Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.
The Tanium 10 for the week ending February 9, 2018:
- The cybersecurity skills shortage is taking its toll, according to a report from ESG and the Information Systems Security Association (ISSA), which surveyed 343 cybersecurity professionals. Nearly two thirds of respondents (63%) say the cybersecurity skills shortage has increased the workload on existing staff, and 38% say it has led to high burnout rates and staff attrition.
- As the 2018 Winter Olympics unfolds, state-sponsored actors, cyber-criminals, and your run-of-the-mill phishers have been busy attacking, hacking, and scamming attendees to the South Korean event and other would-be victims. Experts urge gold medal-caliber vigilance. Let’s do all we can to keep those hacker scorecards at 0.0, folks.
- More than 8,600 people in 78 countries purchased LuminosityLink spyware before authorities in the U.K. and Europe were able to successfully halt its sale and shut down the service.
- A researcher has applied natural language processing techniques to 15,000 RSA “call for paper” submissions over the past decade to reveal some fascinating trends.
- The volatility of bitcoin is spooking members of the U.S. Senate Banking Committee. The lawmakers will hold hearings next Tuesday intended to understand what efforts are required to regulate virtual currencies and protect consumers.
- Let’s get patching. Researchers at Cisco Talos say hackers known as Group 123 exploited a zero-day flaw in Adobe’s Flash Player to weaponize Excel spreadsheets, which were used to deliver the ROKRAT remote-admin tool. Adobe and Microsoft have issued patches.
- If you’re thinking of tapping your bug bounty funds to pay a hacker’s ransom, think again. John Flynn, Uber’s CISO, was taken to task by members of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security for the company’s handling of a 2016 breach. Uber revealed in November 2017 that it paid $100,000 to delete data of 57 million users worldwide. The malicious actors were paid through HackerOne, which hosts Uber’s White Hat bug bounty program.
- To paraphrase Steve Jobs, someone has put a dent in Apple’s universe. The source code for iBoot — the part of iOS responsible for ensuring a trusted boot of the operating system — was posted on GitHub. Apple filed a copyright takedown request to force GitHub to remove the code.
- Senator Orrin Hatch (R-Utah) introduced the Clarifying Lawful Overseas Use of Data (CLOUD) Act. Federal law currently doesn’t specify whether the government can demand that U.S. companies give it data they have stored abroad. This bill would close the loophole, while aiming to make it easier for U.S. officials to create bilateral data sharing agreements with foreign law enforcement.
- The U.K.’s Government Communications Headquarters (GCHQ) stymied some 54 million cyber attacks in 2017, and took down more than 121,000 unique phishing sites, including more than 2,900 masquerading as UK government entities. Despite a 50% growth in phishing schemes globally, the share of such U.K.-hosted sites dropped from 5.5% to 2.9%. Well done!
And another thing…
Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.