A Review of the Best News of the Week on Cybersecurity Management & Strategy

Cybersecurity During COVID-19 (Schneier on Security, Apr 07 2020)
“Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic.”…

Is NSO Group Using the Pandemic to Expand its Spying Capabilities? (VICE, Apr 10 2020)
In the name of helping governments quell the modern-day plague, the company might just be expanding its questionable business.

Citing BGP hijacks and hack attacks, feds want China Telecom out of the US (Ars Technica, Apr 10 2020)
With a history of cyber attacks, Chinese-owned telecom is a threat, officials say.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

For the Cybersecurity Industry, Diversity Means Embracing New Ideas (SC Media, Apr 06 2020)
Businesses should reassess how they recruit, how they train new employees, and how they communicate across all levels of the organization to stay competitive.

Microsoft Launches Free Zero Trust Assessment Tool (SecurityWeek, Apr 06 2020)
Microsoft last week announced the availability of a tool designed to help organizations see where they are in their journey to implement a zero trust security model.

Internet Traffic Spiked to Double Normal Rate in March (Infosecurity Magazine, Apr 07 2020)
Over the last four weeks, global traffic has grown by 30%

Russian Telco Hijacked Internet Traffic of Major Networks – Accident or Malicious Action? (SecurityWeek, Apr 07 2020)
A huge BGP hijack by Russian state telecommunications provider Rostelecom diverted the traffic from more than 200 networks – including Google, Amazon, Facebook and Cloudflare – to Russian servers on April 1. It may have been accidental, it may not.

Microsoft Buys Corp.com So Bad Guys Can’t (Krebs on Security, Apr 07 2020)
“In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp. agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power.”

If You Can’t Patch Your Email Server, You Should Not Be Running It (TaoSecurity, Apr 07 2020)
“I read a disturbing story today with the following news:”Starting March 24, Rapid7 used its Project Sonar internet-wide survey tool to discover all publicly-facing Exchange servers on the Internet and the numbers are grim.”

Spies, Unable to Telework, Adapt Their Access to U.S. Secrets (WSJ, Apr 07 2020)
By splitting some of their teams, U.S. spy services are taking steps similar to those being implemented or considered by some large private employers.

Microsoft Releases COVID-19 Security Guidance (Dark Reading, Apr 08 2020)
Information includes tips on how to keep IT systems infection-free.

Zoom Signs-Up Ex-Facebook CSO as Google Bans Platform (Infosecurity Magazine, Apr 09 2020)
Stamos on board as outside advisor to help improve security

Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack (Graham Cluley, Apr 09 2020)
Travelex reportedly paid US $2.3 million worth of Bitcoin to the REvil ransomware gang, who had threatened to publish personal data of customers stolen from the foreign currency exchange service.

Securing OT in remote working conditions (Darktrace, Mar 25 2020)
Security professionals defending critical infrastructure are facing a broad set of challenges under evolving and dynamic business conditions.

Only a Quarter of Orgs ‘Focus’ on Cyber-Attack Prevention (Infosecurity Magazine, Apr 07 2020)
Survey reveals that companies prioritize attack detection and containment over prevention

Accenture Buys Revolutionary Security in Third Acquisition of 2020 (Dark Reading, Apr 08 2020)
The deal is intended to strengthen Accenture’s critical infrastructure protection capabilities and address more complex IT and OT challenges.

Bugcrowd Raises $30 Million in Series D Funding Round (SecurityWeek, Apr 09 2020)
Bug bounty platform provider Bugcrowd announced on Thursday that it has raised $30 million in a Series D funding round.

German security firm Avira has been acquired by Investcorp at a $180M valuation (TechCrunch, Apr 09 2020)
Avira, a cybersecurity company based out of Germany that provides antivirus, identity management and other tools both to consumers and as a white-label offering from a number of big tech brands, has been snapped up by Investcorp Technology Partners, the PE division of Investcorp Bank. Investcorp’s plan is to help Avira make acquisitions in a wider security consolidation play.

Schneier on Hacking Society (Dark Reading, Apr 09 2020)
How the hacker mindset and skill set could play a role in improving and securing societal systems, according to renowned security technologist Bruce Schneier.

Vote by Mail Isn’t Perfect. But It’s Essential in a Pandemic (Wired, Apr 09 2020)
Despite Donald Trump’s invective, the spread of Covid-19 has made the expansion of absentee voting critical.