A Review of the Best News of the Week on Cybersecurity Management & Strategy

Russia Publishes Only 10% of CVEs (Infosecurity Magazine, Jul 17 2018)
Report finds Russia’s vulnerability database, while highly focused, is incomplete and slow

SOAR-native SOC, Can This Work? (Gartner Blog Network, Jul 13 2018)
Now, can this go well? Or will it explode just like IT GRC did when adopted with no risk management program or knowledge? Kaboom!

Suing South Carolina Because Its Election Machines Are Insecure (Schneier on Security, Jul 19 2018)
A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

SOCs Use Automation to Compensate for Training, Technology Issues (Dark Reading, Jul 13 2018)
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.

Female Certified Security Pros Still Earn 8% Less (Infosecurity Magazine, Jul 12 2018)
Despite having the same skills, female security pros are earning less than their male counterparts.

Rain Capital: Venture fund seeks to back cybersecurity companies led by women and minorities (Help Net Security, Jul 17 2018)
A new venture fund that will focus on providing capital, strategy, critical resources and unique insights to early-stage cybersecurity companies in Silicon Valley has been officially launched last month.

With deadline looming, 74 percent of fed gov’t domains implement DMARC (SC Magazine, Jul 16 2018)
Just 90 days out from a deadline to secure .gov email and website domains, 74 percent of tested federal government domains have a Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy in place but only 47 percent have implemented the highest policy level, “reject.”

‘LuminosityLink RAT’ Author Pleads Guilty (Krebs on Security, Jul 16 2018)
“A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “LuminosityLink,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide.”

White House Cybersecurity Strategy at a Crossroads (Dark Reading, Jul 17 2018)
Trump administration’s initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.

NIST to Withdraw 11 Outdated Cybersecurity Publications (SecurityWeek, Jul 18 2018)
The U.S. National Institute of Standards and Technology (NIST) announced on Tuesday that its Computer Security Division has decided to withdraw eleven outdated SP 800 publications.

Gartner Survey Finds Only 65 Percent of Organizations Have a Cybersecurity Expert (Gartner, Jul 17 2018)
Despite 95 percent of CIOs expecting cyberthreats to increase over the next three years, only 65 percent of their organizations currently have a cybersecurity expert…

Human Resources Firm ComplyRight Breached (Krebs on Security, Jul 19 2018)
“Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company’s thousands of clients on behalf of employees.”

Twitter suspends Guccifer 2.0, DCLeaks accounts (SC Magazine, Jul 14 2018)
DCLeaks was used to distribute documents pilfered during the hacks and Guccifer 2.0 posed as a Romanian hacker inspired by notorious hacker Guccifer.

Irishman extradited to the US to face charges relating to Silk Road (WeLiveSecurity, Jul 16 2018)
Gary Davis accused of working as an administrator for the notorious dark web marketplace appears in a federal court in New York

Security Instrumentation Firm Verodin Raises $21 Million (SecurityWeek, Jul 17 2018)
Verodin, a Virginia-based company that helps organizations assess the effectiveness of their cybersecurity controls, on Tuesday announced that it has raised $21 million in a Series B funding round.

Why Infosec Practitioners are Turning into Data Scientists (eWEEK, Jul 20 2018)
Security practitioners cannot wait for the information they need to protect the enterprise, and thus the speed of delivery becomes a driving factor in the success or failure of the data-driven security enterprise.

Singapore Health Database Hit by ‘Major’ Cyberattack (Infosec Island, Jul 20 2018)
Singapore’s Ministry of Health (MOH) said that a Singapore Health Services (SingHealth) database containing patient data, including personal information on Prime Minister Lee Hsien Loong, was hit by a “major” cyberattack.

MoneyTaker Grabs $1m from PIR Bank (Infosecurity Magazine, Jul 20 2018)
Hacker group stole $1m and transferred money to 17 accounts at major Russian banks

Symantec Launches Email Threat Isolation Solution (SecurityWeek, Jul 17 2018)
Symantec on Tuesday unveiled a new solution designed to help protect enterprises against email-based attacks using threat isolation.

Compliance-Focused Cybersecurity Firm A-LIGN Raises $54.5 Million (SecurityWeek, Jul 17 2018)
A-LIGN, a provider of cybersecurity and compliance solutions, announced this week that it has raised $54.5 million from growth equity firm FTV Capital.