A Review of the Best News of the Week on Cybersecurity Management & Strategy

Credential stuffing attack prompts Reddit to force password reset (SC Magazine, Jan 10 2019)
Some Reddit users found themselves locked out of their own accounts earlier this week after an apparent credential stuffing attack compelled the popular website to invoke password security measures. An admin post published on Reddit’s Help subreddit this past Wednesday advises users that a “large group of accounts were locked down” due to anomalous activity…

Magecart Mayhem Continues in OXO Breach (Dark Reading, Jan 09 2019)
The home goods company confirmed users’ data may have been compromised during multiple time frames over a two-year period.

House Democrats’ first bill aims big on election security (Washington Post, Jan 07 2019)
House Democrats came out swinging on election security in their first bill of the new Congress on Friday, promising at least $120 million for new voting machines — so long as they use paper ballots rather than digital ones.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Candid Candiru: Report dredges up details on secretive spyware company (SC Magazine, Jan 04 2019)
A report from Israeli news outlet Haaretz has ever so slightly lifted the veil on what may be Israel’s second largest commercial provider of offensive cyber tools and spyware, a clandestine company called Candiru. The candiru is South American parasitic catfish that, according to legend, invades swimmers’ urethras.

Humana says Bankers Life breach exposed PII on insurance policy applicants (SC Magazine, Jan 04 2019)
Managed health care provider Humana said an unauthorized third party accessed system credentials of some employees at health insurance company Bankers Life, exposing “limited, personal information” of people who had applied for a Humana policy. In a breach notification filing with the California Attorney General’s Office, Humana said the miscreants had access to names, addresses, birth dates, the last four digits of Social Security numbers and some information on policies, including policy type, cost and number.

Could a Chinese-made Metro car spy on us? Many experts say yes. (Washington Post, Jan 08 2019)
Congress, the Pentagon and others are worried about Beijing’s takeover of the U.S. transit rail car market.

DARPA Funds Hardware Cybersecurity that Turns Circuits into Unsolvable Puzzles (Machine Design, Jan 08 2019)
Cybersecurity should focus on hardware and not software.

20-Year Old Student Admits to Massive Data Leak in Germany (Dark Reading, Jan 08 2019)
Hack was not politically motivated; no sign of third-party involvement, authorities say.

Neiman Marcus Reaches $1.5 Million Data Breach Settlement (SecurityWeek, Jan 08 2019)
More than 40 state attorneys general have announced a $1.5 million settlement with The Neiman Marcus Group LLC over a data breach the Dallas-based retailer disclosed in January 2014.

US Shutdown Plays into Hackers’ Hands (Infosecurity Magazine, Jan 11 2019)
Expired web certificates expose users to man-in-the-middle attacks

Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case (Naked Security – Sophos, Jan 10 2019)
The court’s action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.

German IT Security Agency Defends Response in Hacking Case (SecurityWeek, Jan 07 2019)
Germany’s IT security agency on Saturday defended its response to the leaking of hundreds of politicians’ private information, after lawmakers accused it of failing to inform them quickly enough.

The United States and China – A Different Kind of Cyberwar (SecurityWeek, Jan 07 2019)
China is Conducting a Low and Slow Cyberwar, Attempting to Stay Under the Radar and Maneuver the Global Economy

Security Matters When It Comes to Mergers & Acquisitions (Dark Reading, Jan 08 2019)
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.

CISOs Find Collaboration Improves Resiliency (Infosecurity Magazine, Jan 07 2019)
Boards should recruit members with cyber expertise, finds ACSC report

No, Spotify Wasn’t Hacked (Troy Hunt, Jan 08 2019)
Time and time again, I get emails and DMs from people that effectively boil down to this: Hey, that paste that just appeared in Have I Been Pwned is from Spotify, looks like they’ve had a data breach

Modern CISO challenges: Implementing DevSecOps, improving security operations (Help Net Security, Jan 09 2019)
We sat down with Aaron Contorer, CEO at FP Complete, to learn more about what enterprises can do to increase their cybersecurity, the challenges related to DevSecOps implementations and improving overall security operations, and much more.

Australia’s Early Warning Network Hacked (SecurityWeek, Jan 08 2019)
A hacker managed to gain unauthorized access to Australia’s Early Warning Network (EWN) late last week, and used the service to send bogus messages to users. 

U.S. Senators Introduce Bi-Partisan Bill to Counter China Hacking Threat (SecurityWeek, Jan 08 2019)
As concern over the full cyber purpose of China and its state-sponsored hackers grows, two senators have introduced a bi-partisan bill aimed at protecting U.S. technology and economic supremacy.

Kaspersky Lab Helped US Nab NSA Data Thief: Report (Dark Reading, Jan 09 2019)
But this new development unlikely to do much to clear government suspicions about security vendor’s ties to Russian intelligence, analyst says.