CISO View

CISO View – The Week’s Best News – 2019.12.06

2019-12-06 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

U.S. Targets Russian ‘Evil Corp’ Hacker Group With Sanctions, Indictments (WSJ, Dec 06 2019)
The Trump administration placed a $5 million bounty on the leader of a Russian hacker group called Evil Corp for his alleged work for Moscow’s intelligence agency, part of what U.S. officials say is a broader reprisal for a Kremlin-directed cyber offensive against the U.S.

The fall and rise of a spyware empire (MIT Technology Review, Dec 02 2019)
Human rights abuse and a decimated reputation killed Hacking Team. The new owners want to rebuild.

2020 U.S. census plagued by hacking threats, cost overruns (Reuters, Dec 05 2019)
The Pega-built website was hacked from IP addresses in Russia during 2018 testing of census systems, according to two security sources with direct knowledge of the incident. One of the sources said an intruder bypassed a “firewall” and accessed parts of the system that should have been restricted to census developers.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

US tightens rules on drone use in policy update (Naked Security – Sophos, Nov 29 2019)
When it comes to managing drones (Unmanned Aircraft Systems, or UAS) the US Department of Justice wants Americans to know it’s on the case.

NYPD avoids data disaster after close shave with ransomware (SC Magazine, Nov 27 2019)
The New York Police Department reportedly had a close call with ransomware after its LiveScan fingerprint-tracking system was infected and spread a malicious program to 23 machines. Fortunately, the ransomware did not execute.

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy (Schneier on Security, Nov 27 2019)
“The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but this is a welcome development.”

US Hospitals Fined $2.175M for “Refusal to Properly Report” Data Breach (Infosecurity Magazine, Dec 02 2019)
Sentara Hospitals left with hefty fine after refusal to correctly report breach

Putin signs law making Russian apps mandatory on smartphones, computers (NBC News, Dec 03 2019)
Russia has introduced tougher internet laws in recent years including requiring messaging services to share encryption keys.

Inside Mastercard’s Push for Continuous Security (SecurityWeek, Dec 03 2019)
The Verizon 2019 Payment Security Report, published in November 2019, points out that while PCI DSS conformance at the time of an audit is increasing, PCI sustainability between audits is declining. Verizon notes that in its own forensic breach investigations, no single relevant company was PCI compliant at the time of the breach.

New crypto-cracking record reached, with less help than usual from Moore’s Law (Ars Technica, Dec 03 2019)
795-bit factoring and discrete logarithms achieved using more efficient algorithms.

RSA-240 Factored (Schneier on Security, Dec 03 2019)
“We are pleased to announce the factorization of RSA-240, from RSA’s challenge list, and the computation of a discrete logarithm of the same size (795 bits)”

Insight into NIS Directive sectoral incident response capabilities (Help Net Security, Dec 02 2019)
An analysis of current operational incident response (IR) set-up within the NIS Directive sectors has been released by ENISA. The EU’s NIS Directive (Directive on security of network and information systems) was the first piece of EU-wide cybersecurity legislation.

United States Post Office Faces Cybersecurity Challenges (Infosecurity Magazine, Nov 29 2019)
Report lists narcotics and cybersecurity as challenges faced by modern postal service

Googlers Fired for Breaking Security Policy (Infosecurity Magazine, Nov 28 2019)
Supporters say sacking was motivated by their union activity

What Security Leaders Can Learn from Marketing (Dark Reading, Dec 03 2019)
Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.

RSA Conference 2020 unveils keynote line-up with world-class experts (Help Net Security, Dec 03 2019)
Acclaimed speakers include Mary Barra, Chair and Chief Executive Officer of General Motors Company, Tracy Edwards MBE, Round-the-World Sailor, Author and Social Activist, Kara Swisher, Co-founder and Editor-at-Large of Recode, and Dr. Peggy Whitson, Record-Breaking Astronaut, as well as dozens of prominent cybersecurity experts and innovators.

