A Review of the Best News of the Week on Cybersecurity Management & Strategy

Security experts irked U.S. prosecutors used anti-hacking law to nab Julian Assange (Washington Post, Apr 12 2019)
A faction of lawyers and cybersecurity experts are irked by the way prosecutors used the country’s main anti-hacking law to bring charges against WikiLeaks founder Julian Assange.

US Government Admits It Doesn’t Know If Assange Cracked Password For Manning (Motherboard, Apr 15 2019)
An FBI agent admitted in a newly unsealed court document that the Department of Justice does not know whether Assange’s offer to help Manning came to fruition.

China Spying on Undersea Internet Cables (Schneier on Security, Apr 15 2019)
“Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Trump slams Huawei for hiring former Obama cyber security official (Mail Online, Apr 15 2019)
Huawei has hired Samir Jain, former Obama administration ex-White House National Security Council cyber security chief. Trump believes the move is in a possible effort to spy on the U.S.

Nielsen’s departure raises questions about cyber plans (The Hill, Apr 14 2019)
At DHS, Nielsen created the National Risk Management Center to focus on fighting against evolving digital dangers. She also publicly pushed lawmakers last year to pass a bipartisan bill that cemented the agency’s role as the main entity overseeing civilian cybersecurity by establishing the Cybersecurity and Infrastructure Security Agency (CISA), which focuses on securing federal networks and protecting critical infrastructure from cyber threats.

Huawei Poses ‘No Threat’ According to Belgium, Trump Not Convinced (Infosecurity Magazine, Apr 15 2019)
The Belgian Centre for Cybersecurity (CCB) has reportedly decided not to issue “a negative opinion” on Huawei following several months of investigation with no concrete evidence found.

Feds say Russian 2016 election meddling spanned all US states (Naked Security – Sophos, Apr 12 2019)
A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race.

Experts: Breach at IT Outsourcing Giant Wipro (Krebs on Security, Apr 15 2019)
“Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.”

A Maturity Model for Deriving Value from the MITRE ATT&CK Framework (ThreatQuotient, Apr 16 2019)
Nearly every organization is interested in using MITRE ATT&CK, but they have different views on how it should be adopted based their capabilities.

FBI Non-Profit Probes Agent Data Breach (Infosecurity Magazine, Apr 16 2019)
Reports suggest data was sold on dark web

Norsk Hydro Delays Financial Report Due to Cyberattack (SecurityWeek, Apr 16 2019)
Norwegian aluminum giant Norsk Hydro last week announced that its financial report for the first quarter of 2019 will be delayed by over one month due to the recent cyberattack that caused significant disruptions to the company’s operations.

Senate Report on Equifax Raises Questions Ahead of FICO Product Announcement (Dark Reading, Apr 12 2019)
Equifax is slammed in a Senate subcommittee report ahead of the announcement of a joint service with FICO.

Behind KKR’s Big Bet On Cybersecurity (Fortune, Apr 15 2019)
Ninety percent of security flaws still occur at the worker or consumer level

Is there a link between videogaming and cybercrime? Police think so (Naked Security – Sophos, Apr 15 2019)
UK police are planning to issue online warnings to young gamers hoping to deter them from a life of cybercrime, they revealed last week.

Microsoft Introduces Security Configuration Framework (SecurityWeek, Apr 12 2019)
A security configuration framework for Windows 10 unveiled by Microsoft this week defines five different levels of discrete prescriptive security configurations.

Hackers crack university defenses in just two hours (WeLiveSecurity, Apr 12 2019)
More than 50 universities in the United Kingdom had their cyber-defenses tested by ethical hackers, and the ‘grades’ aren’t pretty

Decoding a ‘New’ Elite Cyber Espionage Team (Dark Reading, Apr 16 2019)
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.

Fortinet to Pay $545,000 for Violating False Claims Act (Infosecurity Magazine, Apr 16 2019)
The network security company acknowledged that one of its ex-employees orchestrated altering product labels to make them compliant with the Trade Agreement Act.

5 Things You Need to Know About API Protection (SC Magazine, Apr 16 2019)
Developers have taken to APIs as a way to connect applications, extend functionality and interface with partners. This has created an often complex web of logic, connectivity and exposure for critical infrastructure and data as well as creating new vulnerabilities and new targets for attackers.