CISO View Archives - Page 3 of 19 - Mosaic Security Research

CISO View – The Week’s Best News – 2019.02.08

February 8, 2019 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Just two hacker groups are behind 60% of stolen cryptocurrency (Naked Security – Sophos, Feb 06 2019)
Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.

RSA Conference 2019 USA: What you can expect at this year’s event (Help Net Security, Feb 04 2019)
It’s that time of year: RSA Conference 2019 USA is a little over a month away. To prepare, we asked Britta Glade, Director of Content and Curation for RSA Conference, to tell us more about this year’s event.

Chinese Hackers Spy on U.S. Law Firm, Major Norwegian MSP (SecurityWeek, Feb 06 2019)
China-linked cyber-espionage group APT10 has targeted companies in the United States and Europe to steal intellectual property or gain commercial advantage, Recorded Future security researchers say.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

CISOs: Change your mindset or lose your job (Help Net Security, Feb 04 2019)
Capgemini commissioned IDC to produce a new piece of research, which reveals the increasing pressure on the Chief Information Security Officer to drive forward digital transformation – or risk losing their seat at the table when it comes to key business decisions.

U.S. Energy Firm Fined $10 Million for Security Failures (SecurityWeek, Feb 04 2019)
A US energy company, identified by some media reports as Duke Energy, received a $10 million fine from the North American Electric Reliability Corporation (NERC) for nearly 130 violations of the Critical Infrastructure Protection (CIP) standards.

RSA Conference announces finalists for Innovation Sandbox Contest 2019 (Help Net Security, Feb 06 2019)
RSA Conference announced the 10 finalists for its annual RSAC Innovation Sandbox Contest. The competition is dedicated to providing innovative startups a platform to showcase their groundbreaking technologies that have the potential to transform the information security industry.

Huawei offers to build cyber security center in Poland (Reuters, Feb 06 2019)
China’s Huawei has offered to build a cyber security center in Poland where last month authorities arrested a Chinese employee of the telecommunications firm along with a former Polish security official on spying charges.

What do successful pentesting attacks have in common? (Help Net Security, Feb 07 2019)
“What many of our successful pentesting attacks had in common was the presence of interfaces on the network perimeter that should not be accessible from the outside. For example, an Internet-accessible video surveillance system not only allows an attacker to view video, but also to run arbitrary commands on the server. This shows how important it is to correctly delineate the network perimeter and monitor the security of every component,” noted Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies.

Serious Security: Post-Quantum Cryptography (and why we’re getting it) (Naked Security – Sophos, Feb 07 2019)
Here’s why NIST is running a competition to find algorithms for a Post-Quantum Cryptographic world…

Australian Parliament Computer Network Breached (SecurityWeek, Feb 07 2019)
Australia’s parliament revealed Friday that its computer network had been compromised by an unspecified “security incident” and said an investigation was under way.

Four differences between the GDPR and the CCPA (Help Net Security, Feb 04 2019)
The CCPA is a strong step in the right direction for the U.S. However, it does not go as far as European Union’s General Data Protection Regulation (GDPR), which went into effect May 25, 2018.

Microsoft rolls out new tools for enterprise security and compliance teams (Help Net Security, Jan 31 2019)
The new Microsoft 365 security center allows security administrators and other risk management professionals to manage and take full advantage of Microsoft 365 intelligent security solutions for identity and access management, threat protection, information protection, and security management.

Huddle House hit with point-of-sale data breach (SC Magazine, Feb 04 2019)
The Huddle House restaurant chain reported it has closed a point-of-sale data breach that existed one of its third-party vendors from August 2017 until now. The malware resided on a third-party system and exposed payment card information at some of the chain’s corporate and franchised locations.

Over 59K Data Breaches Reported in EU Under GDPR (Dark Reading, Feb 05 2019)
In addition, 91 reported fines have been imposed since the regulation went into effect last May.

No Sign of ‘Material’ Nation-State Actor Impact on 2018 US Midterms (Dark Reading, Feb 05 2019)
That’s the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.