What’s in a Botnet? Researchers Spy on Geost Operators (Dark Reading, Dec 04 2019)
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.

McAfee Labs 2020 Threats Predictions Report (McAfee Blogs, Dec 05 2019)
With 2019’s headlines of ransomware, malware, and RDP attacks almost behind us, we shift our focus to the cybercrime threats ahead. Cybercriminals are

The U.N. passed a Russia-backed cybercrime resolution. That’s not good news for Internet freedom. (Washington Post, Dec 05 2019)
Moscow is becoming far more skilled in advancing its agenda at the U.N.

American SMBs Fear Cyber-Attacks from Foreign Countries (Infosecurity Magazine, Dec 03 2019)
Small and medium-sized businesses in the US feel at risk from foreign cyber-attackers

CISO View – The Week’s Best News – 2019.11.29

2019-11-29 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Google Shares Data on State-Sponsored Hacking Attempts (SecurityWeek, Nov 27 2019)
Google’s Threat Analysis Group (TAG) this week shared some data on government-backed hacking and disinformation attempts targteting its customers

Champagne, shotguns, and surveillance at spyware’s grand bazaar (MIT Technology Review, Nov 26 2019)
The world’s leading surveillance and spyware companies gathered in Paris to meet growing demand from governments around the world.

Five Years Later, Who Really Hacked Sony? (The Hollywood Reporter, Nov 27 2019)
The massive cyberattack just before Thanksgiving 2014 crippled a studio, embarrassed executives and reshaped Hollywood. The FBI blamed a North Korea scheme to retaliate for the comedy ‘The Interview,’ but many whose lives were upended have doubts. Says Seth Rogen: “The fact that [co-director Evan Goldberg and I] were never really specifically targeted always raised suspicions in my head.”

Share today’s post on Twitter Facebook LinkedIn

Target Seeks $74M in Data Breach Reimbursement from Insurance Company (Dark Reading, Nov 22 2019)
The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.

It’s Way Too Easy to Get a .gov Domain Name (Krebs on Security, Nov 26 2019)
“Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain.”

Church’s Chicken Restaurants Hit by Payment Card Breach (SecurityWeek, Nov 25 2019)
At least 160 Church’s Chicken restaurants across 11 U.S. states are impacted by a data breach that involved unauthorized access to payment processing systems.

110 Nursing Homes Cut Off from Health Records in Ransomware Attack (Krebs on Security, Nov 23 2019)
A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States.

The overlooked part of an infosec strategy: Cyber insurance underwriting (Help Net Security, Nov 26 2019)
“On average we provide between $500K – $1M in limits for cyber insurance coverage for SMBs. In order for a business to secure this coverage we evaluate potential risk by leveraging data and analytics to provide a forensics-level report on current and predictive risk.”

UK Government Invites Bids for New Cybersecurity Platform (Infosecurity Magazine, Nov 25 2019)
The UK’s Ministry of Justice is inviting bids for the creation of a single, centralized cybersecurity log collection and aggregation platform.

Court says suspect can’t be forced to reveal 64-character password (Naked Security – Sophos, Nov 26 2019)
We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.

5 Ways to Champion and Increase Your 2020 Security Budget (Dark Reading, Nov 26 2019)
Give your organization’s leadership an impactful, out-of-office experience so they know what’s at stake with their budgeting decisions.

New Bill Could Cost US Companies Data (Infosecurity Magazine, Nov 26 2019)
New bill proposes granting US citizens the right to request companies delete data

Splunk customers should update now to dodge Y2K-style bug (Naked Security – Sophos, Nov 27 2019)
Splunk has issued a critical warning regarding a showstopping Y2K-style date bug in one of the platform’s configuration files.

EU raises eyebrows at possible US encryption ban (Naked Security – Sophos, Nov 27 2019)
EU officials have warned that they may not take kindly to a US encryption ban or insertion of crypto backdoor technology.

Meet Kilos, a New Search Engine for the Dark Web (SecurityWeek, Nov 27 2019)
Kilos is a new dark web search engine that goes where Google doesn’t.

Cryptocurrency exchange loses US$50 million in apparent hack (WeLiveSecurity, Nov 27 2019)
UPbit has announced that, as a precaution, all transactions will remain suspended for at least two weeks

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains (Krebs on Security, Nov 26 2019)
“On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.”

Practical Principles for Security Metrics (Dark Reading, Nov 27 2019)
A proactive approach to cybersecurity requires the right tools, not more tools.

CISO View – The Week’s Best News – 2019.11.22

2019-11-22 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

U.S. manufacturing group hacked by China as trade talks intensified (Reuters, Nov 22 2019)
As trade talks between Washington and Beijing intensified earlier this year, suspected Chinese hackers broke into an industry group for U.S. manufacturers that has helped shape President Donald Trump’s trade policies, according to two people familiar with the matter.

How Iran’s Government Shut Off the Internet (Wired, Nov 17 2019)
After years of centralizing internet control, Iran pulled the plug on connectivity for nearly all of its citizens.

Twitter finally upgrades its 2FA security feature. Mobile number no longer required! (Graham Cluley, Nov 22 2019)
Hundreds of millions of Twitter users now have an improved way to better safeguard their accounts from being compromised.

Share today’s post on Twitter Facebook LinkedIn

Hackers helping communities: Leveraging OSINT to find missing persons (Help Net Security, Nov 18 2019)
Trace Labs is a not-for-profit organization that crowdsources open source intelligence (OSINT) to help authorities find missing persons. Comprised of and led by volunteers, Trace Labs partners with other organizations and law enforcement agencies to set up Capture-The-Flag-type contests during which computer enthusiasts, infosec pros, first responders, hackers and private investigators compete by unearthing open source information that can provide leads for law enforcement to pursue.

Want to build a successful SOC? Here’s what you need to know (Help Net Security, Nov 19 2019)
According to Ernst & Young’s Global Information Security Survey 2018-19, the average cost of a data breach is $3.62 million, yet more than half of companies report they have no program (or an obsolete one) for one or more of the following areas: threat intelligence, vulnerability identification, breach detection, incidence response, data protection and identity and access management – disciplines which all originate or are closely tied to the SOC.

Why Were the Russians So Set Against This Hacker Being Extradited? (Krebs on Security, Nov 18 2019)
“What follows are some clues that might explain why the Russians are so eager to reclaim this young man.”

Most Companies Lag Behind ‘1-10-60’ Benchmark for Breach Response (Dark Reading, Nov 19 2019)
Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.

DDoS-for-Hire Boss Gets 13 Months Jail Time (Krebs on Security, Nov 20 2019)
“A 21-year-old Illinois man was sentenced last week to 13 months in prison for running multiple DDoS-for-hire services that launched millions of attacks over several years. This individual’s sentencing comes more than five years after KrebsOnSecurity interviewed both the defendant and his father and urged the latter to take a more active interest in his son’s online activities.”

#InfosecNA: The Benefits of Training Employees to Hack (Infosecurity Magazine, Nov 21 2019)
After a co-worker accepts the challenge, he begins a surveillance phase which, depending on how good his opponent is, can last anywhere from a few days to a few months. In one case, with an especially cyber-savvy individual, his usual hunt within social media, inquiries with co-workers, and other tactics failed to produce anything. Even though they had effectively hosted themselves, including paying a service to erase their profile from the internet, he did find evidence of their activity on Amazon which enabled him to craft a phishing attack that eventually proved effective in gaining his ‘victim’s’ credentials.

Buttigieg campaign hires CISO, citing cybersecurity emphasis (POLITICO, Nov 22 2019)
Mick Baccio, the Buttigieg pick for CISO, was branch chief of White House Threat Intelligence.

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies (VICE, Nov 17 2019)
It’s a reward for hacktivists and criminals who break into capitalist institutions, offered by one of the most infamous hackers of all time.

Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked (VICE, Nov 18 2019)
“A criminal investigation is ongoing,” the Cayman National Bank from the Isle of Man said in a statement.

Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI (Dark Reading, Nov 18 2019)
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today’s generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.

Governments Lose Millions to DNS Attacks Each Year (Infosecurity Magazine, Nov 19 2019)
IDC report warns the sector is hardest hit

How to prepare for the U.S. Census to move online (SC Magazine, Nov 19 2019)
History will be made on April 1, 2020. For the first time, the United States Census will offer a full internet response option, in addition to traditional paper responses. The digitization of the census is meant to address the challenges of counting an increasingly large and diverse population, while also complying with strict cost constraints imposed by Congress. But as with most technological breakthroughs, there are plenty of risky implications.

Security Companies and Activists Launch ‘Coalition Against Stalkware’ (VICE, Nov 19 2019)
10 organizations are part of the Coalition, and they have also launched a website to help victims.

Suit against Estée Lauder spotlights 401k Distribution Fraud (The Security Ledger, Nov 19 2019)
A former employee of the New York based cosmetics giant Estée Lauder is suing the company and a third party benefits firm alleging they breached their fiduciary duty to secure her 401k retirement account after $99,000 was fraudulently distributed from the account without her knowledge.

#InfosecNA: How to Communicate Risk and Security to Executives (Infosecurity Magazine, Nov 21 2019)
Security leaders must understand the cost and benefit of their objectives, and frame reporting of results or requests for resources in the context of business executives, Rock continued. He then shared an ‘alignment to value’ diagram that can aid security leaders in achieving this.

French Hospital Crippled by Ransomware (Infosecurity Magazine, Nov 21 2019)
Long delays in patient care at CHU in Rouen

Most Companies Don’t Properly Manage Third-Party Cyber Risk (SecurityWeek, Nov 21 2019)
It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world.

CISO View – The Week’s Best News – 2019.11.15

2019-11-15 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Cybersecurity expert Alex Stamos on what scares him most about the upcoming U.S. presidential election (TechCrunch, Nov 14 2019)
In fact, in nearly every conceivable way, “responsibilities that were once clearly public sector responsibilities are now private sector responsibilities,” he told Frenkel during a later part of their discussion. He would know, having seen it first-hand.

“When I was the chief security officer at Facebook,” he told the audience, “I had a child safety team. We probably put more bad guys away than almost any law enforcement agency outside of the FBI or [Homeland Security Investigations unit] in the child safety realm. Like, there’s no local police department in the United States that put away more child predators than the Facebook child safety team. That is a crazy stat.

We Need a Global Standard for Reporting Cyber Attacks (Harvard Business Review, Nov 11 2019)
Regulators should be collecting a standardized data set, so we can measure the threat.

Breach affecting 1 million was caught only after hacker maxed out target’s storage (Ars Technica, Nov 13 2019)
Hacker’s data archive file grew so big that the target’s hard drive ran out of space.

Share today’s post on Twitter Facebook LinkedIn

Chronicle Is Dead and Google Killed It’ (Vice, Nov 09 2019)
Chronicle, Google’s moonshot cybersecurity startup that was supposed to completely change the industry, is imploding.

What Keeps NSA Cybersecurity Boss Anne Neuberger Up at Night (Wired, Nov 08 2019)
At WIRED25, the NSA’s Anne Neuberger talked election security, low-orbit satellites, and weaponized autonomous drones.

Security Predictions Reports | FireEye (FireEye, Nov 12 2019)
Our annual Security Predictions report offers unique insights into what we can expect from attackers, victim organizations, security vendors and nation-states in the coming year.

Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings (Wired, Nov 13 2019)
Speculative execution attacks still haunt Intel, long after researchers told the company what to fix.

