CISO View – The Week’s Best News – 2018.11.23

A Review of the Best News of the Week on Cybersecurity Management & Strategy

66.1% of vulnerabilities published through Q3 2018 have a documented solution (Help Net Security, Nov 20 2018)
There have been 16,172 vulnerabilities disclosed through October 29th, which is a 7% decrease from the high record reported last year at this time. The 16,172 vulnerabilities cataloged through Q3 2018 by Risk Based Security’s research team eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by over 4,800. It’s also worth noting that NVD is still significantly behind in vulnerability scoring and creating the automation component.

Mixed buyers harvest security targets (Inorganic Growth, Nov 16 2018)
With BlackBerry’s $1.4bn pickup of Cylance, there have now been 15 acquisitions of infosec vendors valued above $250m this year…

JPMorgan Invests in Startup Tech That Analyzes Encrypted Data (WSJ, Nov 21 2018)
The bank has invested in Inpher, a startup whose technology can analyze an encrypted dataset without revealing its contents. Samik Chandarana, head of data analytics for the Corporate and Investment Bank division, says the technology could be “materially useful” for the company and its clients.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Cybersecurity Is Getting Its Own Agency (Infosecurity Magazine, Nov 16 2018)
The renamed agency will oversee cybersecurity under a reorganization bill that went to the White House for the president’s signature.

Is Encryption an NTA / NIDS / NFT Apocalypse? (Gartner Blog Network, Nov 16 2018)
Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead?

CVSS Scores Often Misleading for ICS Vulnerabilities: Experts (SecurityWeek, Nov 19 2018)
While the Common Vulnerability Scoring System (CVSS) can be useful for rating vulnerabilities, the scores assigned to flaws affecting industrial control systems (ICS) may be misleading, which can have negative consequences for organizations, particularly if they rely solely on CVSS for prioritizing patches.

Amazon Exposes Customer Names, Email Addresses (SecurityWeek, Nov 21 2018)
Amazon informed some customers this week that their name and email address were exposed due to a “technical error,” but the company provided very few other details.

Scientists revolutionize cybersecurity through quantum research (Science X, Nov 21 2018)
Scientists at the RDECOM Research Laboratory, the Army’s corporate research laboratory (ARL) have found a novel way to safeguard quantum information during transmission, opening the door for more secure and reliable communication for warfighters on the battlefield.

95% of Organizations Have Cultural Issues Around Cybersecurity (Dark Reading, Nov 16 2018)
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.

Did a copy-paste error reveal the US’s secret case against Assange? (Naked Security – Sophos, Nov 19 2018)
How common is the name “Assange” in the US judicial system? Not common at all. Searching the Pacer case locator turns up five cases, all against one Assange: namely, Julian.

Under attack! Should your company ever ‘hack back’? (Graham Cluley, Nov 16 2018)
In short, it’s all too easy for things to escalate and get much much worse, with hackers striking back even harder.

Leaderboard Shows Adoption of DMARC Email Security Protocol (Dark Reading, Nov 20 2018)
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.

TalkTalk Duo Get Jail Time (Infosecurity Magazine, Nov 20 2018)
Young men tried to make money by selling stolen data online

Austin Startup Raises $1.25M for Cybersecurity Escape Rooms (Austin Inno, Nov 21 2018)
The startup’s escape rooms present teams of employees with an exciting storyline. Then, the team has to work together to solve puzzles and escape the room within a set period of time.

US Says China Hacking Increasing Ahead of Trump-Xi Meeting (SecurityWeek, Nov 21 2018)
A U.S. government report ahead of a meeting between Presidents Donald Trump and Xi Jinping accuses China of stepping up hacking aimed at stealing American technology as a tariff dispute escalated.

Share on facebook
Share on twitter
Share on linkedin