Bank IT Manager Gets 10 Years for ATM Exploit (Infosecurity Magazine, Feb 06 2019)
Huaxia Bank employee stole $1m from cashpoints

Carbonite Announces Webroot Purchase (Dark Reading, Feb 07 2019)
The purchase will add WebRoot’s cloud-based security to the cloud-based data backup and recovery platform of Carbonite.

Algeria Ranked ‘Least Cyber-Secure’ Country in the World, Japan ‘Most Cyber-Secure’ (Infosecurity Magazine, Feb 07 2019)
Comparitech studied 60 nations to gauge their ability to meet key security criteria

Australia Wields Vast Decryption Powers Before Planned Review (SecurityWeek, Feb 07 2019)
Australian security agencies have begun using sweeping new powers to access encrypted communications, even before a promised review to address concerns from the likes of Google, Apple and Facebook.

CISO View – The Week’s Best News – 2019.02.01

February 1, 2019 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Ex-NSA cyberspies reveal how they helped hack foes of UAE (Reuters, Jan 30 2019)
Reuters reveals how a UAE surveillance operation, staffed by former U.S. cyber-agents, spied on dissidents, rivals and Americans. Inside ‘Project Raven.’

Where To Begin With MITRE ATT&CK Matrix (SecurityWeek, Jan 28 2019)
To take advantage of ATT&CK, you must accept and prioritize the importance of visibility within your security operation. Visibility is a word we hear commonly in security, and for good reason. You don’t find what you can’t look for.

Google says sorry for pulling a Facebook with monitoring program (Naked Security – Sophos, Feb 01 2019)
It was using the same Apple enterprise back door as Facebook to get its market research done, but it owned up and backed off.

Everybody hates cybersecurity professionals (The Next Web, Jan 26 2019)
A survey from Thycotic shows that many security professionals believe they’ve got an image problem, with roughly two-thirds believing their teams are regarded as the company naysayers — either “doom mongers” or a “necessary evil.”

Suspected GDPR violations prompt over 95,000 complaints (WeLiveSecurity, Jan 28 2019)
Eight months after the landmark rules came into effect, data released by the European Commission provides a glimpse into the law’s application

Global IT spending to reach $3.8 trillion in 2019, up 3.2% from 2018 (Help Net Security, Jan 29 2019)
Worldwide IT spending is projected to total $3.76 trillion in 2019, an increase of 3.2 percent from 2018, according to the latest forecast by Gartner. Worldwide IT spending forecast (billions of U.S. dollars) “Despite uncertainty fueled by recession rumors, Brexit, and trade wars and tariffs, the likely scenario for IT spending in 2019 is growth,” said John-David Lovelock, research vice president at Gartner.

Security Isn’t Enough. Silicon Valley Needs ‘Abusability’ Testing (Security Latest, Jan 28 2019)
Former Federal Trade Commission chief technologist Ashkan Soltani plans to give a talk centered on an overdue reckoning for move-fast-and-break-things tech firms. He says it’s time for Silicon Valley to take the potential for unintended, malicious use of its products as seriously as it takes their security.

Largest DDoS Attack Sent Over 500 Million Packets per Second (, Jan 30 2019)
Last year’s DDoS attack at GitHub, surpasses all previous attacks, says Imperva.

Discover Financial Services notifies customers of data breach incident (SC Media, Jan 29 2019)
Discover Financial Services has filed a data breach incident notification with the California attorney general’s office that some of its cardholders maybe have had their account information compromised. Discover supplied few details in its Jan. 25 filing and cannot even tell its customers exactly what information may have been exposed, but it did specifically state the breach did not directly involve any Discover card systems. The company stated the breach was spotted on Aug. 13, 2018.

DNS Providers to Cease Implementing DNS Resolver Workarounds (SecurityWeek, Jan 29 2019)
Starting on February 1, 2019, a number of DNS software and service providers will cease implementing DNS resolver workarounds for systems that don’t follow the Extensions to DNS (EDNS) protocol.

Creating a Security Culture & Solving the Human Problem (Dark Reading:, Jan 29 2019)
People are the biggest weakness to security breaches; people can also be your organization’s biggest defense.

