info/215030
http://www.sans.org/info/215030
****************************************************************************
Top of the News
Facebook Tracks Users' Purchases in the Physical World
(December 15, 2019)
A recent report highlights that a partnership between FaceBook and several retailers enables the retailers to transfer the purchase history of their customers to FaceBook. FaceBook in turn uses that data to target those customers with advertisements relating to their purchases when they access the FaceBook social media platform.
Editor's Note
[Pescatore] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore
I am less worried about Facebook's capability for targeting than I am about who they allow to use the targeting capabilities, and what policies Facebook applies to the content and transparency of the "ads" that are put in front of targeted users. The prime example is Facebook policy to allow any content from political advertisers, with minimal or no differentiation when Custom or Lookalike Audience targeting is used. This allows blatant lies and misinformation to be put in front of targeted audiences that would never be allowed by other advertising channels, both traditional and modern social media, like Twitter and Google.
[Murray] https://www.sans.org/newsletters/newsbites/editorial-board#william-hugh-murray
Facebook's business practices are such that it is unlikely that users can understand the risk of doing business with them. Better to just avoid doing business with them altogether.
Read more in:
- https://6abc.com/technology/report-facebook-tracks-in-store-purchases-targets-users-with-ads/5757232/ : Facebook tracks in-store purchases, targets users with ads
- https://www.businessinsider.com/facebook-learns-what-you-buy-at-physical-stores-ads-explained-2019-12?r=US&IR=T : This is how Facebook learns what you buy at physical stores in order to show you relevant ads -- and how to opt out
New Jersey Hospital System Victim of Ransomware Attack
(December 14, 2019)
The largest provider of a hospital system, Hackensack Meridian Health, in New Jersey were victims of a ransomware attack and ultimately paid the ransom to restore their systems. The ransomware attack forced hospitals who are clients of Hackensack Meridian Health to postpone non-emergency operations and resulted in medical staff not being able to access electronic records. Hackensack Meridian Health said their primary clinical system is now back online and are working on restoring other affected systems. The company is working with the FBI and cybersecurity experts. Hackensack Meridian Health runs 17 acute care and specialty hospitals, nursing homes, outpatient centers, and the psychiatric facility Carrier Clinic
Read more in:
- https://nj1015.com/nj-largest-hospital-system-forced-to-pay-ransom-in-cyber-attack : NJ hospital system forced to pay ransom in cyber attack
SANS Awards 2019 Cybersecurity Difference Maker's Awards
(December 16, 2019)
SANS Institute honored the winners of the SANS 2019 Difference Makers Awards during an awards luncheon on Monday, December 16, at the SANS Cyber Defense Initiative(R) 2019 training event in Washington D.C. This annual awards program honors individuals, teams and groups from within the SANS community who have made a difference in security. The diverse Difference Makers range from a CEO to a high school teacher. The progress includes increasing diversity in the cyber security workforce, fighting fake account creation and implementing many areas of the Critical Security Controls, to name just a few.
Editor's Note
[Pescatore] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore
The two most fun things I get to do at SANS are the What Works and Difference Makers programs. News headlines always focus on the failures, while thousands of security teams are out there protecting their businesses and their customers without much fanfare. Actual security progress is made by learning from successes, not by pointing at failures.
