Happy new year to you all! Here in Massachusetts, we are being hit with our first snowstorm of the year, and it is a magnificent sight—crisp, white, untarnished snow, blanketing the earth and hugging the trees. My girls don’t have school, so they’re cuddled up with hot chocolate and popcorn watching a movie. I share these feelings of bliss with you because it’s so important to try and find joy in the small moments.
Let’s face it; the cybersecurity industry can sometimes appear muddied with bad news. UK’s National Health Service (NHS) issued an alert warning that hackers have been exploiting Log4Shell in VMware Horizon. The FBI released a warning about Google Voice authentication scams, and an iPhone malware could allow remote attackers to spy on devices.
What’s equally concerning is that this constant barrage of vulnerabilities, risks, and threats can lead to burnout. Knowing that we need to recruit and retain cybersecurity professionals, I was pleased to read about the specialized cybersecurity training opportunities available through the Army. Additionally, Sounil Yu penned a piece in Dark Reading encouraging readers to “consider new ways of thinking about jobs within the cybersecurity field and the appropriate institutional structures that need to be in place to rapidly increase the available workforce.”
For more on the topics of preventing burnout and workforce development, you can explore sessions available on-demand in our Library. Now let’s take a look at what else made cybersecurity headlines this week.
Jan. 7: According to Reuters, “Police in the southern Chinese city of Shenzhen discovered 19 ‘vulnerabilities’ in Walmart’s (WMT.N) network system in late November and accused it of being slow to fix the loopholes, the China Quality News, backed by the country’s market regulator, reported on Wednesday.”
Jan. 6: Chainalysis issued its 2022 Crypto Crime Report, which found, “Cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020.”
Jan. 6: Politico’s Eric Geller wrote, “The cyber community’s scramble to address major vulnerabilities in the widely used code library Log4j is just the latest wake-up call about the security risks of the open-source software ecosystem — and it’s fueling new calls for more government support in plugging those gaps.”
Jan. 5: The New York attorney general’s office issued the results of a months-long credentials stuffing attack investigation, which “found credentials for more than 1.1 million online accounts at 17 major retailers, restaurant chains and food delivery services in internet forums.”
Jan. 4: The Federal Trade Commission issued a blog advising, “It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”
Jan. 4: Google announced that the company acquired Siemplify, an Israeli threat detection company.
Jan. 4: CISA is continuing to work with state officials in an effort to augment cybersecurity programs and has established a network of 50 federal cybersecurity coordinators toward that end.Jan. 3: The Cybersecurity 202 suggested that the industry is kicking off the new year in crisis mode because of the Log4j bug.