Judge rejects Yahoo’s data breach settlement proposal (SC Media, Jan 30 2019)
A federal judge in San Jose, California rejected Yahoo’s proposed data breach settlement offer faulting Yahoo’s lack of transparency, Yahoo’s proposed a $50 million payout, plus two years of free credit monitoring for about 200 million people in the United States and Israel was rebuffed by U.S. District Judge Lucy Koh…

Three Charged for Working With Serial Swatter (Krebs on Security, Jan 25 2019)
“The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss, a convicted serial swatter whose last stunt in late 2018 cost a Kansas man his life.”

3 Ways Companies Mess Up GDPR Compliance the Most (Dark Reading:, Jan 28 2019)
The best way to conform to the EU’s new privacy regulation is to assume that you don’t need to hold on to personal data, versus the opposite.

How accepting that your network will get hacked will help you develop a plan to recover faster (Help Net Security, Jan 28 2019)
So, what’s the answer? It comes down to two things – prevention and acceptance.

UK Government Pledges Security Skills and R&D Funding (, Jan 29 2019)
Wants nation to be a leader in hardware security…The UK government has pledged more money to address the IT security skills crisis and improve hardware and IoT security, although details on the latter are vague.

The biggest cybersecurity challenge? Communicating threats internally (Help Net Security, Jan 30 2019)
IT executives responsible for cybersecurity feel a lack of support from company leaders, and 33 percent feel completely isolated in their role, according to Trend Micro.

Global Ransomware Attack Could Cost $193 Billion (, Jan 30 2019)
The report’s hypothetical attack begins with a malicious email directed at one organization, which is opened, triggering the ransomware download. The malware then spreads itself to connected networks and forwards itself to all contacts. The report estimates that as many as 600,000 businesses globally could be affected by such an attack, with the resulting financial damage hitting anywhere between $85bn and $193bn.

Researchers: Remexi spyware campaign targeted diplomatic institutions based in Iran (SC Media, Jan 30 2019)
A cyberespionage campaign targeted Iranian IP addresses late last year, with the goal of infecting victims with an updated version of Remexi backdoor malware, researchers have reported. Some of these IP addresses belong to foreign diplomatic entities located within Iran’s borders.

Home Design Website Houzz Alerts Users of Data Breach (SecurityWeek, Feb 01 2019)
Home remodeling and design platform Houzz informed customers this week of a data breach that involved some personal information.

CISO View – The Week’s Best News – 2019.01.25

January 25, 2019 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

How the U.S. Govt. Shutdown Harms Security (Krebs on Security, Jan 23 2019)
“The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.”

Industry reactions to Google’s €50 million GDPR violation fine (Help Net Security, Jan 22 2019)
On 21 January 2019, the French National Data Protection Commission (CNIL) imposed a financial penalty of €50 million against Google, in accordance with the GDPR. This is the first time that the CNIL applies the new sanction limits provided by the GDPR. The amount decided and the publicity of the fine are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent. Here are some reactions …

The 5 Stages of CISO Success, Past & Future (Dark Reading, Jan 25 2019)
In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.

GDPR Suit Filed Against Amazon, Apple (Dark Reading, Jan 18 2019)
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.

Serious Security: What 2000 years of cryptography can teach us (Naked Security – Sophos, Jan 19 2019)
Here’s a fascinating history of cryptography that has plenty to teach you – and you don’t need a degree in mathematics to follow along!

Hackers Baselessly Blame Women and ‘SJWs’ for the End of DerbyCon Security Conference (Motherboard, Jan 23 2019)
The founder says the charge is ‘baseless,’ but that hasn’t stopped employees at some of the most important infosec companies from posting misogynistic comments in a closed Facebook group.

The Evolution of Darknets (Schneier on Security, Jan 23 2019)
This is interesting: To prevent the problems of customer binding, and losing business when darknet markets go down, merchants have begun to leave the specialized and centralized platforms and instead ventured to use widely accessible technology to build their own communications and operational back-ends. Instead of using websites on the darknet, merchants are now operating invite-only channels on widely available…

VC Investments in Cybersecurity Hit Record Highs in 2018 (Dark Reading, Jan 18 2019)
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.

