Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.
The Tanium 10 for the week ending January 19, 2018:
- A creepy form of Android spyware called Skygofree has been revealed by security researchers. Among other tricks, the spyware is designed to steal WhatsApp messages via Android’s Accessibility Services and to connect infected devices to attacker-controlled Wi-Fi networks.
- Cyberattacks and data fraud/theft are two of the top five risks identified in the World Economic Forum’s Global Risks Report 2018. The report is based on a survey of 1,000 experts around the world and precedes the organization’s annual meeting in Davos, Switzerland.
- Even as Intel continues to address the Meltdown and Spectre microprocessor vulnerabilities, a security researcher has discovered a new flaw which could allow an attacker to take over a laptop in under 30 seconds. The issue involves the company’s Active Management Technology (AMT), which is used by corporations to remotely manage deployed laptops.
- WPA3, a new security protocol due this year from the Wi-Fi Alliance, will include five key enhancements: protections from weak passwords; simplified device configuration for those with limited or no display interface; strengthened user privacy in open networks; a 192-bit security suite; and a more secure handshake to remove the threat of dictionary attacks. Stay tuned.
- What to do in the event of a catastrophic cyber attack? Nuke ‘em! That’s thinking contained in a Pentagon-developed document, the Nuclear Posture Review, being reviewed by The White House.
- KrebsOnSecurity shared with readers the tale of someone who received a physical ransom note — on paper and delivered via snail mail — demanding payment in bitcoin to avoid disclosure of a supposed extramarital affair. What’s next, malware-infected boomboxes?
- A majority (70%) of the 150 U.S. government IT professionals surveyed by MeriTalk believe that, in 10 years, most federal agencies will rely on hybrid cloud environments to power core applications. Respondents say their No. 1 cloud challenge is to expand security measures and policies to cover cloud environments.
- Security concerns — prompted by ties between the Chinese government and telecom companies Huawei and ZTE — led U.S. Congressman Mike Conway (R-Texas) to introduce the Defending US Government Communications Act. The aim of the bill is to ban U.S. government agencies from using equipment from the two companies.
- Google is expanding its cloud infrastructure with three new undersea cables and five new regions. The new cables will link Los Angeles to Chile, the U.S. east coast to Denmark, and Hong Kong to Guam. The company will open the Netherlands and Montreal regions first, in first quarter 2018, followed by Los Angeles, Finland, and Hong Kong.
- Is a lack of focus making us all unsafe? Security professionals are overwhelmed by the number of security threats they’re receiving. Threat hype is taking attention away from more serious threats, and bad threat intelligence is skewing our focus.
And another thing…
Ever wonder what the world would look like if migrating birds left trails in the sky? This photographer shows us – and the results are awe-inspiring.
Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.