Read more in:
- https://www.sans.org/cyber-innovation-awards/ : SANS Presents: People Who Made a Difference in Security in 2019
- https://www.prnewswire.com/news-releases/sans-announces-2019-difference-makers-award-winners-300974068.html : SANS Announces 2019 Difference Makers Award Winners
****************************************************************************
Sponsored Links
Download The Fundamental Guide to Building a Better Security Operation Center (SOC) today to learn how a security operation suite can move your SOC into the future. http://www.sans.org/info/215035
https://www.sans.org/info/215035
ICYMI Webcast: Effectively Addressing Advanced Threats with SANS Matt Bromiley. View here: http://www.sans.org/info/215040
https://www.sans.org/info/215040
Take SANS Training at RSA Conference 2020 | San Francisco, CA | Feb 23-24. http://www.sans.org/info/215045
https://www.sans.org/info/215045
****************************************************************************
The Rest of the Week's News
Introducing SANS Holiday Hack Challenge 2019
Ta-da--the world's most fun and festive cybersecurity challenge is available now for free. SANS Holiday Hack Challenge is the best place to learn about InfoSec trends, gain exposure to new technologies, and get information that is not accessible anywhere else. This year's challenge includes offensive and defensive training opportunities, machine learning scenarios, an extensive line-up of KringleCon speakers, and so much more. It's game-based training at its best--highly engaging, designed for all skill levels, and actually free. Whether you want to expand on-the-job skills, see the latest tools, or get fresh inspiration from thought leaders in cybersecurity, exploring SANS Holiday Hack Challenge is a smart use of your holiday time. Hurry and secure your complimentary pass today at https://holidayhackchallenge.com
Personal Data of Facebook Employees Exposed on Stolen Unencrypted Hard Drives
(December 13, 2019)
Personal data of 29,000 US based Facebook employees, which included banking data, was lost when unencrypted hard drives were stolen from a payroll workers car. Police are investigating the theft. It is unclear why the employee stored the unencrypted hard drives in their car and why they were being transported in this way. A spokesperson for Facebook stated that the company has taken appropriate disciplinary action with the payroll employee involved.
Editor's Note
[Pescatore] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore
Obviously several policy failures here. This can be a good news item to use to drive a check on current policies around encrypting storage as a default and providing secure mechanisms for data transport that should eliminate any reason to carry hard drives around in cars!
Read more in:
- https://www.theverge.com/2019/12/13/21020736/facebook-theft-unencrypted-drives-employee-payroll-security : A thief stole unencrypted hard drives filled with 29,000 Facebook employees' information
- https://www.bloomberg.com/news/articles/2019-12-13/thief-stole-payroll-data-for-thousands-of-facebook-employees : Thief Stole Payroll Data for Thousands of Facebook Employees
- https://www.theregister.co.uk/2019/12/13/facebook_data_loss/ : Valuable personal info leaks from Facebook - not Zuck selling it, unencrypted hard drives of staff data stolen
Google Hands Feds 1,500 Phone Locations In Unprecedented 'Geofence' Search
(December 16, 2019)
Forbes has discovered that Google has complied with so-called geofence warrants that have resulted in an "unprecedented" data haul for law enforcement: one in which Google combed through its SensorVault to find 1,494 device identifiers for phones in the vicinity of the fires and then handed them over to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF).
Editor's Note
[Pescatore] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore
Recent court decisions and FCC investigations into "who owns location data" have tended to focus on telecoms carriers and to some extent mobile phone manufacturers. This points out that location-based metadata is collected and stored by many different companies. Courts and legislators are moving slower than ever, we need the technology companies to be proactive about adopting secure defaults for protecting location data and high transparency about when it is collected and sold or given to third parties.
Read more in:
- https://nakedsecurity.sophos.com/2019/12/16/police-get-unprecedented-data-haul-from-google-with-geofence-warrants/ : Police get "unprecedented" data haul from Google with geofence warrants
- https://www.forbes.com/sites/thomasbrewster/2019/12/11/google-gives-feds-1500-leads-to-arsonist-smartphones-in-unprecedented-geofence-search : Google Hands Feds 1,500 Phone Locations In Unprecedented 'Geofence' Search
Internet of Things Gear is Generating Easy-to-Crack Keys
(December 16, 2019)
A preponderance of weak keys is leaving IoT devices at risk of being hacked, and the problem won't be an easy one to solve.This was the conclusion reached by the team at security house Keyfactor, which analyzed a collection of 75 million RSA certificates gathered from the open internet and determined that number combinations were being repeated at a far greater rate than they should, meaning encrypted connections could possibly be broken by attackers who correctly guess a key.
Editor's Note
[Pescatore]https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore
There used to be a talking Barbie doll that would say "Math is hard!" which was certainly sexist, but still a very, very true statement. Crypto is math, and crypto is hard - 25 years ago the US government issued the FIPS-140 standard because of crappy crypto coming out in commercial software. Similar action is needed for the IoT generation of claims of use of cryptography to secure device use.