Shadow IT, IaaS & the Security Imperative (Dark Reading, Jan 21 2019)
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.

Trend Micro’s ZDI Looks to Acquire More Vulnerabilities in 2019 (eWEEK, Jan 18 2019)
Trend Micro’s Zero Day Initiative published 1,444 security advisories in 2018, with issues in PDF technologies leading the way.

Dark Web Drug Dealers Get 43 Years (Infosecurity Magazine, Jan 22 2019)
Leeds trio sold fentanyl and carfentanyl internationally

Global Firms Face $5tr in Cybercrime Losses (Infosecurity Magazine, Jan 21 2019)
Accenture report urges greater focus on industry-wide collaboration

Bulgaria Extradites Russian Hacker to US: Embassy (SecurityWeek, Jan 19 2019)
Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.

PCI SSC Releases New Security Standards for Payment Software (SecurityWeek, Jan 18 2019)
The Payment Card Industry Security Standards Council (PCI SSC) this week announced new security standards for the design, development and maintenance of payment software.

Build the wall… around your DNS settings, US govt IT staff urged by Homeland Security amid domain hijackings (The Register, Jan 23 2019)
Anyone still at their posts, please stop these address takeovers… please, helloo? Anyone there?

The Fact and Fiction of Homomorphic Encryption (Dark Reading, Jan 22 2019)
The approach’s promise continues to entice cryptographers and academics. But don’t expect it to help in the real world anytime soon.

Apple’s Security Expert Joined the ACLU to Tackle ‘Authoritarian Fever’ (Motherboard, Jan 22 2019)
Apple security expert Jon Callas, who helped build protection for billions of computers and smartphones against criminal hackers and government surveillance, is now taking on government and corporate spying in the policy realm.

Threats and abuse: Critics fear effect of new Thailand cyber law (Aljazeera, Jan 25 2019)
Threats and abuse: Critics fear effect of new Thailand cyber law Aljazeera.comDespite revisions, critics fear legislation will be used to stifle debate ahead of elections scheduled for March.

CISO View – The Week’s Best News – 2019.01.18

January 18, 2019 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

773M Password ‘Megabreach’ is Years Old (Krebs on Security, Jan 17 2019)
“…in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of stolen data, and that it is at least two to three years old.”

The American Military Sucks at Cybersecurity (Motherboard, Jan 15 2019)
A new report from US military watchdogs outlines hundreds of cybersecurity vulnerabilities.

Prices for Zero-Day Exploits Are Rising (Schneier on Security, Jan 17 2019)
“There is no doubt that the U.S. Government could openly corner the world vulnerability market,” said Geer, “that is, we buy them all and we make them all public. Simply announce ‘Show us a competing bid, and we’ll give you [10 times more].’

Zurich Rejects Mondelez’ $100 Million NotPetya Insurance Claim Citing ‘Act of War’ (SecurityWeek, Jan 14 2019)
In October 2018, Mondelez International filed suit against Zurich American Insurance Company. At stake is a $100 million insurance claim for damage caused by NotPetya.

Huawei fires company exec arrested in Poland for spying (SC Magazine, Jan 14 2019)
Chinese telecom manufacturer Huawei has fired a company executive who had been arrested in Poland on charges of spying for China. Weijing Wang, a Chinese citizen, was a director of sales for Huawei. The company said he was fired for bringing disrespect to Huawei, CNN reported.

New Magecart Group Hits Hundreds of Sites Via Supply Chain (Infosecurity Magazine, Jan 16 2019)
This firm is Adverline, a French advertising agency. The attackers are said to have compromised a content delivery network for ads run by the company to include a stager containing the skimmer code.

Courts Hand Down Hard Jail Time for DDoS (Krebs on Security, Jan 14 2019)
“On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014. Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016.”

