CISO View – The Week’s Best News – 2018.06.22

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Free Societies are at a Disadvantage in National Cybersecurity (Schneier on Security, Jun 19 2018)
Dan Geer often said that “the price of freedom is the probability of crime.” We are willing to pay this price because it isn’t that high.

Alleged Vault 7 leaker was busted because of basic security blunders (Naked Security – Sophos, Jun 20 2018)
The FBI says that it was Schulte’s poor opsec – for one thing, he allegedly reused cellphone passwords on all three layers of password protection that were used to (feebly) lock up an incriminating, encrypted file – that got him busted.

“WannaCrypt” ransomware scam demands payment in advance! (Naked Security – Sophos, Jun 22 2018)
To avoid the need for actual ransomware, just insist on payment up front…


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


The Largest Open Goal In Cyber Security (Nick Hutton blog, Jun 18 2018)
For those of you who think we have unpersuasive imagery because it’s too hard to come up with anything better, consider the insurance industry. Insurance is a grudge purchase. It is the driest, dullest industry there is. They don’t make anything. The product is invisible.

Employee negligence still poses major security concerns (Help Net Security, Jun 20 2018)
Nearly half of C-Suite Executives (C-Suites) (47 percent) and Small Business Owners (SBOs) (42 percent) reported that human error or accidental loss by an employee was the cause of a data breach.

Hackers Steal $31m+ From South Korean Crypto-Exchange (Infosecurity Magazine, Jun 20 2018)
Bithumb targeted yet again in evening raid

New VirusTotal Service Aims to Reduce False Positives (SecurityWeek, Jun 20 2018)
VirusTotal, which recently became part of Alphabet’s new cybersecurity company Chronicle, announced on Tuesday the launch of a new service designed to help software developers and security vendors reduce the number of false positive detections.

Inside a SamSam Ransomware Attack (Dark Reading, Jun 20 2018)
Here’s how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.

China Escalates Hacks Against the US as Trade Tensions Rise (Wired, Jun 22 2018)
A hacking truce between China and the US doesn’t address government espionage operations, a workaround both countries exploit.

Flight Tracker Flightradar24 Hit by Data Breach (SecurityWeek, Jun 20 2018)
Flightradar24, a highly popular flight tracking service based in Sweden, has instructed some users to change their passwords after detecting a breach on one of the company’s servers.

White House Email Security Faux Pas? (Dark Reading, Jun 21 2018)
The Executive Office of the President isn’t complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.

Improving the Adoption of Security Automation (Dark Reading, Jun 20 2018)
Four barriers to automation and how to overcome them.

The Best and Worst Tasks for Security Automation (Dark Reading, Jun 20 2018)
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.

Threat modeling: What’s all the buzz about? (Help Net Security, Jun 21 2018)
Keen observers will have noted an uptick in activity around threat modeling within the information security community recently with new tools being released and strategies and methodologies being discussed on social media; culminating in a week-long threat modeling track at the Open Security Summit (formally OWASP Summit).

F-Secure Acquires MWR InfoSecurity for $106 Million (SecurityWeek, Jun 18 2018)
Finland-based F-Secure announced on Monday that it has entered an agreement to acquire cybersecurity consultancy MWR InfoSecurity for over €91.6 million ($106 million) .

Pondering an IPO, cyber security company CrowdStrike raises $200 million at over $3 billion valuation (TechCrunch, Jun 19 2018)
CrowdStrike, the developer of a security technology that looks at changes in user behavior on networked devices and uses that information to identify potential cyber threats, has reached a $3 billion valuation on the back of a new $200 million round of funding.

Security Analytics Startup Uptycs Raises $10M in Series A (Dark Reading, Jun 19 2018)
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.

Cylance Announces $120 Million in Funding (SecurityWeek, Jun 19 2018)
Endpoint security firm Cylance announced Tuesday afternoon that it has closed a $120 million funding round led by funds managed by Blackstone Tactical Opportunities and including other investors.

Cyber Intelligence Firm Intsights Raises $17 Million (SecurityWeek, Jun 21 2018)
Israel-born startup Intsights Cyber Intelligence has raised $17 million in a Series C funding round led by Tola Capital. It brings the total capital raised by the firm to $41.3 million

3 Tips for Driving User Buy-in to Security Policies (Dark Reading, Jun 18 2018)
Teaching users why it’s important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here’s how.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn