The role of marketing in cybersecurity
This is from an interview with Theresa Payton, former CIO of the White House, who offers interesting comments and observations around the role of marketing and why CMOs need to work closer with CISOs:
My pushback has been for some time that this is a wake-up call for the security side. The reason these colossal security systems don’t work is because we don’t design for humans. We design the perfect systems and then we claim that the users are making the mistakes.
- The Equifax Breach: Former White House CIO Believes Marketers Need To Be Engaged In Cybersecurity | Forbes
Public speaking for academic economists
The title of this is probably the furthest thing you might expect from information security, but it made my list this week because it is actually very relevant. Just like academics, information security professionals often have to convey complex concepts to non-security professionals. This deck lays out a lot of very useful points that are worth bearing in mind.
- Public speaking for academic economists | Dropbox link
Equifax woes continue
The UK financial regulator is stepping into the mess following the huge breach at Equifax. The regulator has said it is investigating the circumstances – and has the potential to fine or even revoke the company's right to operate in the UK.
- UK financial regulator confirms it is probing Equifax mega-breach | The Register
- Equifax under FCA investigation over data breach | The Telegraph
- FCA launches probe into Equifax | Financial Times
Ghost of scammers
In a story that proves that nothing is sacred to scammers, a Louisiana-based funeral home had its email account taken over and scam emails sent out to customers and suppliers asking for money.
If a funeral home isn’t safe from hackers, who is?
- Hackers Take Over Funeral Home's Email Account and Run Online Scams | Bleeping Computer
Google testing Android feature to hide DNS requests
Google has added support in Android for an experimental feature that will encrypt DNS requests and prevent network-level attackers from snooping on user traffic. This new feature is named "DNS over TLS," an experimental protocol currently receiving comments at the Internet Engineering Task Force (IETF), an Internet standards body.
- Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit | XDA Developers
- Google testing Android feature to hide DNS requests | Bleeping Computer
- THIS experimental Android feature prevents hackers from spying on user traffic | International Business Times
Czech election websites hacked, vote unaffected
The websites used for presentation of the Czech Republic's election results were hacked, the Czech Statistical Office (CSU) said on Sunday, adding that the vote count was not affected. But they would have to say that wouldn’t they?
- Czech election websites hacked | CNBC
- DDoS attack takes Czech election sites offline | Infosecurity magazine
It’s not the first time the Czechs have made the news for being on the wrong side of a hack. Back in January, the governments accused a “Statelike actor” of infiltrating the Czech Foreign Ministry and gaining access to emails belonging to foreign ministers and colleagues.
- Czech Government Suspects Foreign Power in Hacking of Its Email | New York Times
The dark web’s most notorious thief, Phishkingz, gets doxxed
The most feared thief on the dark web has been exposed by a vigilante hacker, proving that no one is safe in the lawless underbelly of the internet.
Maintaining separate identities online can be tough even for the most hardened criminals, and a small mistake can lead to lead to real identities being exposed, as occurred in this case.
- The Dark Web’s Most Notorious Thief, Phishkingz, Gets Doxxed | The Daily Beast
Millions of Malaysian citizens allegedly for sale online
The personal data of "millions" of Malaysian citizens has reportedly been listed for sale online in what could potentially be the biggest information leak in the country's history. According to Malaysian technology website Lowyat, which has published screenshots of the exposed citizen data, an unknown seller was caught advertising the leak on its forums.
- Hacked personal details of millions of Malaysian citizens allegedly for sale online | International Business Times
Platform Security Architecture for IoT
Arm has unveiled Platform Security Architecture (PSA) to act as a common framework to enhance the security of IoT devices.
It’s a good move, and long overdue. How successful it will be is still to be seen. It probably won’t affect the large number of devices already out in the wild, but hopefully will stem some of the tide of awfully insecure IoT devices that are being manufactured today.