Alex Stamos on Content Moderation and Security (Schneier on Security, Jan 15 2019)
“Former Facebook CISO Alex Stamos argues that increasing political pressure on social media platforms to moderate content will give them a pretext to turn all end-to-end crypto off — which would be more profitable for them and bad for society.”

Oklahoma Data Leak Compromises Years of FBI Data (Dark Reading, Jan 16 2019)
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.

You Want Network Segmentation, But You Need Zero Trust (Palo Alto Networks Blog, Jan 17 2019)
“In this blog series, I’ve been giving sufficient commentary on Zero Trust in order to dispel much of the mythology that has started to surround the topic recently. I talked about the fundamental issues with the failed trust model and how trust is a vulnerability. Then, I provided clarity as to what Zero Trust is (and isn’t). And most recently, I reviewed the concept of a “protect surface”. Now, I want to talk about the concept of a Segmentation Gateway (SG) – the technology that protects the protect surface.”

Six Steps to Segmentation in a Perimeterless World (SecurityWeek, Jan 17 2019)
Setting Objectives and Having a Clear Roadmap is the Best Path to a Successful Network Segmentation Journey

DoJ Prepping Criminal Probe of Huawei IP Theft: Report (Infosecurity Magazine, Jan 18 2019)
Case linked to 2014 theft of T-Mobile tech

Two charged with hacking company filings out of SEC’s EDGAR system (Naked Security – Sophos, Jan 17 2019)
They’re charged with phishing and inflicting malware to get into the EDGAR filing system, stealing thousands of filings, and selling access.

West African banks targeted in multi-wave attack (SC Magazine, Jan 17 2019)
In a somewhat unusual step cybercriminals are targeting banks in several western African nations using off the shelf malware to gain entry, gain persistence and exfiltrate data along with “living off the land” tactics.

Evaluating the GCHQ Exceptional Access Proposal (Schneier on Security, Jan 18 2019)
The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI — and some of their peer agencies in the UK, Australia, and elsewhere — argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems susceptible to government eavesdropping.

SCOTUS Says Suit Over Fiat-Chrysler Hack Can Move Forward (Dark Reading, Jan 11 2019)
A class-action suit over a 2015 attack demonstration against a Jeep Cherokee can move forward, US Supreme Court rules.

Iranian actors possibly behind DNS attack: FireEye (SC Magazine, Jan 11 2019)
A tentative connection has been made to Iranian-inspired actors for a wave of DNS attack being conducted against targets in Middle East and North Africa, Europe and North America. FireEye’s Mandiant Incident Response and Intelligence teams tempered its belief that Iran is behind the attacks noting work continues on attribution, but enough evidence exists…

Are You Listening to Your Kill Chain? (Dark Reading, Jan 16 2019)
“The cyber kill chain (CKC) is a great framework to start organizing network and application defenses. I like this version of the framework because it provides a little more detail on containing an attack than most others.”

Singapore Imposes $740,000 Fines Over Major Cyber Attack (SecurityWeek, Jan 16 2019)
Singapore’s privacy watchdog Tuesday imposed fines of Sg$1 million ($740,000) on a healthcare provider and an IT agency over a cyber-attack that saw health records of about quarter of the population stolen.

Facebook Faces Action From German Watchdog (Dark Reading, Jan 14 2019)
German antitrust regulators prepare to require changes from Facebook regarding privacy and personal information.

CISO View – The Week’s Best News – 2019.01.11

January 11, 2019 by Lucas Samaras

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Credential stuffing attack prompts Reddit to force password reset (SC Magazine, Jan 10 2019)
Some Reddit users found themselves locked out of their own accounts earlier this week after an apparent credential stuffing attack compelled the popular website to invoke password security measures. An admin post published on Reddit’s Help subreddit this past Wednesday advises users that a “large group of accounts were locked down” due to anomalous activity…

Magecart Mayhem Continues in OXO Breach (Dark Reading, Jan 09 2019)
The home goods company confirmed users’ data may have been compromised during multiple time frames over a two-year period.

House Democrats’ first bill aims big on election security (Washington Post, Jan 07 2019)
House Democrats came out swinging on election security in their first bill of the new Congress on Friday, promising at least $120 million for new voting machines — so long as they use paper ballots rather than digital ones.

