Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think.
The Tanium 10 for the week ending September 29, 2017:
- GoldenEye is the title of a James Bond film from 1995. It’s also the name of a new strain of the Petya ransomware wreaking havoc at enterprises across the globe. Its presence suggests more challenges ahead with this malware.
- Turns out anonymous location data is anything but. A look at a month’s worth of two different users’ anonymized location data produced individual profiles that were surprisingly revealing and demonstrate how “anonymous” data can be used to identify individuals.
- The quality of coding skills shown by hackers allied to Daesh/ISIS is “garbage.” That’s the takeaway of an analysis offered by Kyle Wilhoit, a senior security researcher at DomainTools.
- The revelation of recent cyber attacks begs the question why is there such a time lag between a breach and public disclosure? The simple answer: every element of every situation is distinct.
- Are you doing all you can to help your board of directors make cybersecurity a central part of your company culture? With every data breach, calculating and mitigating risk is crucial to an organization’s success and survival.
- NovaLabs, a digital platform from WGBH, Boston’s public TV station, is designed to foster a lifelong interest in scientific exploration. Its latest offering? Cybersecurity Lab, which offers a multi-faceted learning experience for educators, students, and anyone intrigued with fighting hackers. We’re betting even the most hardened security veteran will find the content compelling.
- From the when ships at sea think they’re on land files: Several vessels in Russian waters had their GPS signals spoofed to suggest their weren’t on water. GPS experts suggest the disruption is the result of efforts to protect sensitive Russian sites from surveillance and attacks by drones.
- After disclosing a 2016 breach last month, the Securities and Exchange Commission (SEC) said it will get more serious about cybersecurity, hiring additional security staffers. The move occurs as the SEC acknowledges the breach may have allowed hackers to make illegal profits by trading stocks.
- While we’re on the topic of stock trades…Alejandro Hernandez, senior security consultant at IOActive, found most mobile stock trading apps have oodles of security holes. Nearly 20% of the examined apps exposed user passwords in clear text, allowing an attacker to easily log in to trade stocks or steal money.
- In a radical shift from the company’s longstanding philosophy of eating its own dogfood, IBM’s CIO Fletcher Previn is going all-in on the consumerization of IT. He’s providing the company’s 400,000 employees with devices like Mac computers and productivity tools like Slack and Box — things most folks are long accustomed to using in their personal lives.
And another thing…
Nail-biters take note: A salon owner in Melbourne, Australia is taking manicures to a place that’s part avant garde and part goth. She adorns the fingertips of her clientele with dead bugs. If that’s not a deterrent to nail-noshing, we don’t know what is.
Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.