A Review of the Best News of the Week on Cybersecurity Management & Strategy

Career Choice Tip: Cybercrime is Mostly Boring (Krebs on Security, May 29 2020)
“When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way to combat cybercrime and steer offenders toward a better path.”

REvil Ransomware Gang Starts Auctioning Victim Data (Krebs on Security, Jun 02 2020)
“The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those who don’t. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-19 pandemic.”

Zoom to offer end-to-end encryption only to paying customers (Help Net Security, Jun 04 2020)
As Zoom continues on its path to bring end-to-end encryption (E2EE) to users, the big news is that only paid users will have access to the option. “Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Zoom CEO Eric Yuan said on a company earnings call on Tuesday.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

How to successfully operationalize your micro-segmentation solution (Help Net Security, Jun 02 2020)
“Introducing a new security model into your existing infrastructure can be challenging. The task becomes even more daunting when starting with a new host-based or micro-segmentation solution. If you’ve decided on a host-based approach to segmentation, I’d like to share, based on personal experience, some advice and best practices on using this type of solution in your organization.”

Graphing MITRE ATT&CK via Bloodhound (Medium, Jun 05 2020)
“I’ve been using slides like the image below for some time now in presentations and I regularly get asked how I’ve created them, so I…”

WatchGuard Completes Panda Acquisition (Infosecurity Magazine, Jun 02 2020)
WatchGuard adds an advanced endpoint security platform with the acquisition of Panda Security

Exostar to Be Acquired by Thoma Bravo (Infosecurity Magazine, Jun 02 2020)
Virginia software company agrees to be acquired by private equity firm Thoma Bravo

Sophos Confirms Restructuring Plans, Denies Blog Closure (Infosecurity Magazine, Jun 05 2020)
Sophos confirms it is implementing some internal restructuring

VMware to Acquire Network Security Company Lastline (SecurityWeek, Jun 05 2020)
VMware on Thursday announced that it’s acquiring network security company Lastline for its research team and threat detection technology.

Not all IT budgets are being cut, some are increasing (Help Net Security, Jun 02 2020)
At a high level—and contrary to conventional wisdom – not all IT budgets are being cut. Even with the economic challenges that COVID-19 has posed for businesses, almost 38 percent of enterprises are keeping their IT budgets unchanged (flat) or actually increasing them.

Ransomware gang is auctioning off victims’ confidential data (Ars Technica, Jun 02 2020)
New high-pressure tactic is designed to increase the chance of a hefty payout.

Amtrak Breach Rolls Over Frequent Travelers (Dark Reading, Jun 02 2020)
The breach exposed usernames and passwords of an undisclosed number of program members.

Cyber-Attack Hits US Nuclear Missile Sub-Contractor (Infosecurity Magazine, Jun 03 2020)
Confidential documents stolen in cyber-attack on US nuclear missile sub-contractor Westech

OMB: Federal agencies reported 8 percent fewer cybersecurity incidents in FY 2019 (SC Media, Jun 03 2020)
A new report issued by the U.S. Office of Management and Budget (OMB) says federal agencies reported eight percent fewer cybersecurity incidents in fiscal year 2019, compared to 2018 — an improvement it attributes to the recent “maturation of agencies’ information security programs.”

Could Automation Kill the Security Analyst? (Dark Reading, Jun 04 2020)
Five skills to ensure job security in the Age of Automation.

Zoom defenders cite legit reasons to not end-to-end encrypt free calls (Ars Technica, Jun 04 2020)
Critics say everyone deserves it. Others say safety should be factored in, too.

Achieving an audacious goal by treating cybersecurity like a science (SC Media, Jun 05 2020)
When humans discovered and learned to ‘obey’ the laws of physics and chemistry, we began to thrive in our world.  It enabled us to make fire, build machines much stronger than ourselves, to cure diseases, to fly. What will it take for us to thrive in the world of cyberspace?