[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely
IoT device manufacturers continue to prioritize time-to-market over security. Until that situation improves, leverage segmentation and restrict network access to only services they need, if any.
Read more in:
- https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era : Factoring RSA Keys in the IoT Era
- https://www.theregister.co.uk/2019/12/16/internet_of_crap_encryption/ : Internet of crap (encryption): IoT gear is generating easy-to-crack keys
New Orleans Mayor Declares State of Emergency After City Cyberattack
(December 13, 2019)
New Orleans Mayor LaToya Cantrell declared a state of emergency Friday after the city was hit by a cyberattack. Phishing attempts and suspicious activity were detected on the city's network around 5 a.m., and by 11 a.m., technician investigators detected "a cybersecurity incident" causing the city's information technology department to begin powering down servers and city computers as a precaution.
Read more in:
- https://www.securitymagazine.com/articles/91435-new-orleans-hit-by-cyberattack-declares-state-of-emergency : New Orleans Hit by Cyberattack; Declares State of Emergency
- https://www.cnn.com/2019/12/13/us/new-orleans-cyberattack-state-of-emergency/index.html : New Orleans mayor declares state of emergency in wake of city cyberattack
Blue Cross Blue Shield of Minnesota Scrambling to Improve Cybersecurity
(December 16, 2019)
An internal whistleblower raised concerns that the Minnesota's largest health insurer has neglected thousands of important updates to its computer system. The company's top cybersecurity executive says the insurer has been working diligently in recent weeks to reduce its vulnerability for a cyber attack. Internal documents show the BCBS of Minnesota has allowed 200,000 vulnerabilities deemed "critical" or "severe" to linger for years on its computer systems, despite warnings to executives.
Read more in:
- https://kstp.com/medical/blue-cross-blue-shield-scrambling-to-improve-cybersecurity/5580976/ : Blue Cross Blue Shield scrambling to improve cybersecurity
Many phishing sites spotted in global government focused campaign
(December 13, 2019)
Over 62 domains and 122 phishing sites targeting Government users were discovered by security vendor Anomali. Unlike other phishing campaigns which enabled detection through spelling and grammar errors, these are well crafted multi-language campaigns such that the primary indications are that the messages are from unknown users and have unexpected attachments.
Read more in:
- https://www.infosecurity-magazine.com/news/100-phishing-sites-spotted-global/ : Over 100 Phishing Sites Spotted in Global Government Campaign
- https://www.informationsecuritybuzz.com/expert-comments/new-phishing-campaign-targeting-govt-departments-around-the-world-commentary-from-email-security-expert/ : New Phishing Campaign Targeting Gov't Departments Around The World - Commentary From Email Security Expert
FTC advice on checking Internet-connected toys before buying
(December 10, 2019)
Internet-connected toys are in high-demand this year, and the FTC is making recommendations for parents to consider prior to purchase and upon receipt. The advice includes checking for microphones and cameras and verify that you can determine when they are active. Other recommendations: Don't rely on the Children's Online Privacy Protection Act (COPPA). Checklists like this are beneficial, remember that regardless of the security reputation of the manufacturer and regulatory oversight, you must verify which features are enabled and that they are configured properly.
Read more in:
- https://www.bleepingcomputer.com/news/security/ftc-advises-checking-smart-toy-features-before-buying/ : FTC Advises Checking Smart Toy Features Before Buying
- https://www.consumer.ftc.gov/blog/2018/12/buying-internet-connected-smart-toy-read : Buying an internet-connect smart toy? Read this
- https://us.norton.com/internetsecurity-kids-safety-is-your-childs-connected-teddy-bear-too-smart.html : 8 ways to help protect your kids' privacy against smart toy vulnerabilities
Relaunched Toys R Us uses technology to monitor customers
(December 10, 2019)
The relaunched Toys R Us stores are now including sensors to monitor customer activities. In support of their new business model, which leases areas of the store to toy providers, are Installed by business partner B8ta, the sensors will monitor how customers move around the store and determine which areas get the most activity. There has been some social media uproar relating to confusion over the term monitoring shopper cadence, which is meant to capture shopper movement patterns, not conversation/voice capture; additionally there are concerns about whether the system actually ignores people under four feet tall to not run afoul of COPPA requirements regarding parental consent prior to data capture for children under 13.
