A Review of the Best News of the Week on Cybersecurity Management & Strategy
Ex-NSA cyberspies reveal how they helped hack foes of UAE (Reuters, Jan 30 2019)
Reuters reveals how a UAE surveillance operation, staffed by former U.S. cyber-agents, spied on dissidents, rivals and Americans. Inside ‘Project Raven.’
Where To Begin With MITRE ATT&CK Matrix (SecurityWeek, Jan 28 2019)
To take advantage of ATT&CK, you must accept and prioritize the importance of visibility within your security operation. Visibility is a word we hear commonly in security, and for good reason. You don’t find what you can’t look for.
Google says sorry for pulling a Facebook with monitoring program (Naked Security – Sophos, Feb 01 2019)
It was using the same Apple enterprise back door as Facebook to get its market research done, but it owned up and backed off.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.
Everybody hates cybersecurity professionals (The Next Web, Jan 26 2019)
A survey from Thycotic shows that many security professionals believe they’ve got an image problem, with roughly two-thirds believing their teams are regarded as the company naysayers — either “doom mongers” or a “necessary evil.”
Suspected GDPR violations prompt over 95,000 complaints (WeLiveSecurity, Jan 28 2019)
Eight months after the landmark rules came into effect, data released by the European Commission provides a glimpse into the law’s application
Global IT spending to reach $3.8 trillion in 2019, up 3.2% from 2018 (Help Net Security, Jan 29 2019)
Worldwide IT spending is projected to total $3.76 trillion in 2019, an increase of 3.2 percent from 2018, according to the latest forecast by Gartner. Worldwide IT spending forecast (billions of U.S. dollars) “Despite uncertainty fueled by recession rumors, Brexit, and trade wars and tariffs, the likely scenario for IT spending in 2019 is growth,” said John-David Lovelock, research vice president at Gartner.
Security Isn’t Enough. Silicon Valley Needs ‘Abusability’ Testing (Security Latest, Jan 28 2019)
Former Federal Trade Commission chief technologist Ashkan Soltani plans to give a talk centered on an overdue reckoning for move-fast-and-break-things tech firms. He says it’s time for Silicon Valley to take the potential for unintended, malicious use of its products as seriously as it takes their security.
Largest DDoS Attack Sent Over 500 Million Packets per Second (, Jan 30 2019)
Last year’s DDoS attack at GitHub, surpasses all previous attacks, says Imperva.
Discover Financial Services notifies customers of data breach incident (SC Media, Jan 29 2019)
Discover Financial Services has filed a data breach incident notification with the California attorney general’s office that some of its cardholders maybe have had their account information compromised. Discover supplied few details in its Jan. 25 filing and cannot even tell its customers exactly what information may have been exposed, but it did specifically state the breach did not directly involve any Discover card systems. The company stated the breach was spotted on Aug. 13, 2018.
DNS Providers to Cease Implementing DNS Resolver Workarounds (SecurityWeek, Jan 29 2019)
Starting on February 1, 2019, a number of DNS software and service providers will cease implementing DNS resolver workarounds for systems that don’t follow the Extensions to DNS (EDNS) protocol.
Creating a Security Culture & Solving the Human Problem (Dark Reading:, Jan 29 2019)
People are the biggest weakness to security breaches; people can also be your organization’s biggest defense.
Judge rejects Yahoo’s data breach settlement proposal (SC Media, Jan 30 2019)
A federal judge in San Jose, California rejected Yahoo’s proposed data breach settlement offer faulting Yahoo’s lack of transparency, Yahoo’s proposed a $50 million payout, plus two years of free credit monitoring for about 200 million people in the United States and Israel was rebuffed by U.S. District Judge Lucy Koh…
Three Charged for Working With Serial Swatter (Krebs on Security, Jan 25 2019)
“The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss, a convicted serial swatter whose last stunt in late 2018 cost a Kansas man his life.”
3 Ways Companies Mess Up GDPR Compliance the Most (Dark Reading:, Jan 28 2019)
The best way to conform to the EU’s new privacy regulation is to assume that you don’t need to hold on to personal data, versus the opposite.
How accepting that your network will get hacked will help you develop a plan to recover faster (Help Net Security, Jan 28 2019)
So, what’s the answer? It comes down to two things – prevention and acceptance.
UK Government Pledges Security Skills and R&D Funding (, Jan 29 2019)
Wants nation to be a leader in hardware security…The UK government has pledged more money to address the IT security skills crisis and improve hardware and IoT security, although details on the latter are vague.
The biggest cybersecurity challenge? Communicating threats internally (Help Net Security, Jan 30 2019)
IT executives responsible for cybersecurity feel a lack of support from company leaders, and 33 percent feel completely isolated in their role, according to Trend Micro.
Global Ransomware Attack Could Cost $193 Billion (, Jan 30 2019)
The report’s hypothetical attack begins with a malicious email directed at one organization, which is opened, triggering the ransomware download. The malware then spreads itself to connected networks and forwards itself to all contacts. The report estimates that as many as 600,000 businesses globally could be affected by such an attack, with the resulting financial damage hitting anywhere between $85bn and $193bn.
Researchers: Remexi spyware campaign targeted diplomatic institutions based in Iran (SC Media, Jan 30 2019)
A cyberespionage campaign targeted Iranian IP addresses late last year, with the goal of infecting victims with an updated version of Remexi backdoor malware, researchers have reported. Some of these IP addresses belong to foreign diplomatic entities located within Iran’s borders.
Home Design Website Houzz Alerts Users of Data Breach (SecurityWeek, Feb 01 2019)
Home remodeling and design platform Houzz informed customers this week of a data breach that involved some personal information.