The Tanium 10: Attack of the KRACK | Cybersecurity: It’s Where the Jobs Are

Susan Nunziata Posted on 10.20.17 — by Susan Nunziata

Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.

The Tanium 10

The Tanium 10 for the week ending October 20, 2017:

  1. Mathy Vanhoef, a researcher at the University of Leuven, Belgium, discovered a bug in software used to connect wireless devices that lets hackers snoop on Wi-Fi traffic. Vanhoef calls the hack a Key Reinstallation Attack, or KRACK. He’s set up a website that explains everything about this attack of the WPA2 protocol. Gotta say, this is whack.
  2. Now they tell us? Microsoft’bug-reporting and patch-tracking database was hacked in 2013. However, the company did not disclose the breach until this week.
  3. Good news, job seekers. The Global Information Security Workforce (GISW) study asserts there will be a shortfall of 1.8 million cybersecurity workers globally. The U.S. Bureau of Labor Statistics predicts a 36% increase in demand for workers in cybersecurity, 2X the level of other digital segments.
  4. The U.S. Department of Homeland Security (DHS) got a big thumbs up from the Global Cyber Alliance for a Binding Operational Directive focused on bolstering email and website security for all federal agencies that operate .gov email and website domains.
  5. Google offers industrial-strength protection for security slackers. The company launched an “advanced protection” setting for Google accounts, which aims to make it difficult for hackers to break into sensitive data on any Google property. Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology says: “Even for people with very limited technology chops, this is a way for them to have an extremely protected profile.
  6. When is an email address like a password? When you log on to PledgeMusic, a site that’s like Kickstarter for musicians. A security bug allowed access with an email; credit card info was exposed. Rock on.
  7. RedLock, a cloud-monitoring firm, reports organizations aren’t securing their AWSAzure, and Google Cloud Platform systems. This lets bad guys steal processor cycles. Apparently, admins aren’t bothering to change from default creds. It’s all about the basics, folks.
  8. FBI Special Counsel Robert Mueller interviewed Matt Tait, an information security expert formerly with the U.K.’s Government Communications Headquarters, now with the Straus Center for International Security and Law at the University of Texas. It’s the latest part of Mueller’s examination into election-related email hacks and thefts, and other forms of espionage that might have influenced the 2016 Presidential electronic. Spy novelist John LeCarré can’t top this.
  9. The Dutch Data Protection Agency (DPA) claims Windows 10 is a lawbreaker.The DPA says Microsoft does not make clear what the company does with the data Windows 10 collects, preventing users from giving their informed consent. If the company fails to meet the DPA’s demands, it will face sanctions.
  10. Domino’s supplier in Australia fessed up to a breach that put pizza-ordering consumers on spam lists. No matter how you slice it, that’s a cheesy thing to do.

And another thing…

Firefighters in Baltimore thought they were facing a hazardous materials situation when called to help with a high school evacuation after many students fell ill. Turns out the cause was pumpkin spice scented air fresheners. Pumpkin spice has officially jumped the shark.

Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.