CISO View – The Week’s Best News – 2018.11.09

A Review of the Best News of the Week on Cybersecurity Management & Strategy

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service (Krebs on Security, Nov 08 2018)
“A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert…”

U.S. Cyber Command Shares Malware via VirusTotal (SecurityWeek, Nov 08 2018)
The U.S. Cyber Command (USCYBERCOM) this week started sharing malware samples with the cybersecurity industry via Chronicle’s VirusTotal intelligence service.

Sue Gordon: Silicon Valley Should Work With the Government (Wired, Nov 09 2018)
“One of the key things about Google is I think it’s adorable that they have morals now when they’re using technology that the department built for them. That’s cute,” she says, “But we’ve always done this together.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

HSBC: Security Breach Exposes Account, Transaction Data (Dark Reading, Nov 06 2018)
Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers.

Malware of the 1980s: Looking back at the Brain Virus and the Morris Worm (WeLiveSecurity, Nov 05 2018)
This installment in our series of articles to mark Antimalware Day tells the stories behind two creations that are representative of the 1980s: a virus viewed as the first-ever PC virus and a worm that caused the greatest damage ever wrought by a piece of malware up to that point

Why the CISSP Remains Relevant to Cybersecurity After 28 Years (Dark Reading, Nov 06 2018)
The venerable Certified Information Systems Security Professional certification has been around for a very long time — and for good reason.

Enterprises Sinking Under 100+ Critical Flaws Per Day (Infosecurity Magazine, Nov 07 2018)
Prioritizing patches is getting tougher, says Tenable

Utah Hacker Pleads Guilty to DoS Attacks: DoJ (Dark Reading, Nov 07 2018)
Online gaming companies, including Sony Online Entertainment, and servers were main targets.

CMMI Institute updates its Cybermaturity Platform to build cybersecurity resilience (Help Net Security, Nov 07 2018)
…addition of one new category and ten new subcategories from the NIST Cybersecurity Framework, the 2018 Verizon Data Breach Investigations Report (DBIR) and a set of cybersecurity practices.

China Telecom Constantly Misdirects Internet Traffic (SecurityWeek, Nov 07 2018)
The telecommunication company, one of the largest in China, has had a presence in North American networks for nearly two decades, and currently has 10 points-of-presence (PoPs) in the region (eight in the United States and two in Canada), spanning major exchange points.

Our “How to Operate and Evolve a SIEM Solution” Publishes (Gartner Blog Network, Nov 07 2018)
“Co-managed SIEM is a way to achieve an effective operation without a full complement of in-house resources. Many are shifting focus to co-managed and SaaS SIEM models to concentrate resources on custom content and targeted monitoring, and away from running the tools.”

5 Things the Most Secure Software Companies Do (and How You Can Be Like Them) (Dark Reading, Nov 08 2018)
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won’t break the bank.

The cyber insurance question (WeLiveSecurity, Nov 08 2018)
Prevention is the best option but people continue to search for the easiest way out

Chinese headmaster fired after setting up his own secret cryptomining rig at school (Graham Cluley, Nov 09 2018)
A Chinese headmaster has lost his job after it was discovered he was stealing the school’s electricity to power a secret cryptocurrency-mining rig.

Share on facebook
Share on twitter
Share on linkedin