The Tanium 10: Meltdown and Spectre Chip Vulnerabilities | Anonymous Helps Traffic Scofflaws

Susan Nunziata Posted on 01.05.18 — by Susan Nunziata

Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.

The Tanium 10

The Tanium 10 for the week ending January 5, 2018:

  1. Meltdown and Spectre. Those are the names given to two major vulnerabilities in microprocessors from the last decade. WindowsMacOS, even Linux devices are affected. (Shameless Tanium plug: Our Chief Security Architect Ryan Kazanciyan tells us how Tanium can help.)
  2. From the land of Ferraris and Lamborghinis comes news of an interesting hack by Anonymous. Seems they broke into the Correggio police department’s database and deleted the entire archive containing speed camera tickets.
  3. Leadership gap: 84% of U.S. healthcare providers lack a reliable enterprise leader for cybersecurity matters, according to a Black Book survey of 323 strategic decision makers. The survey also found only 11% of respondents plan to get a cybersecurity officer this year.
  4. A bipartisan group of United States senators is advancing the Secure Elections Act, a bill aimed at eliminating insecure paperless voting machines. For years, security experts have advised lawmakers electronic voting machines are prone to hacking from foreign governments. Ya think?
  5. Many of the 700,000 internet-connected Internet of Things devices running GoAhead, a web server, are prone to remote attacks. The server is used by BoeingD-linkHPIBMMotorola, and Oracle, according to its developer. But wait, there’s more! The problem could exist in other services as well.
  6. Adoption of Domain-based Message Authentication, Reporting and Conformance (DMARC) is increasing within the United States government. The protocol protects email integrity and authenticity. Pundits ponder whether DMARC will make inroads within the commercial enterprise environment as email-related calamities seem as plentiful in the private sector as they are in the public one.
  7. Long read of the weekHow Antivirus Software Can Be Turned Into a Tool for Spying.
  8. In case you were wondering: there will not be a watershed 9/11 attack on the U.S. electric grid in 2018, according to Lila Kee, a general manager with GlobalSign, a certificate authority and provider of identity service solutions. Reasons for this upbeat view include a resilient grid, increasing reliance on microgrids, and the fact that known attacks, to date, have not disrupted operations.
  9. Forever 21 — a clothing retailer catering to young women seeking hip, affordable garments — is less than hip from a security standpoint. The company revealed that from a malware infection on its point of sale terminals had been swiping payment card detailsfrom April 3 to November 18, 2017. The encryption tools the chain had installed to secure sales were not running on the infected systems.
  10. A new year brings new cybersecurity challenges and opportunitiesAlexander Poizner, a security expert and entrepreneur, offers his predictions for 2018, including AI-powered attacks, reduced sandboxing technologies effectiveness, and cyber-hijacking. The next 360 days look like they’ll be interesting.

And another thing…

Mama said there’d be days like this. After being delayed over an hour at takeoff, a passenger on a Ryanair flight from London to Malaga, Spain, couldn’t handle sitting on the tarmac for another 30 minutes after landing. So he popped open an emergency exit and strolled out across the plane’s wing, suitcase in hand, before being arrested by airport police.

Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.