The Tanium 10: Meltdown & Spectre Fallout Continues | 12 Cloud Risks To Beware In 2018

Susan Nunziata Posted on 01.12.18 — by Susan Nunziata

The Tanium 10 news that matters most to cybersecurity and IT professionals.

Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.

The Tanium 10 for the week ending January 12, 2018:

  1. In the wake of Meltdown and Spectre, the microprocessor vulnerabilities which have made life, er…, “interesting” for IT and cybersecurity teams everywhere, Intel has created a new unit, called Intel Product Assurance and Security. Run by a long-time Intel HR executive, its aim is to work the issue from all angles. Meanwhile, a new security patch from Microsoft for AMD-powered computers has a unique way of protecting users from hackers: it renders AMD-equipped devices unusable. Apparently, this wasn’t the intended consequence.
  2. Shameless Tanium Plug: Meltdown & Spectre Edition. We’ve been working tirelessly to help our customers deal with the vulnerabilities. Here are three resources we hope will help you in your efforts: overview of the situation, and how Tanium can help, from our Chief Security Architect Ryan Kazanciyan; detailed guidance from our technical account managers in our Tanium User Community; and an FAQ which we’ll continue to update as the situation evolves.
  3. The Cloud Security Alliance brings us the Treacherous 12 (registration required): the dirtiest dozen risks related to shared, on-demand cloud computing. The top 3, in order of severity, are: data breaches; Insufficient identity, credential and access management; and insecure interfaces and APIs.
  4. Even with warrants, the Federal Bureau of Investigation was unable to gain access to the content of 7,775 devices in fiscal 2017, according to director Christopher Wray. In a presentation at Fordham University, Wray called this a “major public safety issue.”
  5. For less than $10, you can access all sorts of personal data from India’s Aadhaar, the world’s largest repository of citizen information. The massive biometric ID system contains information on nearly 1.2 billion people, and it keeps getting hacked. If you’re looking for a case study on things to avoid in data aggregation and protection, this is it.
  6. Users of the Wag Labs smartphone app, the so-called Uber of dog walking, have reason to bark. Seems the service exposed customer information that could have enabled thieves to break into homes. Grrrrrr.
  7. To hoard or to disclose? That is the question the U.S. Congress aims to answer with the Cyber Vulnerability Disclosure Act.
  8. Enter for a chance to win…malware? Some 250 winners of a cybersecurity quiz given by the Taiwanese Criminal Investigation Bureau were awarded a nifty flash drive. Unfortunately, more than 50 of the drives contained a virus which can steal personal data and has been linked to fraud.
  9. Massive data breaches have done little to spur real legislative action on the part of the U.S. Congress. Sen. Tom Carper (D-Del.), a member of a Senate working group that has worked for years to come up with data breach legislation, says, “Every time another shoe falls, I think, ‘Ah, this is it. This will get us galvanized and pull together and march in the same direction.’ Hasn’t happened yet.” How many shoes need to fall?
  10. As anyone who has served in the military knows, war games are crucial exercises to test tactics and improve skills. Such exercises are becoming increasingly popular in the cyber fight as well. Jason J. Hogg, chief executive of cyber solutions at Aon, tells The Financial Times “Many industries, especially highly regulated ones like financial services and healthcare, are increasingly adding those scenarios to their gaming exercises.”

And another thing…

This is not what we mean by “drive through.” An inebriated man in Russia stole an armored personnel carrier, drove it into the window of a convenience store, and clambered over the rubble to grab a bottle of wine. Nasdarovje!

Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.