Editor's Note
[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely
The data collected will be used to influence the costs of the leased spaces, particularly those with high success rates. The question of not capturing patrons under four feet tall versus the claim that the information is being captured in public places, and not bound by COPPA needs to be resolved quickly; especially as Toys R Us is catering to children.
Read more in:
- https://www.syracuse.com/business/2019/12/geoffreys-watching-sensors-at-new-toys-r-us-stores-track-shoppers.html : Geoffrey's watching: Sensors at new Toys R Us stores track shoppers
- https://www.fierceelectronics.com/sensors/revived-toys-r-us-wired-up-to-monitor-customers : Revived Toys R Us wired up to monitor customers
- https://www.wired.com/story/toys-r-us-surveillance/ : Toys "R" Us is back - Now With More Surveillance!
Plundervolt Voltage Attack Steals Data from Intel Chips
(December 11, 2019)
Newly discovered "Plundervolt" vulnerability (CVD-2019-11157) uses CPU voltage modification to target and expose data in Intel's Software Guard Extensions (SGX). Intel has released a microcode update to address the issue, or disable the SGX functionality. Data recovered can include keys needed for cryptographic operations and the exploit can be used to corrupt program memory. To use the protections offered by SGX, it must be both enabled in BIOS as well as incorporated into application code. Exploitation requires local privileged access.
Editor's Note
[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely
Because the likelihood of exploitation is low, due to local privileged access requirements, Intel released a microcode fix that addresses this. The promise of SGX is encrypted enclaves to protect sensitive code, even from code running at higher privilege levels, and is intended to bring added security to cloud based computing.
Read more in:
- https://nakedsecurity.sophos.com/2019/12/16/plundervolt-stealing-secrets-by-starving-your-computer-of-voltage/ : Plundervolt - stealing secrets by starving your computer of voltage
- https://www.securityweek.com/plundervolt-attack-uses-voltage-steal-data-intel-chips : Plundervolt Attack Uses Voltage to Steal Data from Intel Chips
- https://www.pcworld.com/article/3489538/plundervolt-attack-against-intel-core-cpus-prompts-fix-that-disables-cpu-voltage-settings.html : Protecting your Intel CPU from Plundervolt attacks can ruin your overclock, maybe
- https://plundervolt.com/ : Plundervolt
Some Hardware based password managers store passwords in plaintext
(December 09, 2019)
Investigation of ecZone Password Safe, passwordsFAST, and Royal Vault Password Keeper devices by security researcher Phil Eveleigh found that while a passcode is used to protect access to the stored passwords, direct access to the chip provides access to plain-text passwords as well as the master pin. Further, he found that even after full reset the passwords were not cleared in some devices. Note that while the Royal Vault Password keeper encrypts the data, decryption is possible by discovering the master PIN within the stored dataset. No responses have been received from the device manufacturers regarding the issues discovered.
Editor's Note
[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely
Retrieving the clear-text passwords required chip access to the device, which makes the risk of exploit low, even so, unless the wipe operation can be verified, choose physical destruction rather than wipe and reissue. Also, be sure to use strong master passwords to limit unauthorized access to passwords through the normal mechanisms.
Read more in:
- https://www.securityweek.com/hardware-based-password-managers-store-credentials-plaintext : Hardware-based Password Managers Store Credentials in Plaintext
- https://www.bleepingcomputer.com/news/security/some-hardware-based-password-managers-have-poor-security/ : Some Hardware-based Password Managers have poor security
Last patches for Windows 10 Mobile released
(December 09, 2019)
The last round of security patches for Microsoft's Windows 10 Mobile were released, marking the end of Microsoft's attempt at a mobile operating system. Windows 10 Mobile was officially end of support on June 11, 2019. Many Microsoft execs carry Android devices rather than ones powered by Windows Mobile. Bill Gates feels that had he not been distracted by copyright and related lawsuits, and released Windows Mobile three months earlier, the market niche held by Android would have been Microsoft.
