Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.
The Tanium 10 for the week ending December 1, 2017:
- Bet your Thanksgiving was better than Imgur’s. On Thanksgiving Day, data breach notification service Have I Been Pwned informed the online image sharing community about a hack of 1.7 million email addresses and passwords dating back to 2014. While many of us were enjoying holiday turkey with friends and family, Imgur’s security team got busy resetting passwords and alerting users about the breach. Troy Hunt, operator of Have I Been Pwned, described Imgur’s response as “exemplary.”
- Wondering what you’re worth? Robert Half’s 2018 Salary Guide reveals (surprise!) cybersecurity pros who have loads of experience and expertise can command top-tier salaries. A word of caution: many CIOs say top talent seek higher salaries than they’re able to offer.
- “It’s utterly confounding,” is how Philip Reiner, a former senior director at the U.S. National Security Council, responded when the Associated Press — not the Federal Bureau of Investigation (FBI) — notified him that he was a target of Kremlin-linked hackers in 2015. Apparently, the FBI did not tell scores of U.S. officials that Russians were trying to break into their Gmail accounts.
- Maybe it’s altitude sickness? A security flaw has been uncovered in High Sierra, Apple’s latest macOS. The glitch allows access to the system administrator account on a target machine without a password. The company pushed out a software update to address the issue mid-week.
- The U.S. Supreme Court takes up a case centering on whether law enforcement needs a warrant to access cell tower records that could reveal a suspect’s whereabouts. Carpenter v. the United States seeks to reconcile precedents set in the days of rotary dials and phone booths with today’s ubiquitous smartphones. The genesis of the case is a series of armed robberies in which Timothy Carpenter played a role in stealing… wait for it… smartphones.
- Necurs, the world’s biggest email spam botnet, launched a sophisticated malware attack capable of putting millions of computers at risk unless a bitcoin ransom was paid. Fortunately, email subject lines, addresses, and the messages, themselves, were riddled with spelling and grammatical errors, which may have served as warning signs to those who got this spam.
- Siemens, Moody’s, and Trimble experienced the theft of hundreds of gigabytes of data according to a just-unsealed indictment charging three employees of a Chinese internet security firm. The trio used the UPS Backdoor Malware to gain unauthorized access to the targeted companies’ networks. The malware is tied to the Chinese government.
- A year after the U.S. government set security and technical requirements for hundreds of popular federal websites, the sites continue to fall short. The 2nd edition of the Information Technology and Innovation Foundation’s Benchmarking US Government Websites report found 91% of the 469 sites reviewed fail at least one key performance measure, including one-third that fail on at least one important security measure.
- December brings cooler temperatures, holiday shopping sprees, and predictions for the year ahead. Here’s a list of 60 Cybersecurity Predictions for 2018. Prognostications include infrastructure attacks, authenticity (a.k.a. fake news), privacy, General Data Protection Regulation, the Internet of Things, Artificial Intelligence, cryptocurrencies, biometrics, and the persistent cybersecurity skills shortage.
- Along with open tech jobs going unfilled, there’s a gender imbalance. In the U.K., only 17% of tech and telecom workers are women. More than 90 companies there, including Accenture, Cisco, Dell, and HP, have joined the Tech Talent Charter to promote greater gender diversity in the tech workforce. Charter members will change how they recruit, retrain, and retain women.
And another thing…
If lengthy spells spent gazing at computer screens make your eyes feel dry and uncomfortable, you can have your eyelids shaved. Residents of a central China city swear by the practice, performed by a steady-handed street barber. A local ophthalmologist claims the technique unblocks moisturizing glands around the rim of the eyelid. We’ll stick with our eyedrops, thank you.
Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.