Welcome to The Tanium 10, our weekly roundup of the news that matters most to cybersecurity and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.
The Tanium 10 for the week ending November 10, 2017:
- For a mere $1,200 you, too, can buy a stolen digital code-signing certificate on the dark web. That’s one finding of a recent study by the Cyber Security Research Institute (CSRI). The practice is more common than previously thought.
- Forrester Research offers the top six changes to the cybersecurity landscape it expects for 2018. Among the highlights: governments will no longer be the sole providers of verified identities; IoT attacks will be financially driven; point-of-sale systems will be ransomware targets; the US 2018 elections may be undermined by cybercriminals; blockchain will surpass AI in venture funding; and, firms that deal too aggressively with insider threats will face lawsuits and General Data Protection Regulation fines. Happy New Year?
- Americans can’t seem to find the time for two-factor authentication (2FA). Duo Labs found only 28% of the 443 adults it surveyed use 2FA. Looks like there aren’t many “belt-and-suspenders” types in the U.S.
- File under “No tragedy goes unexploited.” Kremlin-linked hacking group APT28 launched a phishing campaign exploiting last month’s terrorist attack on a popular bike path in lower Manhattan. The campaign exploits a vulnerability in Microsoft Office’s Dynamic Data Exchange.
- Ethereum delirium, eh? Parity Technologies disclosed a vulnerability affecting multi-sig wallets, a technology which uses the consent of multiple parties for additional security on transactions. The issue has frozen potentially hundreds of millions of dollars of cryptocurrency.
- Chief Judge Robert E. Morin ruled the U.S. Department of Justice “does not have the right to rummage” through the files of Disruptj20 nor the logs of its hosting provider DreamHost.
- The United States Department of Homeland Security’s US-CERT has issued a warning about cryptographic weaknesses affecting the IEEE P1735 standard. Among the weaknesses is the ability for an attacker to recover the entire underlying plaintext IP.
- Does cybersecurity have a talent retention problem? Dr. Andrea Little Limbago, chief social scientist at Endgame, polled 300 cyber-pros to identify the three key reasons people leave their cybersecurity jobs: burnout, workplace culture issues, and lack of clear career paths.
- As many in America exercised their right to vote this week, Senators Martin Heinrich (D-New Mexico) and Susan Collins (R-Maine) introduced the Secure America’s Voting Equipment (SAVE) Act. The bill proposes a “Hack the Election” contest, which would encourage participants to hack into non-active state election systems and discover vulnerabilities. What could possibly go wrong?
- The 13.4 million documents in the Paradise Papers — a compendium of how the world’s rich-and-famous hide their wealth — came to light as a result of a hack of the Appleby law firm. We now know more than we may have wanted to about the finances of England’s Queen Elizabeth II, race car driver Lewis Hamilton, and U2 frontman Bono. What we still don’t know is who was behind the hack.
And another thing…
The fears of an elderly man in Bretten, Germany were squashed after he learned the unexploded World War II bomb he thought he found in his garden was actually a 16-inch, 11-pound zucchini. Police responding to the 81-year-old gentleman’s panicky call reported it did look like a bomb. Listen up, kids: bomb scares are not reason enough to avoid your veggies.
Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.