How a turf war and a botched contract landed 2 pentesters in Iowa jail (Ars Technica, Nov 13 2019)
Despite no evidence of criminal intent, Coalfire employees face charges of criminal trespass.

5,183 breaches from the first nine months of 2019 exposed 7.9 billion records (Help Net Security, Nov 14 2019)
According to Risk Based Security’s Q3 2019 Data Breach QuickView Report, the total number of breaches was up 33.3% compared to Q3 2018, with 5,183 breaches reported in the first nine months of 2019. Number of breaches by attack vector, reported by 9/30/19 Breach activity in 2019 Breach activity in 2019 is living up to being “the worst year on record”.

Technology and Policymakers (Schneier on Security, Nov 14 2019)
Technologists and policymakers largely inhabit two separate worlds. It’s an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world’s problems. The essay was influential — but 60 years later, nothing has changed.

Why Cyber-Risk Is a C-Suite Issue (Dark Reading, Nov 12 2019)
One noteworthy finding of the NTT research is the amazing number of companies that are willing to pay ransom. One-third said they’d prefer to hand over ransom to a criminal than invest in cybersecurity. It’s “cheaper,” they said.

UK Labour Party Hit By “Sophisticated” and “Large-Scale” Cyber-Attack (Infosecurity Magazine, Nov 12 2019)
DDoS attack failed due to “robust security systems”

Hosting Provider SmarterASP.NET Recovering From Ransomware Attack (SecurityWeek, Nov 12 2019)
ASP.NET hosting provider SmarterASP.NET is currently working on recovering customer data after being hit by a ransomware attack over the weekend.

Mexican Petrol Giant Pemex Hit by Ransomware (Infosecurity Magazine, Nov 13 2019)
Reports suggest billing systems have been taken offline

Ransom payments averaging $41,000 per incident (SC Magazine, Nov 12 2019)
The average ransom payment paid out by victims increased 13 percent, to $41,000, during the last three months, but researchers noted the rate of increase has plateaued. Researchers at Coveware credited the victims with being better prepared to restore their data on their own negating the need to pay the ransom.

When is the right time to red team? (Help Net Security, Nov 11 2019)
Using the same partner for red teaming, penetration testing, and other essential activity can also make it easier to assemble various jigsaw pieces of intelligence into a single coherent picture.

New MITRE Foundation Aims to Boost Critical Infrastructure (SecurityWeek, Nov 14 2019)
American not-for-profit organization MITRE Corporation has announced the launch of a tech foundation focused on strengthening critical infrastructure through partnerships with the private sector.

Russia Fails to Stop Alleged Hacker From Facing US Charges (Wired, Nov 13 2019)
The repercussions over custody and extradition of Aleksei Burkov have set off a geopolitical maelstrom.

InfoTrax Settles With FTC Over Data Breach (SecurityWeek, Nov 15 2019)
Backend operation services provider InfoTrax Systems has reached a settlement with the U.S. Federal Trade Commission (FTC) over a data breach discovered in 2016, the agency announced this week.

The Evidence That Links Russia’s Most Brazen Hacking Efforts (Wired, Nov 15 2019)
From the 2017 French election to the Olympics to NotPetya, the same group’s fingerprints have appeared again and again.

CISO View – The Week’s Best News – 2019.11.08

2019-11-08 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

A Military Camera Said ‘Made in U.S.A.’ The Screen Was in Chinese. (The New York Times, Nov 07 2019)
The surveillance equipment was actually manufactured in China, raising concerns that Beijing could have used it for spying, prosecutors said.

Tipped off by an NSA breach, researchers discover new APT hacking group (Ars Technica, Nov 05 2019)
With a tip that came from one of the biggest breaches in US National Security Agency history, researchers have discovered a new hacking group that infected targets with a previously unknown piece of advanced malware. Dubbed DarkUniverse, the group is probably tied to ItaDuke, a group that has actively targeted Uyghur and Tibetans since 2013.