Candid Candiru: Report dredges up details on secretive spyware company (SC Magazine, Jan 04 2019)
A report from Israeli news outlet Haaretz has ever so slightly lifted the veil on what may be Israel’s second largest commercial provider of offensive cyber tools and spyware, a clandestine company called Candiru. The candiru is South American parasitic catfish that, according to legend, invades swimmers’ urethras.

Humana says Bankers Life breach exposed PII on insurance policy applicants (SC Magazine, Jan 04 2019)
Managed health care provider Humana said an unauthorized third party accessed system credentials of some employees at health insurance company Bankers Life, exposing “limited, personal information” of people who had applied for a Humana policy. In a breach notification filing with the California Attorney General’s Office, Humana said the miscreants had access to names, addresses, birth dates, the last four digits of Social Security numbers and some information on policies, including policy type, cost and number.

Could a Chinese-made Metro car spy on us? Many experts say yes. (Washington Post, Jan 08 2019)
Congress, the Pentagon and others are worried about Beijing’s takeover of the U.S. transit rail car market.

DARPA Funds Hardware Cybersecurity that Turns Circuits into Unsolvable Puzzles (Machine Design, Jan 08 2019)
Cybersecurity should focus on hardware and not software.

20-Year Old Student Admits to Massive Data Leak in Germany (Dark Reading, Jan 08 2019)
Hack was not politically motivated; no sign of third-party involvement, authorities say.

Neiman Marcus Reaches $1.5 Million Data Breach Settlement (SecurityWeek, Jan 08 2019)
More than 40 state attorneys general have announced a $1.5 million settlement with The Neiman Marcus Group LLC over a data breach the Dallas-based retailer disclosed in January 2014.

US Shutdown Plays into Hackers’ Hands (Infosecurity Magazine, Jan 11 2019)
Expired web certificates expose users to man-in-the-middle attacks

Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case (Naked Security – Sophos, Jan 10 2019)
The court’s action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.

German IT Security Agency Defends Response in Hacking Case (SecurityWeek, Jan 07 2019)
Germany’s IT security agency on Saturday defended its response to the leaking of hundreds of politicians’ private information, after lawmakers accused it of failing to inform them quickly enough.

The United States and China – A Different Kind of Cyberwar (SecurityWeek, Jan 07 2019)
China is Conducting a Low and Slow Cyberwar, Attempting to Stay Under the Radar and Maneuver the Global Economy

Security Matters When It Comes to Mergers & Acquisitions (Dark Reading, Jan 08 2019)
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.

CISOs Find Collaboration Improves Resiliency (Infosecurity Magazine, Jan 07 2019)
Boards should recruit members with cyber expertise, finds ACSC report

No, Spotify Wasn’t Hacked (Troy Hunt, Jan 08 2019)
Time and time again, I get emails and DMs from people that effectively boil down to this: Hey, that paste that just appeared in Have I Been Pwned is from Spotify, looks like they’ve had a data breach

Modern CISO challenges: Implementing DevSecOps, improving security operations (Help Net Security, Jan 09 2019)
We sat down with Aaron Contorer, CEO at FP Complete, to learn more about what enterprises can do to increase their cybersecurity, the challenges related to DevSecOps implementations and improving overall security operations, and much more.

Australia’s Early Warning Network Hacked (SecurityWeek, Jan 08 2019)
A hacker managed to gain unauthorized access to Australia’s Early Warning Network (EWN) late last week, and used the service to send bogus messages to users.

U.S. Senators Introduce Bi-Partisan Bill to Counter China Hacking Threat (SecurityWeek, Jan 08 2019)
As concern over the full cyber purpose of China and its state-sponsored hackers grows, two senators have introduced a bi-partisan bill aimed at protecting U.S. technology and economic supremacy.

Kaspersky Lab Helped US Nab NSA Data Thief: Report (Dark Reading, Jan 09 2019)
But this new development unlikely to do much to clear government suspicions about security vendor’s ties to Russian intelligence, analyst says.