The Tanium 10: Time To Bridge The Cybersecurity Gaps | Banks Seek Safety in ‘Sheltered Harbor’

Susan Nunziata Posted on 12.08.17 — by Susan Nunziata

Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think. See something you’d like to discuss further? Join the conversation in our Tanium User Community.

The Tanium 10

The Tanium 10 for the week ending December 8, 2017:

  1. It’s time for cybersecurity teams to build bridges of collaboration and communication across the rest of the organization, writes Christopher Rogers, Senior Vice President of Information Technology and Security at Sykes Enterprises, in Forbes. He suggests “…people are still essential to the process: judgment, education and action make humans simultaneously the most important part of the security chain and its weakest link.
  2. Earlier this year, 34 major financial institutions — collectively representing a significant percentage of the retail banking and brokerage accounts in the U.S. — banded together in an effort dubbed the Sheltered Harbor. The initiative, which began to gain public attention this week, aims to institute ways to prevent a bank from being crippled by an attacker.
  3. That fix to Apple’s MacOS root bug may not be a fix after all. The company advises: “If you recently updated from macOS High Sierra 10.13 to 10.13.1, reboot your Mac to make sure the Security Update is applied properly.”
  4. Apparently, even bad guys believe in excellent customer service. After it was taken offline by Dutch authorities, Leakbase — a seller of billions of hacked usernames and passwords known for its impressive customer support — politely redirected visitors to a legitimate breach alert service for assistance after it was taken offline. The organization’s Twitter account also offers advice on how customers can apply for a refund of any unused balances stored on the site. Dutch police shut down the site in connection with a dark web drug marketplace called Hansa.
  5. While acknowledging the progress made in moving beyond simple usernames and passwords, identity and access management leaders from several U.S. federal government agencies say their work is far from done. One exec observed “…the increasing complexity of the IT environment is making identity management even more challenging, and agency leaders are not necessarily keeping up.”
  6. Mailsploit looks to be the best faker for email phishing schemes. Sabri Haddouche, a security researcher, demonstrated how it can spoof email in 12+ email clients. It combines the bugs in those clients with quirks in how operating systems handle various elements of the email process. Notably, Mailsploit lets a fraudster send an email that looks like it’s from any address they choose. Think potus @whitehouse.gov. Sad!
  7. Uncle Cyber Wants You! The U.S. Army launched a program aimed at recruiting more “cyber operators” to fill gaps in the force. Individuals with tech experience can apply to be directly commissioned as an officer in U.S. Army Cyber.
  8. The personal information of 1.6 million customers of TIO Networks may have been compromised, according to PayPal, which acquired the bill payment platform in July for $238 million. Buyer’s remorse?
  9. To prevent cyber-conflict, there needs to be inter-government agreements in place. That’s the view of Chris Painter, the first and former coordinator for cyber issues at the U.S. State Department, who gave the kick-off keynote at this week’s Black Hat Europe. Further, by asking for a show of hands, he determined few attendees feel governments are doing a good job of talking to the security industry about threats and problems.
  10. Busted! One day after dismantling the Andromeda botnet, a global police task force, including U.S. law enforcement officials, arrested Sergey Jaretz, the mastermind behind the zombie computer network. Created in 2011, Andromeda was detected on an average of 1 million machines every month over the last six months.

And another thing…

Having a hard time finding the perfect Christmas tree at your local lot? Blame it on the Great Recession of 2008. With the financial downturn, fewer people bought the conifers. As a result, farms grew fewer trees. Since it takes time for them to grow to proper height, some parts of the U.S. are seeing as much as a 60% shortfall of trees.

Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.