A Cybersecurity Firm’s Sharp Rise and Stunning Collapse (The New Yorker, Nov 05 2019)
Tiversa dominated an emerging online market—before it was accused of fraud, extortion, and manipulating the federal government.

Share today’s post on Twitter Facebook LinkedIn

A VPN service that gets around the Great Firewall of China legally (Network World Security, Nov 04 2019)
Teridion’s SD-WAN service for China complies with government restrictions on IPSec traffic leaving the country yet supports broadband IPSec WAN interfaces for international businesses with branches in China.

Who is responsible for Active Directory security within your organization? (Help Net Security, Nov 06 2019)
Ransomware attacks are just one of the many types of attacks that rely on compromising the Active Directory, which is sometimes forgotten as an element of an organization’s IT security.

Of organizations which have an Active Directory, the survey data shows that responsibility for Active Directory security is split between functions, with 27% of those IT professionals reporting that responsibility lies with the IT team, and 19% stating that the security team holds responsibility for Active Directory security.

Seven Security Strategies, Summarized (TaoSecurity, Nov 06 2019)
In the interest of capturing the thought, and not in the interest of thinking too deeply or comprehensively (at least right now), I offer seven security strategies, summarized.

Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks (Krebs on Security, Nov 07 2019)
“Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes.”

Companies should disclose cybersecurity risk management efforts (Help Net Security, Nov 04 2019)
Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors. However, companies that are open about their cybersecurity risk management fare significantly better than peers that don’t disclose their cybersecurity efforts.

#ISC2Congress: The Truth Behind the Lack of Women in Cybersecurity (Infosecurity Magazine, Nov 01 2019)
Cybersecurity professionals speaking at the (ISC)² Security Congress held in Florida this week revealed that talented women are taking their skills elsewhere because cybersecurity made them feel unwelcome.

Spanish companies’ networks shut down as result of ransomware (Ars Technica, Nov 04 2019)
Apparent BitPaymer variant strikes major IT consulting company, radio network.

How HR and IT Can Partner to Improve Cybersecurity (Dark Reading, Nov 04 2019)
With their lens into the human side of business, human resources can be an effective partner is the effort to train employees on awareness and keep an organization secure.

Details of Attack on Electric Utility Emerge (Dark Reading, Nov 01 2019)
An unpatched vulnerability in sPower’s Cisco firewalls was the target of the attack, which, although affecting communications within the grid, did not cause service interruptions to any customers.

NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm (Krebs on Security, Nov 03 2019)
“Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuickBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions.”

Key predictions that will impact CIOs and IT pros over the next five years (Help Net Security, Nov 06 2019)
Time for action is growing short for CIOs in the digital era. Many continue to struggle with siloed digital transformation initiatives, leaving them adrift and buffeted by competition and market forces.

Mozilla says ISPs are lying to Congress about encrypted DNS (Naked Security – Sophos, Nov 06 2019)
Mozilla on Friday posted a letter urging Congress to take the broadband industry’s lobbying against encrypted DNS within Firefox and Chrome with a grain of salt.

The Future of Cyber Through the Eyes of an Intelligence Firm (SecurityWeek, Nov 06 2019)
If there are two clear themes to Booz Allen’s future expectations in cyber (PDF), they are that evolving technology will lead to evolving threats, and that geopolitical tensions will expand the operations of nation state activity and make the world an even more dangerous place.

Capital One Senior Security Officer Being Moved to New Role (WSJ, Nov 08 2019)
Capital One Financial is moving its chief information security officer out of the role in the wake of the bank’s massive data breach.

To Prove Cybersecurity’s Worth, Create a Cyber Balance Sheet (Dark Reading, Nov 07 2019)
How tying and measuring security investments to business impacts can elevate executives’ understanding and commitment to cyber-risk reduction.

How much do data breaches affect stock prices? (WeLiveSecurity, Nov 07 2019)
A study looks at just how badly the news of a data breach impacts the company’s share price, revealing some surprising findings