Editor's Note
[Pescatore] https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore
In 2010, at a session at a Gartner conference, I asked then Microsoft CEO Steve Ballmer how Microsoft was going to succeed in the mobile phone market and his answer was "Windows, baby!" Also, six years earlier Bill Gates said Microsoft would rid the world of spam by 2006. I don't think copyright issues and lawsuits are really to blame for the failure of those two predictions. But owners of large installed bases do tend invest too much in fighting off threats to the profitability of that base vs. innovating to meet users changing needs. As many of stories in this issue point out, we are nearing one of those tipping points around protecting user data vs. profiting from it.
[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely
Windows Mobile was a nice operating system, and Microsoft wanted to be "the" mobile device OS provider, success wasn't solely dependent on timing of the release or lawsuits, I recall the market was looking for an open solution which is where Android fit in.
Read more in:
- https://www.zdnet.com/article/windows-10-mobile-is-over-prepare-for-final-security-patches-as-support-ends/ : Windows 10 Mobile is over, prepare for final patches as support ends
London Metropolitan Police Trained to Fight Cybercrime
(December 16, 2019)
A Freedom of Information request submitted to the London Metropolitan police has highlighted that thousands of police on that force have received some level of training in fighting cybercrime. The training has been provided using online training solutions and approximately 4,500 officers took the "Cyber Crime and Digital Policing - First Responder", while another 4,500 completed the "Cyber Crime and Digital Policing - Introduction course"
Editor's Note
[Neely] https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely
The average citizen is not going to have the background on how to select help during an incident, so providing them the option to call the police when they have a cyber incident, and get a responder who has been properly trained raises the bar on proper actions being taken and increases the likelihood of a successful outcome.
Read more in:
- https://www.infosecurity-magazine.com/news/thousands-of-met-police-get-cyber : Thousands of Met Police Get Cyber Training
****************************************************************************
Internet Storm Center Tech Corner
Slack "Unshare" Not Working As Expected
https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/
Google Making OAUTH Mandatory for GSuite
TPLink Authentication Bypass
Factoring IoT RSA Keys
https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
VBA Macros in AutoCAD Files
https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/
OpenBSD Privilege Escalation Vulnerability
NPM Fixes Critical Security Vulnerability
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
****************************************************************************
The Editorial Board of SANS NewsBites
Alan Paller
https://www.sans.org/newsletters/newsbites/editorial-board#alan-paller
Brian Honan
https://www.sans.org/newsletters/newsbites/editorial-board#brian-honan
David Hoelzer
https://www.sans.org/newsletters/newsbites/editorial-board#david=hoelzer
David Turley
https://www.sans.org/newsletters/newsbites/editorial-board#david-turley
Dr. Eric Cole
https://www.sans.org/newsletters/newsbites/editorial-board#eric-cole
Ed Skoudis
https://www.sans.org/newsletters/newsbites/editorial-board#ed-skoudis
Eric Cornelius
https://www.sans.org/newsletters/newsbites/editorial-board#eric-cornelius
Gal Shpantzer
https://www.sans.org/newsletters/newsbites/editorial-board#gal-shpantzer
Jake Williams
https://www.sans.org/newsletters/newsbites/editorial-board#jake-williams
Dr. Johannes Ullrich
https://www.sans.org/newsletters/newsbites/editorial-board#johannes-ullrich
John Pescatore
https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore
Mark Weatherford
https://www.sans.org/newsletters/newsbites/editorial-board#mark-weatherford
Rob Lee
https://www.sans.org/newsletters/newsbites/editorial-board#rob-lee
Sean McBride
https://www.sans.org/newsletters/newsbites/editorial-board#sean-mcbride
Shawn Henry
https://www.sans.org/newsletters/newsbites/editorial-board#shawn-henry
Stephen Northcutt
https://www.sans.org/newsletters/newsbites/editorial-board#stephen-northcutt
Suzanne Vautrinot
https://www.sans.org/newsletters/newsbites/editorial-board#suzanne-vautrinot
Tom Liston
https://www.sans.org/newsletters/newsbites/editorial-board#tom-liston
William Hugh Murray
https://www.sans.org/newsletters/newsbites/editorial-board#william-hugh-murray